APIs (Application Programming Interfaces) are the lifelines of data-driven applications. It defines how software/applications interact and communicate with each other. APIs are preferred way for implementing data-driven application, as maintaining and developing UI is not required in API implementations.
Emerging technologies like IoT, Data Analytics and Machine Learning are laying foundations for the new paradigm of doing business in Health Services, Financial, Software, Defense and Automobile sectors on a great scale. These technologies leverage APIs for communication between different systems and intra-systems. API testing can greatly help in reducing time and resources during testing.
-
Saves Time
- API testing can be started early in sprint cycles as compared to UI testing. APIs can be used to directly test the business/logic layer of the application without the need to wait until UI is available.
-
Saves Resources
- API automation maintenance is cost effective in comparison to UI testing as it doesn’t get effected by the frequent changes in application’s UI.
Public APIs Growth
API Testing
API testing is considered to be very critical for automation since APIs are the primary interface to an application’s logic. Since APIs lacks UI, API testing is performed at the message layer.
API testing commonly includes testing the request and response of the REST/SOAP web services with JSON/XML message payloads being sent over HTTP, HTTPS, JMS and MQ protocols. API testing is done directly as part of integration testing to determine if they meet expectations for functionality, performance and security.
| Functional Testing | Performance Testing | Security Testing |
|---|---|---|
|
API functional testing is used to verify APIs' responses for a wide range of feasible requests, also to ensure acceptable behaviour in case of negative scenarios such as failures and unexpected inputs. |
API performance testing is used to verify whether APIs are able to deliver responses within an acceptable amount of time in case of large/extreme inputs. |
API security testing is to detect security issues and vulnerabilities in APIs. |
Top 5 Tools |
Top 5 Tools |
Top 5 Tools |
|
Tricentis*
|
WebLOAD*
|
ReadyAPI*
|
|
ReadyAPI*
|
ReadyAPI*
|
Fiddler
|
|
vREST*
|
HP Performance Tester*
|
Wireshark
|
|
Postman
|
Apica LoadTest*
|
Metasploit Framework
|
|
Jersey-Jackson Framework
|
Apache JMeter
|
OWASP Zed Attack Proxy (ZAP)
|
*Commercial
Best Practices of API Testing
- While writing test cases, APIs endpoint being called should be explicitly declared
- To ensure good API test coverage, different API test parameters and their combinations should be carefully considered, like all positive and negative test cases
- API function calls should be prioritized as per AUT workflow
- An API test scenario should be self-contained and independent from dependencies as much as possible
- API automation test should cover areas which cannot be tested through the UI
- In case third-party API integration testing, we should perform end to end scenarios so that no glitches or security concern happens in real time
- In security tests, it is essential to recognize the risks related to third party API/add-on apps integration
- Authentication should be tested with valid logins, invalid logins, disabled accounts etc.
- Encryption implementation in APIs should be tested
API Testing Automation Using Open-Source Technologies
API automation framework can be setup using various open source technologies like: Jackson or Gson for JSON parsing, Jersey client for consuming test APIs.
Jersey-Jackson Framework Structure
Automation Test Flow
Outro
- API testing is quite different from regular GUI testing in terms of test data, technique & validation methodology/tools as there are no UI elements available and testing is conducted at the message layer
- Tool selection is totally based on API testing coverage needed
- Without following practices, it’s difficult to prepare good tests for API
- Jackson is the de-facto standard for serializing/deserializing java objects to/from JSON text
- To reduce suite execution time, Jackson parser plays important role as its parsing speed is faster than others
Have Suggestions?
We would love to hear your feedback, questions, comments and suggestions. This will help us to make us better and more useful next time.
Share your thoughts and ideas at knowledgecenter@qasource.com
