What is API Testing?

API (Application Programming Interface) Testing is a type of Software testing where the interface in between two applications (Might be on same technology or different technology like .net, java, mainframe or any other) or Interface in between application and server. So we can say that API are used to communicate from application to another & Testing API means to test if data is sent from one application to another (Might be database) correctly, received expected response with good response time.

API Testings does not include GUI (Graphical User Interface). This means API-testing is performed on message layer (Message that sends the information in the form of XML or JSON from application to application or server). Below image can helps to illustrate API-Testing in better way –

API Testing - What is API testing? How API Testing is performed?

Note that – API Testing is Blank Box testing (Not White Box)

Before you begin with learning API-Testing, There are few concepts one should know, below are the one –

What is SOAP?

Simple Object Access Protocol is a standard protocol defined by W3C for sending and receiving web-services request and responces. SOAP Used the XML format to send and receive the request response and hence the data is platform independent data. SOAP messages are exchanged between the provider and receiving applications.

What is REST?

REST is Representational State Transfer. REST uses URI to expose business logic & is Easy to implement. It uses both JSON and XML. REST is faster as compared to SOAP but less Secure than SOAP. Postman can be used to test REST API. REST can implement SOAP as it can be implemented on protocol and soap is a protocol

What is WSDL?

WebServices Description Language is an XML based language which will be used to describe the services offered by webservice.

What is XML?

eXtensible Markup Language, works in W3C standards. It has tag based syntax, Very much as like HTML. In XML you can make your own tags. It helps information systems to share structured data. It is application and platform independent.

What is JSON?

JavaScript Object Notation. JSON is a very simple data exchange format. It helps to communicate between javascript and server side technology.

Once you are clear with above terminologies, Let us talk more about API-Testing.

Output of API-Testing can be any one out of –
  1. Request Status (Pass / Fail)
  2. Response data (Data information)
  3. Calling another API
What to test in API Testing?
  1. HTTP Status code
  2. Authorization checks
  3. Response time
  4. Schema validation (response structure validation)
  5. Error codes / Warning codes validation
  6. Response data validation (Data Accuracy, data types, data order etc)
  7. Other Non-functional testing such as performance testing, Security testing etc . . .
API Testing can be performed at various testing steps, they are –

1. Functional Testing –> the API technically works.
2. Load Testing –> the API can handle a large amount of calls.
3. RunTime Error Detection.
4. Security Testing –> the API has defined security requirements including authentication, permissions and access controls.
5. Unit Testing
6. WebUI Testing

What should you know before learning API Testing?

1. Web services, Specifically SOAP, REST and the difference between them.
2. You should be familiar with XML, JSON formats and syntax.
3. You should know about WSDL and WADL – the metadata API documentation.
4. You should know about how a API communication happens. What is the structure of the message like envelope, header, body, parameter etc.
5. Then should know some of the browser add-ons like PostMan for Chrome and Rest Client for Firefox.
6. You should know what is a API Request and What should be there in the response?
7. Standard HTTP methods like GET, PUT, POST, PATCH, TRACE, OPTIONS, CONNECT and DELETE.
8. You should know about List of HTTP status codes

What types of Bug can be found using API Testing?

  1. Fails to handle error conditions gracefully.
  2. Missing or duplicate functionality
  3. Unused flags.
  4. Not implemented errors.
  5. Stress.
  6. Reliability.
  7. Security.
  8. Multi-threading issues.
  9. Inconsistent error handling.
  10. Performance.
  11. Improper error/warning to caller.
  12. Incorrect handling of valid argument values.

Best API Testing Tools –

No tool is a best tool. Each tool has there own pros and cons. It all depends on the engineers how effectively they utilize the features depending on the business requirements. Following tools (Few to name) are available to software test companies for performing API testing:

  1. SOAPUI – The most widely popular open-source tool for API testing in the world, SoapUI allows you to test REST and SOAP APIs with ease – as it has been built specifically for API testing.
  2. Postman – Simple to use free Google Chrome extension. Simplifies the process of calling an API. But it requires writing code for comprehensive tests. Also has limited features for monitoring and team collaboration (enterprise solutions).
  3. Curl – an open-sourced software for transferring data from/to server through the supported protocols. It provides proxy support, user authentication, HTTP post, SSL connections, FTP upload, Metalink, cookies, etc.
  4. vREST – a tool for automated API testing. Using mock APIs, you can remove the dependency from frontend and backend. The tool integrates with JIRA and Jenkins and has a powerful response validation. All tests can be recorded by a special Chrome Extension and replayed with built-in test Runner.

There are few other tools in market like – HttpMaster, SOAP Sonar, Rest Assured, Swagger  .  .  .  .  And Many More .  .  .  .

What are HTTP Request and HTTP Response?

An HTTP request method is made up of four components:

  • Request Method – Get, Post, Put, Delete (these are the common ones)
  • Request URI – the URL of the resource
  • Request Header – Accept-Language, Accept-Encoding, User-Agent, Host
  • Request Body – this is the data to be sent to the resource

An HTTP response method is made up of three components:

  • Response Status Code – 200, 301, 404, 500 (these are the most common ones)
  • Response Header Fields – Date, Server, Last-Modified, Content-Type
  • Response Body – this is the data that comes back to the client from the server

HTTP Response codes used in API Testing –

  • 200 OK – Request was successful
  • 201 Created – Resource was successfully created (Using PUT or POST request).
  • 204 No Content  – No Content found
  • 400 Bad Request – When data does not pass validation / is in invalid format (While using PUT and POST methods)
  • 403 Forbidden – The server understood the request, but is refusing to fulfill it.
  • 404 Not Found – Required resource not found
  • 401 Unauthorized – Need to perform authentication before using resource.
  • 408 – Request Timeout – The client did not produce a request within the time that the server was prepared to wait.
  • 409 Conflict – Trying to create same resource twice.
  • 500 Internal Serve error – Server side error

 

Once above Basic concepts about API Testing are clear, let us learn API-Testing with below points.

How to perform Manual API Testing

API Testing Automation

API Testing Automation using Selenium WebDriver

API Testing Automation using TOSCA TestSuite (TOSCA API Scan)

API Testing Interview Questions

 

Hope this help !!!! Your comments and suggestions are welcome.