What is an API?
API stands for Application Programming Interface. APIs act as a software intermediary to enable two software components to communicate with each other.
How does APIs work?
API follows client server architecture. An application that is sending a request is called client, whereas the application sending the response is called server.
Types of APIs
APIs has evolved over a period of time. Let’s take a look are the different types of APIs.
REST (Restful) APIs
Most popular and common in use today.
An architectural style, not a protocol.
Uses HTTP functions such as — GET, PUT, POST, DELETE.
Client sends data to server, whereas server processes this input data using internal functions to return output data to the client.
It is stateless. Servers do not save client data.
WebSocket APIs
Modern web API development
Uses JSON objects to pass data.
Supports 2 way communication. While the client can initiate communication, the server can do ‘call back’ to the connected clients that normal APIs wont.
Efficient that Rest API.
SOAP APIs
Not popular and less flexible.
Uses Simple Objects Access Protocol.
Uses ‘XML’ objects to pass data.
Provides a higher level of security, suitable for financial institutions.
RPC APIs
Earliest form of APIs.
Uses Remote Procedure Calls.
Execute a block of code (procedure) on a different server.
Categories of APIs
Based on the boundary and scope of access, APIs are classified either as private or public.
Public APIs
These are ‘open’ to the outside world.
External developers use these APIs to build capabilities within their application.
Private APIs
These are ‘internal’ to an organization.
Restricted to select developers groups only.
What is Web API?
Any API when executed over HTTP, becomes a web API. It uses an open source framework. It is a concept, not a technology or architecture style or protocol. Web API in the time of Web 1.0 was synonymous with SOAP but in recent times, Web 2.0 is synonymous with REST.
API Creation: Stages
As a rule of thumb, every API goes through the following traditional development stages. Every stage is important.
Plan: Design the blueprint of the API based on use cases.
Build: Developers develop code based on design and prototype.
Test: Testing is key to prevent bugs, defects and cyber attacks.
Document: Providing a guide is a must for usability when it comes to API.
API Authentication
APIs can be accessed using many convenient methods. Below noted methods cover the most common ones.
None
Anonymous access. No need to authenticate.
Basic
Username & Password
Bearer/Token
API Key or temporary tokens will be used.
More secure.
OAuth
Authenticated using a 3rd party.
More secure.
SAML
Supports SSO based environments.
Preferred for larger organizations.
API Example
APIs can be accessed using a variety of methods and programming languages such as web browser, CURL, postman, python, java, etc. Below is an example of a simple public API accessed without authentication, via browser.
API Endpoint: https://api.genderize.io/ Parameters: name=sam & ?name=nancy
HTTP Method vs Operation:
Each http method does a specific operation. Based on whether it processes a specific item or a collection, and based on whether the operation is success or failure, one of the below HTTP responses will be returned by the API server back to the client.
HTTP Method / Operation / HTTP Response Code
POST / Create / 201 (Created), 409 (Conflict) GET / Read / 200 (OK), 404 (Not Found) PUT / Update,Replace / 200 (OK), 204 (No Content), 404 (Not Found) PATCH / Update,Modify / 200 (OK), 204 (No Content), 404 (Not Found) DELETE / Delete / 200 (OK), 404 (Not Found)
Popular APIs
APIs are present in anything and everything we consume daily through websites and mobile apps. Some popular APIs include,
Google Maps API
Weather API
Spotify API
Auth0 API
Twitter API
Benefits of API Testing
APIs form the integral part of all the critical applications, so, it is important to ensure these APIs are flawless, scalable and performant.
1. Functionality:
Unit tests are written to evaluate the business logic to ensure it functions as expected.
2. Performance: Simulate several requests to API endpoints to test if the API is performant with increased load.
3. Security: Check if the API endpoints are vulnerable to cyber attacks and ensure required protection is enforced.
API Testing Types
There are different types of API testing based on the testing objective. They are as follows.
Validation Testing
Functional Testing
UI Testing
Security Testing
Load Testing
Runtime and Error Detection
Penetration Testing
Fuzz Testing
API Testing Tools
In-order to test APIs, there are several testing tools available in the market, some are open source. Here is the most common list.
Testim
Postman
SoapUI
Apigee
Assertible
Karate — DSL
Rest Assured
JMeter
API Fortress
Hoppscotch
Rest Assured
Let’s discuss about Rest Assured.
Rest Assured enables you to test REST APIs using java libraries and integrates well with Maven. It has very efficient matching techniques, so asserting your expected results is also pretty straight forward. Rest Assured has methods to fetch data from almost every part of the request and response no matter how complex the JSON structures are.
Sample Rest Assured script
The syntax of Rest Assured.io is the most beautiful part, as it is very much behavior driven and understandable.
Given(). param("x", "y"). header("z", "w"). when(). Method(). Then(). statusCode(XXX). body("x, ”y", equalTo("z"));
Code Explanation:
Given() ‘Given’ keyword, lets you set a background, here, you pass the request headers, query and path param, body, cookies. This is optional if these items are not needed in the request
When() ‘when’ keyword marks the premise of your scenario. For example, ‘when’ you get/post/put something, do something else.
Method() Substitute this with any of the CRUD operations(get/post/put/delete)
Then() Your assert and matcher conditions go here
Conclusion
The API market is poised to grow to a $8.2B industry by 2027 — nearly doubling its 2021 size — as more businesses implement digital transformation solutions. APIs grant organizations the flexibility and agility to respond quickly to changing market trends or disruptions. It would be an advantage to learn API and stay competitive in the growing market.
Thanks for reading the blog. Hope it was useful.
Comentários