top of page

API Testing

What is API?

An API is an Application Programming Interface which allows various systems to communicate, share data, and achieve other functionality.

Below picture shows how an API is used to perform a user query on a website by connecting to a web service which queries a large database.

What is API testing?

API testing involves testing Application Programming Interfce (APIs) directly (in isolation) and as part of integration testing. Unlike GUI testing, API testing mainly concentrates on the business logic layer of the software architecture. API testing wont include testing for the look and feel of an application.

Why do we need API testing?

  1. API testing helps is earlier validation of the functionalities before the user interface is ready. Once the logic is designed, API tests can be created to validate the responses and data from various systems

  2. Unlike GUI tests, API tests are easy to maintain. API tests need not be updated each time when there is a change in the UI. Refactoring API test is much more controlled and infrequent

  3. API tests are isolated test which makes it faster and easier to execute. It makes it easy and quick to identify and resolve the bugs is in the system.

What are the types of API testing?

  • Unit Testing - This involves APIs with a single request, requiring checking for a single response or a set of responses. Here a single endpoint is tested.

  • Integration testing - This is the most often used form of API testing, where the integrations between internal or third-party services are tested.

  • Performance Testing - This type of test is to validates how an API handles a large volume of requests over a short period.

  • End-to-End Testing - Validates the interaction between 2 or more API connections

Tools used for API Testing

Few popularly used tools for API testing are:

  • Katalon

  • Postman

  • Rest Assured

  • Soap UI

  • Apache JMeter

Test Cases for API testing

  • Specific output: This is to test the response received for the request sent. The output includes validating the status of the response and data retrieved from the response. For instance, when the user sends a gift from india to USA in Amazon, the product listed in Amazon-US is in USD. But the user pays for the purchase in INR. The API testing will ensure that the currency conversion is correctly performed.

  • No data returned: When the response has no return value, the API status has to be validated

  • Interaction with other API: When the response from one API test is the input for another request, both API needs to be validated

  • Modification of resources: When the API call modifies the data in the system, the system needs to be validated after the modification.

Commonly used Request

The popular kinds of API request methods: GET, POST, PUT, PATCH, and DELETE.

  • GET method: This method is used to retrieve information or data from a specified resource. The response of a GET request can be any visible data to a client, such as HTML documents, images, and videos. To send a GET request, we should specify the URL of the resource we want to retrieve data from.

  • POST method: This method is used to send loads of data to a server from a specified resource. Most HTML forms on the web uses this type of request.

  • PUT method: This method is used to send updates to the specified resource with new data. Calling the same PUT request multiple times will always produce the same result.

  • DELETE method: This method deletes the specified resource at the origin of server

  • PATCH method: This method partially updates a specified resource

Dealing with Responses

API testing is based on a request with a corresponding response. In the response, a return code is received, along with any data. Lets understand what each return code represents

Success return Codes:

100 – Informational – This code represents that the request was received.

  • 100 Continue

  • 102 Processing

200 – Success – This code represents that the request was received and the response returned was success

  • 200 – OK

  • 201 – Created

  • 202 – Accepted

  • 203 – Non-Authoritative Information

  • 204 – No Content

Error return codes

300 - Redirection – This code represents that the request is pending due to URL redirection and is waiting for client action

400 - Client error – This code represents that the request is invalid.

  • 400 – Bad Request

  • 401 – Unauthorised

  • 402 – Payment Required

  • 403 – Forbidden

  • 404 – Not Found

500 - Server error – This code represents that an internal server failure occurred during a request

  • 500 – Internal Server Error

  • 501 – Not Implemented

  • 502 – Bad Gateway

  • 503 – Service Unavailable

Challenges in API testing

Few of the challenges in API testing are:

Test data management - Every time there are changes such as a new feature update or enhancements, it is necessary to keep track of the API tests and make the necessary updates

Understanding the Business app logic - Validating the API parameters correctly and setting up required checkpoints is an important step to avoid security or stability issues.

I've listed below the websites I referred for learning API testing and writing this blog.

References: I learnt the above mentioned details from the below websites

35 views0 comments

Recent Posts

See All


Obtuvo 0 de 5 estrellas.
Aún no hay calificaciones

Agrega una calificación
bottom of page