What is API?
An API is an Application Programming Interface which allows various systems to communicate, share data, and achieve other functionality.
Below picture shows how an API is used to perform a user query on a website by connecting to a web service which queries a large database.
What is API testing?
API testing involves testing Application Programming Interfce (APIs) directly (in isolation) and as part of integration testing. Unlike GUI testing, API testing mainly concentrates on the business logic layer of the software architecture. API testing wont include testing for the look and feel of an application.
Why do we need API testing?
API testing helps is earlier validation of the functionalities before the user interface is ready. Once the logic is designed, API tests can be created to validate the responses and data from various systems
Unlike GUI tests, API tests are easy to maintain. API tests need not be updated each time when there is a change in the UI. Refactoring API test is much more controlled and infrequent
API tests are isolated test which makes it faster and easier to execute. It makes it easy and quick to identify and resolve the bugs is in the system.
What are the types of API testing?
Unit Testing - This involves APIs with a single request, requiring checking for a single response or a set of responses. Here a single endpoint is tested.
Integration testing - This is the most often used form of API testing, where the integrations between internal or third-party services are tested.
Performance Testing - This type of test is to validates how an API handles a large volume of requests over a short period.
End-to-End Testing - Validates the interaction between 2 or more API connections
Tools used for API Testing
Few popularly used tools for API testing are:
Katalon
Postman
Rest Assured
Soap UI
Apache JMeter
Test Cases for API testing
Specific output: This is to test the response received for the request sent. The output includes validating the status of the response and data retrieved from the response. For instance, when the user sends a gift from india to USA in Amazon, the product listed in Amazon-US is in USD. But the user pays for the purchase in INR. The API testing will ensure that the currency conversion is correctly performed.
No data returned: When the response has no return value, the API status has to be validated
Interaction with other API: When the response from one API test is the input for another request, both API needs to be validated
Modification of resources: When the API call modifies the data in the system, the system needs to be validated after the modification.
Commonly used Request
The popular kinds of API request methods: GET, POST, PUT, PATCH, and DELETE.
GET method: This method is used to retrieve information or data from a specified resource. The response of a GET request can be any visible data to a client, such as HTML documents, images, and videos. To send a GET request, we should specify the URL of the resource we want to retrieve data from.
POST method: This method is used to send loads of data to a server from a specified resource. Most HTML forms on the web uses this type of request.
PUT method: This method is used to send updates to the specified resource with new data. Calling the same PUT request multiple times will always produce the same result.
DELETE method: This method deletes the specified resource at the origin of server
PATCH method: This method partially updates a specified resource
Dealing with Responses
API testing is based on a request with a corresponding response. In the response, a return code is received, along with any data. Lets understand what each return code represents
Success return Codes:
100 – Informational – This code represents that the request was received.
100 Continue
102 Processing
200 – Success – This code represents that the request was received and the response returned was success
200 – OK
201 – Created
202 – Accepted
203 – Non-Authoritative Information
204 – No Content
Error return codes
300 - Redirection – This code represents that the request is pending due to URL redirection and is waiting for client action
400 - Client error – This code represents that the request is invalid.
400 – Bad Request
401 – Unauthorised
402 – Payment Required
403 – Forbidden
404 – Not Found
500 - Server error – This code represents that an internal server failure occurred during a request
500 – Internal Server Error
501 – Not Implemented
502 – Bad Gateway
503 – Service Unavailable
Challenges in API testing
Few of the challenges in API testing are:
Test data management - Every time there are changes such as a new feature update or enhancements, it is necessary to keep track of the API tests and make the necessary updates
Understanding the Business app logic - Validating the API parameters correctly and setting up required checkpoints is an important step to avoid security or stability issues.
I've listed below the websites I referred for learning API testing and writing this blog.
References: I learnt the above mentioned details from the below websites
Comentarios