Learn API Testing in 10 Minutes!!!

API testing is different from G5UI testing, but it doesn’t take long to master.

What is an API?

API is an acronym for Application Programming Interface. It enables communication and data exchange between two separate software systems. A software system implementing an API contains functions/subroutines which can be executed by another software system.

What is API testing?

API testing is entirely different from GUI testing and mainly concentrates on the business logic layer of the software architecture. This testing won’t concentrate on the look and feel of an application.

Instead of using standard user inputs (keyboard) and outputs, in API testing, you use software to send calls to the API, get output, and note down the system’s response.

API testing requires an application to interact with the API. In order to test an API, you will need to:

  • use a testing tool to drive the API
  • write your own code to test the API

Set-up of an API test environment

  • API testing is different from other testing as a GUI is not available, and yet you are required to set up an initial
    environment that invokes the API with a required set of parameters, and then finally examines the test result.
  • Hence, setting up a testing environment for API testing seems a little complex.
  • A database and server should be configured as per the application requirements.
  • Once installation is done, an API function should be called to check whether that API is working.

Types of output of an API

The output of an API could be:

  1. any type of data,
  2. status (say Pass or Fail),
  3. a call to another API function.

Let’s look at an example of each of the above types:

Any type of data

Example: An API function which add twos integer numbers.

long add(int a, int b)

The numbers have to be given as input parameters. The output should be the sum of the two integers. This output needs to be verified with the expected outcome.

Calling needs to be done such as:

add (1234, 5656)

Exceptions have to be handled if the number exceeds the integer limit.

Status (say Pass or Fail)

Consider the API functions below:

  1. Lock()
  2. Unlock()
  3. Delete()

Each returns a value such as true (in case of success) or false (in case of error) as output.

A more accurate test case would be, call the functions in any of the script and later check for changes either in the database or the application GUI.

Calling of another API / Event

In this case, we call one of the API functions which in turn calls another function.

For example, the first API function can be used for deleting a specified record in the table, and this function in turn calls another function to REFRESH the database.

Test Cases for API Testing:

Test cases of API testing are based on

  • Return value based on input condition: Relatively easy to test, as input can be defined and results can be
  • Does not return anything: When there is no return value, behavior of API on the system to be checked.
  • Trigger some other API/event/interrupt: If the output of an API triggers some event or interrupt, then those events and interrupt listeners should be tracked.
  • Update data structure: Updating data structure will have some outcome or effect on the system, and that should be authenticated.
  • Modify certain resources: If an API call modifies some resources, then it should be validated by accessing the
    respective resources

Approach of API testing:

The following points help you with the API testing approach:

  1. Understand the functionality of the API program and
    clearly define the scope of the program.
  2. Apply testing techniques such as equivalence classes, boundary value analysis, and error guessing, and write test cases for the API.
  3. Input parameters for the API need to be planned and
    defined appropriately.
  4. Execute the test cases and compare expected and actual results.

Difference between API testing and Unit testing


What to test for in API testing
API testing should cover at least the following testing Methods, apart from usual SDLC process:
Discovery testing: The test group should manually execute the set of calls documented in the API, like verifying that a specific resource exposed by the API can be listed, created and deleted as appropriate.
Usability testing: This testing verifies whether the API is functional and user-friendly. And does the API integrate well with another platform as well?
Security testing: This testing includes what type of
authentication is required, and whether sensitive data is encrypted over HTTP or both.
Automated testing: API testing should culminate in the creation of a set of scripts or a tool that can be used to execute the API regularly.
Documentation: The test team has to make sure that the documentation is adequate and provides enough
information to interact with the API. Documentation should be a part of the final deliverable.

Best practices of API testing:
• Test cases should be grouped by test category.
• On top each test, you should include the declarations of the APIs being called.
• Parameters selection should be explicitly mentioned in the test case itself.
• Prioritize API function calls so that it will be easy for testers to test.
• Each test case should be as self-contained and independent from dependencies as possible.
• Avoid “test chaining” in your development
• Special care must be taken while handling one time call functions, like Delete, CloseWindow, etc.
• Call sequencing should be performed and well planned.
• To ensure complete test coverage, create test cases for all possible input combinations of the API.

Types of bugs that API testing detects
• Failure to handle error conditions gracefully.
• Unused flags.
• Missing or duplicate functionality.
• Reliability issues. Difficulty in connecting and getting a response from the API.
• Security issues.
• Multi-threading issues
• Performance issues. API response time is very high.
• Improper errors/warnings to caller.
• Incorrect handling of valid argument values.
• Response data not structured correctly (JSON or XML)

Tools for API testing
Since API and unit testing both target source code, similar tools can be used for testing both.
• SoapUI
• Runscope
• Postman with jetpacks
• Postman with newman
• Curl
• Cfix
• Check
• dotTEST
• Eclipse SDK tool- Automated API testing

Challenges of API testing
Challenges of API testing include the following:
• The main challenges in API testing are Parameter Combination, Parameter Selection, and Call Sequencing
• There is no GUI available to test the application, which makes it difficult to give input values.
• Validating and verifying the output in different system is a little difficult for testers.
• Parameters selection and categorization are required to be known to the testers.
• Exception handling function needs to be tested.
• Coding knowledge is necessary for testers.

An API consists of a set of classes/functions/procedures which represent the business logic layer. If the API is not tested properly, it may cause problems not only in the API application itself, but also in the calling application.

(This article was originally published on http://www.guru99.com/api-testing.html)

Krishna speaks at conferences on the topic of Education, and hosts regular webinars on SAP, Software Testing, as well as other Career related topics.
Krishna Rungta
Krishna speaks at conferences on the topic of Education, and hosts regular webinars on SAP, Software Testing, as well as other Career related topics.

The Related Post

API testing has long been misunderstood as well-confined in the territory of developers. It’s natural to think that we must write code to test our code. However, it doesn’t have to be that way anymore. Business testers who have deep domain knowledge are now able to take on the challenges of API testing without coding. ...
 Understanding the pieces of the web service testing puzzle can make testing easier For people wanting a broader understanding of more pieces in the web service testing puzzle, here is a breakdown of the various possible components of an API.
An API provides much of the functional capabilities in complex software systems. Most customers are accustomed to interacting with a graphical user interface on the computer. But, many do not realize that much of the functionality of a program comes from APIs in the operating system or the program’s dynamic-link libraries (DLL).
Lack of information and access to information isn’t an issue with web services. Web service documentation is widely available. Overview     One of the major persistent complaints from people who test is lack of information and lack of access to information. Luckily this is not the case with web services. If in the rare case with ...
An approach to secure maintainability and scalability for API testing projects One of the most important tasks in API testing is designing the input data whose quantum could explode due to the combination of a vast number of arguments. An experienced tester will inevitably figure out the advantages of the pairwise method in efficiently picking ...
These are the popular authentication methods in TestArchitect Authentication in API testing is usually a complicated subject for both developers and testers since it requires extensive knowledge on various types of security protocols and encryption algorithms.
A case-study using: Java, REST Assured, Postman, Tracks, Curl and HTTP Proxies This is the first book review I have written on my site. So of course I had to choose a great book that was relevant to my niche. Alan Richardson’s book on Automating & Testing a REST API fits the bill perfectly. I am a big ...
Social APIs are omnipresent and create special cases for testing. If you understand API testing, especially web service type APIs, testing social APIs is easy to grasp. The use of social APIs makes them a special case. They are omnipresent and very well understood. What this means is you need to have a good understanding ...
Here are some books you might find useful when developing your web services API testing strategy. The Art of Application Performance Testing by Ian Molyneaux — This book was just released and I found it an outstanding conceptual overview of performance testing a web based application. The book does a great job of reviewing the ...
An overview of web service testing solutions for traditional or non-technical testers. Much has been written on the technical execution of API tests, yet there are gaps in the details of what tests to design and how to design them. The articles tend to either get too technical too fast, or are too vague and ...
Summary Remember that Agile is not an SDLC. Neither are Scrum and XP for that matter. Instead, these are frameworks for projects; they are built from practices (for example, XP has 12 core practices). Scrum and XP advocates will freely recommend that you pick a few practices to implement, then keep what works and discard ...

Leave a Reply

Your email address will not be published.

Stay in the loop with the lastest
software testing news