QASource Newsletter

QASource Blog Technocast - Fall 2017

Technocast - Fall 2017

APIs (Application Programming Interfaces) are the lifelines of data-driven applications. It defines how software/applications interact and communicate with each other. APIs are preferred way for implementing data-driven application, as maintaining and developing UI is not required in API implementations.

Emerging technologies like IoT, Data Analytics and Machine Learning are laying foundations for the new paradigm of doing business in Health Services, Financial, Software, Defense and Automobile sectors on a great scale. These technologies leverage APIs for communication between different systems and intra-systems. API testing can greatly help in reducing time and resources during testing.

API Testing Solutions
  • Saves Time

    API testing can be started early in sprint cycles as compared to UI testing. APIs can be used to directly test the business/logic layer of the application without the need to wait until UI is available.

  • Saves Resources

    API automation maintenance is cost effective in comparison to UI testing as it doesn’t get effected by the frequent changes in application’s UI.

Public APIs Growth

Public APIs Growth

API Testing

API testing is considered to be very critical for automation since APIs are the primary interface to an application’s logic. Since APIs lacks UI, API testing is performed at the message layer.

API testing commonly includes testing the request and response of the REST/SOAP web services with JSON/XML message payloads being sent over HTTP, HTTPS, JMS and MQ protocols. API testing is done directly as part of integration testing to determine if they meet expectations for functionality, performance and security.

API Testing
Functional Testing Performance Testing Security Testing

API functional testing is used to verify APIs' responses for a wide range of feasible requests, also to ensure acceptable behaviour in case of negative scenarios such as failures and unexpected inputs.

API performance testing is used to verify whether APIs are able to deliver responses within an acceptable amount of time in case of large/extreme inputs.

API security testing is to detect security issues and vulnerabilities in APIs.

Top 5 Tools

Top 5 Tools

Top 5 Tools

Tricentis*
WebLOAD*
ReadyAPI*
ReadyAPI*
ReadyAPI*
Fiddler
vREST*
HP Performance Tester*
Wireshark
Postman
Apica LoadTest*
Metasploit Framework
Jersey-Jackson Framework
Apache JMeter
OWASP Zed Attack Proxy (ZAP)

*Commercial

Best Practices of API Testing

  • While writing test cases, APIs endpoint being called should be explicitly declared
  • To ensure good API test coverage, different API test parameters and their combinations should be carefully considered, like all positive and negative test cases
  • API function calls should be prioritized as per AUT workflow
  • An API test scenario should be self-contained and independent from dependencies as much as possible
  • API automation test should cover areas which cannot be tested through the UI
  • In case third-party API integration testing, we should perform end to end scenarios so that no glitches or security concern happens in real time
  • In security tests, it is essential to recognize the risks related to third party API/add-on apps integration
  • Authentication should be tested with valid logins, invalid logins, disabled accounts etc.
  • Encryption implementation in APIs should be tested

API Testing Automation Using Open-Source Technologies

API automation framework can be setup using various open source technologies like: Jackson or Gson for JSON parsing, Jersey client for consuming test APIs.

API Testing Automation

Jersey-Jackson Framework Structure

Automation Test Flow

Step1
Construct API Request
JSON/XML requests are generated using Serialization. Serialization is a mechanism of writing the state of an object into a byte stream. Serialization can be achieved using a parser like Jackson or Gson.
Step2
Send Request To API Endpoint
JSON/XML requests are sent to API end point along header parameters and authorization (if required) with GET/POST/PUT methods using client such as Jersey or REST client.
Step3
Validate Response
Once response is received, it can be deserialized into objects. Assertions as per excepted results are implemented to validate the response.

Outro

API testing
  • API testing is quite different from regular GUI testing in terms of test data, technique & validation methodology/tools as there are no UI elements available and testing is conducted at the message layer
  • Tool selection is totally based on API testing coverage needed
  • Without following practices, it’s difficult to prepare good tests for API
  • Jackson is the de-facto standard for serializing/deserializing java objects to/from JSON text
  • To reduce suite execution time, Jackson parser plays important role as its parsing speed is faster than others
Reliability Monitor

Have Suggestions?

We would love to hear your feedback, questions, comments and suggestions. This will help us to make us better and more useful next time.
Share your thoughts and ideas at knowledgecenter@qasource.com

Disclaimer

The logos used in this post are owned by the individual companies of each logo or trademark. The logo is not authorized by, sponsored by, or associated with the trademark owner, but QASource is using the logos only for reviewing purposes. The endorsement of the used logos by QASource is neither intended nor implied.