API Testing and the Internet of Things

QASource | September 6, 2017

API Testing and the Internet of ThingsThe phrase ’Internet of Things’, typically abbreviated as IoT, has been bouncing around in the tech industry for years. But there are still plenty of consumers—and even product company leaders—puzzling at its meaning. What is it? How does it impact the plain old “Internet” that I’ve grown to know and love? How does it affect my product, my business, and how my teams run tests?

The IoT is both the cause of, and a response to, the device-driven, ultra-connected world we live in today. Essentially, it’s the concept of connecting any device with an on/off switch—cars, watches, thermostats, home security alarms, coffeemakers—to the Internet, and, by extension, each other. Through these connections, information can be stored, shared, and accessed by the devices and the users that depend on them.

On a small scale, this type of connectivity can make daily life simpler and much more efficient. Maybe the battery on your electric car is running low, and it sends a notification to your smart watch reminding you to move it to a charging station on your lunch break. But the concept also scales well. Imagine connecting citywide transportation networks on the Internet of Things—the potential gains in efficiency and safety are staggering.

The key bridge in the IoT? APIs. These are the essential connection points between the applications that power these smart devices, and they’re what facilitate the fast, secure exchange of data. Without APIs that have been thoroughly tested by a qualified QA team, there is no Internet of Things. (Click to Tweet!)

The IoT and APIs

Most of the information sharing that takes place within IoT devices is through API's, so it is crucial to test the API of an IoT capable device. APIs expose the data, which enables multiple devices to combine & connect in order to encounter new and interesting workflows. APIs are the programs acting as an interface between the Internet and the Things.

There are quite a number of APIs that are readily available for developers to consume in the apps in order to be able to perform various tasks such as providing User manuals, bot creation, location based tracking and many more. A few examples of such API's that applications that we are using daily are Google Maps, Twitter, Amazon Product Advertising and so on.

IoT devices work because any device that is connected to the internet stores data. APIs drive the IoT by connecting devices that are synced to the cloud and transferring data. The devices that are connected to any other device through any of the data transfer mediums such as Infrared, Blue-tooth, GPS, Internet, Wi-Fi have access to the data stored on the other device and can use this data to perform relative tasks. For example, an IoT thermostat inside a house collects information about the current room temperature, humidity level, outside temperature and stores all of this information into its memory, shown below in JSON format:

 "roomTemperature": "32",
 "tempUnits": "C",
 "humidityPercent": "80",
 "outsideTemp": "40"

All this information is ready to be used by a connected smartphone through the APIs deployed and exposed by the thermostat firmware. Using this information, a smartphone app can send a GET request to collect all the information, enabling the user to see all of this displayed on their phone.

Once the device receives the request, it stores the new values and can adjust the settings according to the user's input.

Let’s look at the most important reason for thorough API testing of the applications that power the IoT.

Protecting the user

Product companies may skip over QA to save money and conserve time in their release cycle. “What’s the worst that could happen?” they may ask. In their minds, the only consequence is a faulty connection between an alarm clock and a coffee maker, or any other device-to-device combination. But inadequate testing can have very real consequences for the people using those devices with exposed APIs.

Let’s take an example of a smart-band that collects the user’s health information through sensors and sends this data to the user’s health manager app installed on their smartphone. This helps users with preparing personalized meal plans. Imagine if such a device was not tested and collecting incorrect data. The health manager app would recommend improper meal plans that could have a serious impact on the user’s health.

The IoT is driven by APIs that act as a bridge between all of these devices connected to the cloud, transforming very limited devices into powerful information portals by exposing data.With this increased connectivity, there is also an increasing concern for data security. If an internet connected device has not undergone security testing, it can lead to imminent data loss and compromised privacy. 

 If someone is able to gain access to one device in a user’s network, it’s possible that they can gain control of the others, too. Hackers can gain access to critical data like credit card information through a simple IoT coffee machine.This is a scary prospect for most users, but the convenience offered by the IoT tends to outweigh these fears. So, it’s up to the engineering teams to ensure that they’re building secure products for their market.

As large stores of data are exposed across devices through APIs, it’s vital that proper security testing is in place. This is especially true when applications are transferring highly sensitive data, like health records or banking and financial information. Learn why working with an experienced team of QA testers with domain expertise is the best choice you can make.

Benefits of API testing in the IoT

Here’s a quick cheat sheet of the benefits that API testing offers for product companies who develop applications serving the IoT:

  • API testing allows code-level access. As most of these applications have no UI, API testing is the only way to effectively test.
  • API testing is fast. Code-level testing is quick, relatively simple to implement, and easy to automate.
  • API testing can run in conjunction with other tests. But they can also be tested individually, making it easier to cover both unit and integration tests.

Popular API testing tools

As API testing grows in popularity, a wide variety of testing tools are becoming available. Here are a few of our favorites:

  • Postman - Available both as a standalone application and as an extension of top browsers, Postman lets you develop, test, and document APIs easily.
  • RESTClient - Like Postman, RESTClient is available as a browser extension as well as a plugin for widely used editors like RubyMine, Eclipse, IntelliJ, and more.
  • Curl - A simple command-line tool that can be used to execute basic API requests without the need for any additional technology.
  • Wireshark - A network analysis tool that captures packets in real time and display them in human-readable format.
  • SoapUI - An open-source web service testing application for service-oriented architectures (SOA) and representational state transfers (REST).


Overall, without using the APIs, IOT applications would cease to exist. Hence, the knowledge of these APIs help to understand the true workings of these connected devices and is critical for the success of QA for IOT.

Need a hand with starting API testing? We've got your back!

Download our free checklist today!


This publication is for informational purposes only, and nothing contained in it should be considered legal advice. We expressly disclaim any warranty or responsibility for damages arising out of this information and encourage you to consult with legal counsel regarding your specific needs. We do not undertake any duty to update previously posted materials.