What is an API? API stands for Application Programming Interface. APIs are set of protocols that are needed for app development and integration for exchange of data between two different applications or softwares. API acts as center level between the database and presentation layer in software development procedure. How API’s work? Applications communicate through user interface. Let us consider there is an application A that wants to use a functionality of another application B, Application A calls the API of application B and specifies the functionality that it want to use. When application B receives the request it returns the requested functionality to application A.
Types of API’s There are four main types of APIs: Open APIs, these are also called as public APIs, anyone can access these APIs as they are publicly available. Partner APIs, these type of APIs require specific rights or licenses to access them as they are not available publicly. Internal APIs, these are known as private APIs. These APIs are specifically designed for internal use within a company to transfer data between teams and systems.As the data is being transferred internally these APIs are regarded as more efficient and secure. Composite APIs, in this type of API multiple APIs are combined to get a single response from multiple servers. If you need data from multiple application composite APIs are used. API Protocols: API protocols are set of defined rules for different types of API calls. There are three types of API protocols. • REST • SOAP • RPC REST Representational State Transfer: REST is an architectural style to provide standard between systems on the web. REST APIs are the most commonly used APIs across the internet because they provide simple and uniform interfaces. REST API helps to access web services in simple and flexible way. REST API uses HTTP for all the communication. Whenever a request is sent to a server from client using HTTP GET or POST or PUT or DELETE, and the response comes back in HTML, XML, image or JSON. Communication between Client and Server using REST: REST makes a request from a client to the server to retrieve or modify data on the server. The request consists of an HTTP verb ( defines the kind of operation to be performed), a header ( helps client to pass information about the request), a path to resource, optional message body containing data. The response from the server contains two parts, response body that contains data user requested for. The response is in JSON format. There will be no response if the user delete any data. The second part is the head that’s URL, IP address and much more.
HTTP Verbs GET: Retrieves information from a remote server. POST: Creates a new resource on the remote server. PUT: Updates data on the remote server. DELETE: Deletes data from the remote server. All the above methods are known as CRUD. Create, Read, Update, Delete.
￼ Four essential operations of REST APIs are • Receiving data in convenient format • Creating new data • Updating data • Deleting data SOAP Simple Object Access Protocol SOAP is a messaging protocol and it uses XML to encode information. Any application layer protocol including TCP, SMTP, HTTP or UDP can be used with SOAP. SOAP is developed in more structured and formalized way hence they are more complex when compared to REST APIs. This protocol includes security, authorization and error handling hence a more secure way to transfer messages. SOAP is extensively used in financial services, payment gateways, identity management and CRM solutions.
SOAP uses XML data format for the messages being sent and received by client and server and provide four distinct dimensions to the API protocol. • Envelope: It defines the structure of the message. • Header: It determines any specific or extra requirements for the message, e.g. authentication. • Body: This is where server send the XML data to the receiver. • Fault: It contains the information of the error that occurred during message processing. REST vs SOAP:
RPC Remote Procedure Call This protocol specifies the interaction between client-server based applications. RPC APIs executes scripts on a server unlike REST and SOAP which transfers data. The call to an RPC API can be performed using a JSON-RPC protocol or XML-RPC protocol. API Testing: API testing is a series of QA activities that sends call to the API, gets the results and validate them. API testing is done to check whether API is giving expected results, performance of API, if it is secure or not. Application is made up of three layers. API testing is done in Business layer of an application. • Presentation Layer • Business Layer • Database Layer
Types of API testing: Unit Testing: This type of testing is used to perform testing of a specific functionality of the application. Functional Testing: Functional tests are run to make sure the API functions are within the expected parameters and errors are handled properly. Load Testing: This testing is done to ensure the API is functioning properly under massive or sustained loads. It is done by increasing the number of user requests and check how API is functioning. Security Testing: This type of testing is done to make sure the APIs are secure from external threats. End-to-end Testing: End-to-end testing helps to validate the flow of data between API connections. Performance Testing: This type of testing is done to check the performance of different operations like time, see, reliability and functionality of the program, Runtime error detection: This type of testing is to find out the actual operations of the API. This testing monitors the system for execution errors, memory leakage and tests its error handling capabilities. User Interface Testing: This test is not done directly on the API but the UI that is connected with the API. It gives testers the overview of the performance, efficiency and usability of the system. Validation Testing: This test is usually performed at the end of SDLC which one of the most important tests to be performed. It is to verify the final efficiency, behavior and other functions.