Webinar Questions Answered: "The Future is API Testing - Trends and How to Propel Your Testing"

QASource
QASource | April 25, 2018

Webinar Questions Answered: "The Future is API Testing - Trends and How to Propel Your Testing"

QASource recently presented the webinar, "The Future is API Testing - Trends and How to Propel Your Testing." We presented this webinar twice due to its popularity.

In this webinar, QASource CEO Rajeev Rai discussed API testing's central role in the future of QA, and the necessity and benefits of testing APIs. In the webinar, Rajeev also walked the audience through detailed video demonstrations on how to perform API testing.

During both live presentations, attendees were given the opportunity to ask questions, but we were unable to get to them all. Here, our expert API engineers answered them.

1. Could we get a very quick example of vulnerability API testing?

Most API implementations use HTTP protocol for transferring information, which can be easily read. Through various methods, the input parameters of APIs can be constructed to induce vulnerabilities in the system under test. For example, in one such method, testers are able to spoof the IDs (from a limited access user to an admin user) of a GET request and get access to data that user is not authorized to have. Testers can then expose the vulnerabilities in many different ways. Testers use techniques such as SQL, JSON, XML, XPath and JavaScript injections by passing specific parameters to hack into the unauthorized information. Testers can perform these testing techniques both manually and with tools like Acunetix, Netsparker and many other open-source and commercial tools.

2. As a quality engineer, how do I implement a single automated test for an API search/endpoint that: 1) Stimulates queries, and 2) validates required and optional fields? Can I just do this in Postman or do I have to use an IDE to accomplish this?

Yes, you can use Postman to automate these scenarios to simulate queries and validate optional and required fields, and this can be achieved through parameterized data-driven tests. Parameterization would enable you to dynamically accept input parameters and a data-driven approach will help you automate tests for various types of valid and invalid inputs in the required and optional fields. We have demonstrated parameterization and using data files in our Postman demo videos during our webinar.

3. How can we post XML data in Postman?

This is one of the most common issues people struggle with when they start using Postman. XML & JSON are two popular data formats used in passing test data to validate APIs. Between the two, we would recommend JSON as it is the latest and most widely used format due to its structural benefits. However, you can use XML as well. You can pass XML data using a raw data type and by setting the content type to text/XML in the body of the POST request.

4. What types of issues will API testing help to identify in a product that would be difficult to find through UI testing?

According to the testing pyramid, an API forms the business layer of the application. The API layer can help distinguish if a defect is at the UI layer, API layer or at the code level. As APIs are developed before the UI, and as there are many instances where systems have a non-standard UI, API testing becomes the only way for testers to validate an application to find issues early on in the product cycle before they fester in an application and become difficult to find. API testing can help you find defects in different areas, such as performance, security, missing functionality, reliability and unused code.

Missed "The Future is API Testing - Trends and How to Propel Your Testing," or want to see it again?
Watch the full webinar by clicking the button below.
Interested in other webinars by QASource? Browse our collection here.

Disclaimer

This publication is for informational purposes only, and nothing contained in it should be considered legal advice. We expressly disclaim any warranty or responsibility for damages arising out of this information and encourage you to consult with legal counsel regarding your specific needs. We do not undertake any duty to update previously posted materials.