API testing

Testng the business logic of an any application that is cal as API testing.

Whatever the developer develop the logic for any application to perform that way or this way. If API
tester i able to test this business logic or his logic this is called as API testing.

API is mediator between two applications. It is helping the two application to communicate with
each other.

API has three layer architecture.

Presentation
Business logic Database layer
layer

Presentation layer is nothing but the UI.

Business logic is nothing but how application have to perform? what functionality have to perform?
That is called is business logic.

There is a business logic, testing that business logic is call API testing,

Developer develop the business logic with the set if UI with the set of inputs and finally checking the
response whether it is correct or not is called as API testing.

Since in API UI is missing, we use third party application or tool POSTMAN or SOAPUI to test our
API with the help of which we send the UI with its party or parameter. We send the request and get
the response and match it whether it is as per the expected result or not.

In API testing the code which developer has return taht will not visible to us and since the code
will not visible to us while testing it is called as Black Box Testing.

Q. 1) While testing what are the things that need to keep in mind?

ans) We need to make sure that, what is the request we are sendning and how is response coming.
The response we are getting whether it meeting the customers expection or not. whatever the
response we got we need to validate that perfectly. we also need to make sure that the response
HTTP status codes whether it is correct or not. we also need to validate the response time. If
application is giving some error we need to note it down and need to create a bug report and send it
to developer so that he can fix it.

We also make sure thaat the authonticity is current i e. if we are allowing any other company to
use our API we need to give the authonticity to each and every customer, we need to give a
perticular key with the help of which he can able to consume our API.
 When any application is not developed we access that application using API and we will access the
API using POSTMAN as a tool that time POSTMAN is a Clint and out server is an application.

How to Perform API Testing?

Listed below are the steps that you can follow to perform API testing:

API Specification Review

The first step is documenting the API testing requirements. What is the purpose of
the API? What is the workflow of the application? Which integrations are supported
by the API? What are the features of the API? Documenting all these API testing
requirements is the first thing you need to do. This will help you in planning API tests
throughout the testing process.

Setting Up Test Environment

Next step is setting up a testing environment, with the required set of parameters
around the API. This involves configuring the database and server for the application
requirements.

Integrating Application Data

In this step, you need to combine your application data with the API tests to ensure
that the API functions as expected against all possible input configurations.
Deciding Type of API Test

After you’ve created the testing boundaries and requirements, you need to decide
what you want to test your API for. There are different types of API tests like
functionality testing, validation testing, load testing, security testing, end-to-end
testing, fuzz testing and many more. More about API testing types in the next
session of this article.

Text Execution & Reporting

Once you have decided on what to test the API for, the next step obviously is to
create test cases around that requirements and execute them. A basic guideline is to
identify the most common parameters and conditions that an end developer will use
when calling the APIs and test these scenarios extensively. And then document the
test results for further use.

Well, you can follow the above steps to successfully test APIs. One of the important
steps while performing API tests is to decide what kind of test you want to perform.
For that, you should be aware of the types of API testing. Let’s check them out next
in this ‘What is API Testing’ article.

Types of API Testing

In API testing, the following types of testing can be conducted:

 Functionality Testing – To check if the API works and does exactly what it’s
supposed to do
 Reliability Testing – To check if API can be consistently connected to and lead to
consistent results
 Validation Testing – Helps verify the aspects of product, behavior, and efficiency of
an API
 Load Testing – Is performed to ensure the performance of API under both normal
and at peak conditions
 UI Testing – It involves testing the user interface for the API and other integral parts
 Security Testing – To test that the API is secure against all possible external threats
 Penetration Testing – To detect vulnerabilities of an application from an attackers
perspective
 Fuzz Testing – To test the API in terms of the limits to prepare for the “worst case
scenarios”

Well, these are the most frequently performed API test types. By performing these
tests what are you trying to test for? What will you find?

You are checking for:

 Duplicate or missing functionality

 Improper messaging
 Error handling mechanism is incompatible
 Multi-threaded issues
 Security, performance & security issues
 Reliability issues
Since API Testing is gaining popularity, we have many tools available for the same.
This ‘What is API Testing?’ article lists some popular API testing tools for your
reference.

API Testing Tools

For successfully performing API testing, you will need a tool to structure and manage
your test cases. Here are some of the top API testing tools that can be used for Rest
API and Soap API:

SoapUI: It is the most widely popular open-source tool for API testing. With SoapUI
you can perform functional testing, performance testing, security testing, and data-
driven testing. It will provide you with the reports for testing and will allow you to
export the data.

Postman: With more than 4 million users worldwide it is one of the most popular API
testing tools. It runs on Mac, Windows, Linux & Chrome Apps. Allows you to set up
all the headers and cookies your API expects, and then check the response.

Challenges of API Testing

 There is no GUI, which will make it difficult for testers to give input values
 Test case management is difficult since a tester might have to deal with
millions of test cases
 The tester must possess expertise in the programming language(s) that are
targeted by the API
 Time-consuming, requires a lot of time and resources to develop tools and
design tests
 Improper documentation will make it difficult for a test designer to understand
the purpose of API calls
 Proper call sequencing is required as this may lead to inadequate coverage in
testing
 Exception handling functions need to be tested thoroughly

Regardless of the challenges that we might come across API testing is quite crucial
and highly required. If an API breaks because errors weren’t detected, there is the
threat of not only breaking a single application but an entire chain of business
processes hinged to it. With this, we have reached the end of this ‘What is API
Testing?’ article.