The main purpose of this article is to give you the general knowledge of API testing by providing truthful answers to the What – When – Why questions which are promised to clarify this puzzling area, especially the boundary between testing and engineering realm.
Moreover, the article provides you some issues which you may face when testing API. Some best practices and toolset are also discussed and expected to be an effective solution that helps increase the probability of being successful in API testing.
What is API testing?
API testing is the testing of a set of application programming interfaces (APIs) directly and as part of an integration test to specify whether they meet requirements for functionality, reliability, performance, and security. Due to a lack of GUI, API testing is executed at the message layer and can validate application logic by the very fast and effective way.
It is crucial to implement API testing for automation testing and CI/CD process as it can coop with short-release cycles and frequent changes especially the presentation layer with no test output broken. API testing also reduces maintenance effect in comparison with UI automation testing. This is a reason why API is prefered by Agile and DevOps teams.
As a side note, in terms of Web and mobile applications, API is often known as Web services, and API testing relates to the automation test executed to the Web services.
Advantages of API testing
As discussed above, API testing is an important activity that testing teams should focus on. It offers a number of advantages over other kinds of testing:
- Language independent
Data is exchanged via XML and JSON, so any language can be used for automation, independent from the languages used to develop the application. XML and JSON are typically structured data so the verification is fast and stable. There are also built-in libraries to support comparing data using these data formats.
- GUI independent
We can perform API testing within the application prior to GUI testing. Early testing will get feedback sooner and improve the team’s productivity.
Core functionality can be tested to expose small errors and to evaluate a build’s strengths.
- Improved test coverage
Most API/services have specifications, allowing us to create automated tests with high coverage, including functional testing (happy cases, negative cases) and non-functional testing. With virtual user techniques, we rarely find API test cases that could not be automated.
- Faster releases
It is common that executing a UI regression test suite takes 8-10 hrs while the same scenario with API testing takes only 1-2 hours. The flakiness of API testing is also lower than that of UI testing. All these allow us to release faster with API testing.
API testing best practices
When starting to develop test scenarios, some of us are relatively common to jump right into some of the negative test scenarios (to verify invalid information, validation on special characters, uncommon input, etc.). These types of verification might cause crashes and other interesting problems. In other words, easy bugs might be found quickly with negative test scenarios. Unfortunately, it is not necessarily the best use of a tester’s effort. It is suggested that mainline scenarios should be focus first with higher priority. A basic guideline is to identify the most common parameters and conditions that an end developer will use when calling the APIs and test these scenarios extensively.
2. Functional and Non-functional testing priorities
API is an essential part of modern web applications, its non-functional aspects such as performance, security, connectivity will affect the system heavily. The behavior makes traditional testing mindset, which focuses on functional testing first, not suitable anymore. Functional and non-functional testing should be performed at the same time with equal priority.
3. End-points management
A typical product may have hundreds of API/Web services endpoints, which look very similar to each other, and might cause duplication issues to the testing project. How you organize the tests and the endpoints will influence the productivity, effectiveness, and maintenance of your tests.
Test endpoints could be grouped by path (including path parameters), which generally performance action on specific object types. For examples:
api/2/issue: affects to Jira issue
— Create issue
— Create issues
— Get issue
api/2/group: affects to Jira Group
— Create group
— Get group DEPRECATED
— Remove group
This method will help us preventing missing test endpoints, and test scenarios.
How to select the right API testing tools
As we have mentioned before at How to select the right automation testing tool for your project, Selecting the right API testing tool plays an essential role in the success of a testing project. A suitable API solution can help save plenty of time and budget for the team. There are generally some options to consider:
1. Home-grown tools
Home-grown tools are suitable for the application that present unique testing challenges, for the team members with skills, time, and inclination to write their own test framework or build one on top of an existing open source tool. While these internal solutions can require team’s efforts to develop, they are generally programmer-friendly, precisely customized, and effectively integrated with the existing process and other infrastructure.
2. Open source tools
Using open source tools (JMeter, Rest-Assured) can be lightweight and appropriate for agile development. They mainly have a broad appeal, with features useful to both programmers and testers. However, not all open source tools are well documented, and training can be an issue for the testing team.
3. Vendor tools
Commercial tools (SoapUI Pro, Tricentis Tosca) are perceived as a safe bet as they are likely to come with available manuals, support, and training. Unfortunately, they remain some drawbacks: vendor tools are historically programmer-unfriendly as they tend to use proprietary scripting languages that programmers don’t want to spend time learning; they also tend to be heavyweight; and test scripts may be brittle, easily broken by minor changes to the application.
Particularly, these tools are generally expensive to purchase and maintain the license.
However, there are recently some vendor tools that can eliminate some disadvantages from the above vendor tools. For instance, Katalon Studio is a free tool with comparable features to commercial tools, or Postman is considered easy to setup and use compared the rest of commercial solutions. You can learn more about the top API testing tools here.
Selecting the right API testing tool is challenging but you can shortlist the choice from the candidates above considering your requirements, pros and cons of each solution — try not too ambitious at the early stage and doing the POC with the top 3 relevant solutions. You will have a better understanding of your project’s critical factors and issues to eliminate tools or fine-tune your choice to the most suitable solution for your project. Below is the top 5 API Testing Tools for 2018 (Learn more Top 10 API Testing Tools for 2018)