API testing and Automation Solutions: TechnoCast - Fall 2017

QASource
QASource | November 1, 2017

APIs (Application Programming Interfaces) are the lifelines of data-driven applications. It defines how software/applications interact and communicate with each other. APIs are preferred way for implementing data-driven application, as maintaining and developing UI is not required in API implementations.

Emerging technologies like IoT, Data Analytics and Machine Learning are laying foundations for the new paradigm of doing business in Health Services, Financial, Software, Defense and Automobile sectors on a great scale. These technologies leverage APIs for communication between different systems and intra-systems. API testing can greatly help in reducing time and resources during testing.

API Testing Solutions
  • Saves Time

    • API testing can be started early in sprint cycles as compared to UI testing. APIs can be used to directly test the business/logic layer of the application without the need to wait until UI is available.
  • Saves Resources

    • API automation maintenance is cost effective in comparison to UI testing as it doesn’t get effected by the frequent changes in application’s UI.

Public APIs Growth

Public APIs Growth
 

API Testing

API testing is considered to be very critical for automation since APIs are the primary interface to an application’s logic. Since APIs lacks UI, API testing is performed at the message layer.

API testing commonly includes testing the request and response of the REST/SOAP web services with JSON/XML message payloads being sent over HTTP, HTTPS, JMS and MQ protocols. API testing is done directly as part of integration testing to determine if they meet expectations for functionality, performance and security.

API Testing
Functional Testing Performance Testing Security Testing

API functional testing is used to verify APIs' responses for a wide range of feasible requests, also to ensure acceptable behaviour in case of negative scenarios such as failures and unexpected inputs.

API performance testing is used to verify whether APIs are able to deliver responses within an acceptable amount of time in case of large/extreme inputs.

API security testing is to detect security issues and vulnerabilities in APIs.

Top 5 Tools

Top 5 Tools

Top 5 Tools

Tricentis*
WebLOAD*
ReadyAPI*
ReadyAPI*
ReadyAPI*
Fiddler
vREST*
HP Performance Tester*
Wireshark
Postman
Apica LoadTest*
Metasploit Framework
Jersey-Jackson Framework
Apache JMeter
OWASP Zed Attack Proxy (ZAP)

*Commercial

 

Best Practices of API Testing

  • While writing test cases, APIs endpoint being called should be explicitly declared
  • To ensure good API test coverage, different API test parameters and their combinations should be carefully considered, like all positive and negative test cases
  • API function calls should be prioritized as per AUT workflow
  • An API test scenario should be self-contained and independent from dependencies as much as possible
  • API automation test should cover areas which cannot be tested through the UI
  • In case third-party API integration testing, we should perform end to end scenarios so that no glitches or security concern happens in real time
  • In security tests, it is essential to recognize the risks related to third party API/add-on apps integration
  • Authentication should be tested with valid logins, invalid logins, disabled accounts etc.
  • Encryption implementation in APIs should be tested
 

API Testing Automation Using Open-Source Technologies

API automation framework can be setup using various open source technologies like: Jackson or Gson for JSON parsing, Jersey client for consuming test APIs.

API Testing Automation

Jersey-Jackson Framework Structure

 

Automation Test Flow

 

Outro

API testing
  • API testing is quite different from regular GUI testing in terms of test data, technique & validation methodology/tools as there are no UI elements available and testing is conducted at the message layer
  • Tool selection is totally based on API testing coverage needed
  • Without following practices, it’s difficult to prepare good tests for API
  • Jackson is the de-facto standard for serializing/deserializing java objects to/from JSON text
  • To reduce suite execution time, Jackson parser plays important role as its parsing speed is faster than others
Have Suggestions?

Have Suggestions?

We would love to hear your feedback, questions, comments and suggestions. This will help us to make us better and more useful next time.
Share your thoughts and ideas at knowledgecenter@qasource.com

Disclaimer

This publication is for informational purposes only, and nothing contained in it should be considered legal advice. We expressly disclaim any warranty or responsibility for damages arising out of this information and encourage you to consult with legal counsel regarding your specific needs. We do not undertake any duty to update previously posted materials.