All About API Testing !!!

All About API Testing !!!

What is API Testing:

API testing is entirely different from GUI testing and mainly concentrates on the business logic layer of the software architecture. This testing won't concentrate on the look and feel of an application.
Instead of using standard user inputs(keyboard) and outputs, in API Testing, you use software to send calls to the API, get output, and note down the system's response.

API Testing requires an application to interact with API. In order to test an API, you will need to

•     Use Testing Tool to drive the API
•     Write your own code to test the API

Set-up of API Test environment:
    API testing is different than other testing as GUI is not available, and yet you are required to setup initial environment that invoke API with required set of parameters and then finally examine the test result. Setting up testing environment for API testing seems little complex.
    Database and server should be configured as per the application requirements.
    Once installation is done, API Function should be called to check whether that API is working.

Types of Output of an API:

•     Any type of data
•     Status (say Pass or Fail)
•     Call to another API function.

Test cases of API testing are based on

•     Return value based on input condition: it is relatively easy to test, as input can be defined and results can be authenticated
•     Does not return anything: When there is no return value, behavior of API on the system to be checked
•     Trigger some other API/event/interrupt: If output of an API triggers some event or interrupt, then those events and interrupt listeners should be tracked
•     Update data structure: Updating data structure will have some outcome or effect on the system, and that should be authenticated
•     Modify certain resources: If API call modifies some resources then it should be validated by accessing respective resources

Approach of API Testing:

Following points helps the user to do API Testing approach:

•     Understanding the functionality of the API program and clearly define the scope of the program
•     Apply testing techniques such as equivalence classes, boundary value analysis and error guessing and write test cases for the API
•     Input Parameters for the API need to be planned and defined appropriately
•     Execute the test cases and compare expected and actual results.

What to test for in API testing

API testing should cover atleast following testing methods apart from usual SDLC process
    Discovery testing: The test group should manually execute the set of calls documented in the API like verifying that a specific resource exposed by the API can be listed, created and deleted as appropriate
    Usability testing: This testing verifies whether the API is functional and user-friendly. And does API integrates well with another platform as well
    Security testing: This testing includes what type of authentication is required and whether sensitive data is encrypted over HTTP or both
    Automated testing: API testing should culminate in the creation of a set of scripts or a tool that can be used to execute the API regularly
    Documentation: The test team has to make sure that the documentation is adequate and provides enough information to interact with the API. Documentation should be a part of the final deliverable 

Best Practices of API Testing:

•     Test cases should be grouped by test category
•     On top each test, you should include the declarations of the APIs being called.
•     Parameters selection should be explicitly mentioned in the test case itself
•     Prioritize API function calls so that it will be easy for testers to test
•     Each test case should be as self-contained and independent from dependencies as possible
•     Avoid "test chaining" in your development
•     Special care must be taken while handling one time call functions like - Delete, CloseWindow, etc...
•     Call sequencing should be performed and well planned
•     To ensure complete test coverage, create test cases for all possible input combinations of the API.

Types of Bugs that API testing detects

•     Fails to handle error conditions gracefully
•     Unused flags
•     Missing or duplicate functionality
•     Reliability Issues. Difficulty in connecting and getting response from API.
•     Security Issues
•     Multi-threading issues
•     Performance Issues. API response time is very high.
•     Improper errors/warning to caller
•     Incorrect handling of valid argument values
•     Response Data is not structured correctly (JSON or XML)

 

Tools for API testing:

Since API and unit testing both target source code, similar tools can be used for testing both.

•     SOAPUI
•     Chrome Extension POSTMAN
•     Python Scripting with Request Library
•     Java with RestAPI Lib
•     Runscope
•     Postman with jetpacks
•     Postman with newman
•     Curl
•     Cfix
•     Check
•     CTESK
•     dotTEST
•     Eclipse SDK tool- Automated API testing 
•     Robot Framework (key word driven framework)

Challenges of API testing includes:

•     Main challenges in API testing is Parameter Combination, Parameter Selection, and Call Sequencing
•     There is no GUI available to test the application which makes difficult to give input values
•     Validating and Verifying the output in different system is little difficult for testers
•     Parameters selection and categorization required to be known to the testers
•     Exception handling function needs to be tested
•     Coding knowledge is necessary for testers

Conclusion:

API consists of set of classes / functions / procedures which represent the business logic layer. If API is not tested properly, it may cause problems not only the API application but also in the calling application.