Understanding of API and API Testing.
What is an API?
API stands for Application Programming Interface. In software application development, an API is the middleware code that enables two software applications to communicate with each other .A software system implementing an API contains functions /sub-routines which can be executed by another software system.
An application developed over a UNIX platform using Java and Oracle as database. Another application developed over windows using C# and MySQL as database. Now these two applications can’t communicate with each other directly. But with the help of API they can communicate.
To explain this better, let us take a familiar example.
Imagine you’re sitting at a table in a restaurant with a menu of choices to order from. The kitchen is the part of the “system” that will prepare your order. What is missing is the critical link to communicate your order to the kitchen and deliver your food back to your table. That’s where the waiter or API comes in. The waiter is the messenger — or API — that takes your request or order and tells the kitchen — the system — what to do. Then the waiter delivers the response back to you, in this case, it is the food.
Now a days most of the applications are developed in 3 tire architecture.
Business Layer (API Layer): In business layer their will be a code that handles the exchange of information between data layer (database) and Presentation layer (user interface).Here the logic can be developed by using Java, .NET,C# or Python, C++.
Data Access Layer: It is the Database server ,where data is stored. It can be Oracle, MySQL, SQL Server.
3 tier architecture
Let’s take an example of airline booking .Let’s imagine we are booking a flight from the kayak website( https://www.kayak.com).You choose a departure city and date, a return city and date and check for availability of tickets. How it is going to get the data (list of available flights) from different airlines like Delta , Frontier ,United Airlines, Southwest and American Airlines?
Let think all these airlines are giving access to this third-party (Kayak) to access the database and get the information. Now that might not be a case because ,any airline or application will not allow third-party to get the access to database or to see the information for security reasons.
Here is the solution ,all these airlines will expose the information in the form of an API’s. API behaves as an Interface between client and server. Below diagram shows how the communication happens between the client(UI -Kayak.com) and server(different airline applications )via API which act as a medium of communication between Kayak and other airline applications.
When an user enters the details in Kayak website(UI) ,the front end captures all the information an HTTP request and sends it over HTTP protocol to the API. The HTTP request can be a JSON or an XML. The API then calls the relevant method in the application, let’s say here checkAvailibility() . The applications which are developed using any programming language(JAVA , .NET)code will parse the XML/JSON to query the data from database and sends back the information to API . The API then sends back the information to the client over an HTTP response .This response is interpreted by UI and presented to the user in readable format. In this whole communication API is independent of language.
What is API testing ?
API testing is a software testing practice that tests the API directly and as part of integration testing to determine if they meet expectations of functionality ,reliability ,performance and security.
Where is API testing performed?
API testing is performed at the most critical layer, that is the business layer. In which business logic processing is carried out and all transaction between the UI and database layer happens.
Benefits of API Testing.
API testing can be performed in prior to GUI development ,It is UI independent. The core functionalities can be tested to expose small errors before the UI testing.
It is Language independent as data is exchanged via XML/JSON.so any language can be used for test automation. XML and JSON are typically structured data, making the verification fast and stable. There are also built-in libraries to support comparing data using these data formats.
API testing saves up to 8 hours compared to UI testing ,allowing software development teams to release product faster .
What is a Webservice?
An API which is on Internet (Web). we call it as a Web API or Webservice. All the web service are API’s. But not all the API’s are webservices.
A webservice is a unit of managed code that can be remotely invoked by using HTTP request .So webservices allows you to expose the functionality of the existing code over a network. once it is exposed on the network ,other applications can use the functionality of the program.
There are two broad classes of web services.
Simple Object Access Protocol (SOAP)
Representational State Transfer (REST)
SOAP web service:
SOAP have been in existence quite long.
It is a protocol, a set of strict rules which must be followed while creating a web service.
Supports XML message format only.
It is considered heavy weight and Slower , It is like a envelope.
Every operation the service provides is explicitly defined, along with the XML structure of the request and response for that operation.
Each input parameter is similarly defined and bound to a type: for example an integer, a string, or some other complex object.
All of this is codified in the WSDL — Web Service Description (or Definition, in later versions) Language. The WSDL is often explained as a contract between the provider and the consumer of the service. In programming terms the WSDL can be thought of as a method signature for the web service.
SOAP requires more bandwidth for its usage. Since SOAP Messages contain a lot of information inside of it, the amount of data transfer using SOAP is generally a lot.
REST web service:
REST is an architectural style, any web service following REST architecture is called RESTful Web Service.
It is considered light weight and faster ,It is like a postcard.
It consume less bandwidth. This is because the request doesn’t require SOAP headers in every message. REST make use of HTTP headers for any meta information
It permits different data format such as Plain text, HTML, XML, JSON, etc. But the most preferred format for transferring data is JSON.
It does not need much bandwidth when requests are sent to the server. REST messages mostly just consist of JSON messages.
It use Uniform Service locators to access to the components on the hardware device. For example, if there is an object which represents the data of an employee hosted on a URL as http://testxyz.com , the below are some of URI that can exist to access them.
Types of API calls:
Some calls to API’s can change things on server ,While other return data without changing anything. It is important to distinguish between these different types of calls when testing.
Safe request: A safe request is one that doesn’t change anything on the server. So safe methods can only be used for read-only operations.
Example : GET
Not Safe request : A request the change the state of the server is called a not a safe request.
Example: POST ,PUT , PATCH ,DELETE .
Idempotent call: An idempotent call is one that only changes things the first time you execute it and doesn’t make any changes on subsequent calls.
Example: PUT and DELETE.
The Structure of a API request:
Every API request needs an endpoint and an action.
An API Endpoints: An application implementing a RESTful API will define one or more URL endpoints with a domain, resource, path, and/or query string — for example, Base URL/resource/(Query/Path)Parameters.
An API action is the HTTP methods commonly used to communicate with the API. The four actions (POST , GET ,PUT and DELETE) are sometimes summarized with the acronym CRUD .This stands for Create , Read , update and delete.
POST: A post request is used send the data to the server , for example Creating a new customer ,HTML registration forms . If we refer to the SQL query we use Insert command .
GET — The GET method used to get the data from the server using the Endpoint (URI).Get is referred to RETRIEVE the data from the server. It is referred to the Select query in the SQL.
PUT: A put request is used to update the existing record of the target resource. example update the customer details. PUT is referred to Update query in SQL.
DELETE: A delete request is used to delete the existing record from the target resource.
DELETE is referred to Delete query in SQL.
HTTP headers: Information such as authentication token or cookies can be contained in the HTTP request header. Headers represent the meta-data or the additional details associated with the API request and response. They denote the type of message sent i.e. either XML or JSON.
API Parameters: API parameters are options that can be passed with the endpoint to influence the response.
Path parameter: Path parameters are variable parts of a URL path. They are typically used to point to a specific resource within a collection, such as a user identified by ID
Query Parameters :Query Parameter is used to control what data is returned in the endpoint resources ,sort/filter the resources. Query Parameters are identified with’?’.
Request body: When you need to send data from a client (a browser) to your API, you send it as a request body.
HTTP Error codes observed frequently in the response header :
400 Bad Request - The request could not be understood by the server due to incorrect
syntax. The client SHOULD NOT repeat the request without modifications.
401 Unauthorized — Indicates that the request requires user authentication information. The client MAY repeat the request with a suitable Authorization header field.
403 Forbidden — Unauthorized request. The client does not have access rights to the content. Unlike 401, the client’s identity is known to the server.
404 Not Found — The server can not find the requested resource.
500 Internal Server Error — The server encountered an unexpected condition which prevented it from fulfilling the request.
501 Not Implemented — The HTTP method is not supported by the server and cannot be handled.
502 Bad Gateway — The server got an invalid response while working as a gateway to get a response needed to handle the request.
503 Service Unavailable — The server is not ready to handle the request.
504 Gateway Timeout — The server is acting as a gateway and cannot get a response in time for a request.
505 HTTP Version Not Supported — The HTTP version used in the request is not supported by the server.