API Testing
Introduction:
API stands for an Application programming interface. It is an interface to allow the application to connect and interact with each other. It is a collection of standard or common software functions and procedures to decouple your presentation or client application from the business or data access layer so that you can focus on each layer development independently to maintain and manage the code separately.
Any software application architecture usually contains three layers the Presentation layer(User Interface), the Service layer, and the data layer. The service layer includes the business logic of that application and what I mean by saying business logic is that; we provide input to our application, and it gives us an output, but on what reasoning the application has provided the result, that is our business logic.
Traditional UI testing is more inclined to test our application, keeping in mind the user interaction; and by saying user interaction means that UI testing focuses more on the look and feel of the application. In comparison, API testing focuses on the business logic of the application.
Now the question arises why we need to do API testing if we can perform UI testing? There could be multiple reasons for performing API testing. Suppose the application is in an early stage of development, and the UI is still getting developed. In that case, the team can build APIs to perform the testing on the application’s core business logic without having a UI. But what if the application has developed the UI? Do we still need to perform API testing? The answer is Yes; to elaborate it more, we need to understand the term “microservices.”
In the traditional monolithic application development approach, the application is designed and developed considering the system as a standalone functional unit. In contrast, in microservices architecture, the application is designed and developed as a collection of services. It means the functionality of the application is developed considering each function as an independent service. So as our application evolves, it becomes easy to deploy, change and redeploy our changes without losing the integrity of the application. So the application development teams develop different APIs to hit the endpoints. This makes the application a little easy for testing; we take the request, process it, and then check the output using different software tools like Postman, Rapid API.
Benefits of API testing:
- Early testing: The testing teams can start executing the API testing as soon as the application’s business logic is defined. So it comes as a significant benefit for the testing team to begin detecting the issues as early as possible, even before the GUI development.
- Language independent: API testing is language independent as the data is interchanged via XML or JSON. The QA teams have a preference over choosing the language of their choice for automation, like Python, PHP, etc.
- GUI independent: While performing API testing, the QA teams keep the core business logic in their minds. And the testing process, in short, can be defined as taking an HTTP request as input and checking the output based on specific parameters. So for API testing, we don’t need the GUI.
- Speed and coverage of testing: The testing team can automate the APIs using different frameworks like Python, making our testing process quick and saving time.
- Reduces cost and resources for testing: With the help of API testing, the teams can start testing early and fix the issues before, reducing the resource’s time and effort and bringing the cost to test the application low.
- More time for bug resolution results in a faster release.
Types of API Testing:
- Validation Testing: This type of testing is performed during the development or at the end of the development process to check if the application acts as specified by the client’s requirement. It can be defined as the testing type that validates if the application performs as intended to function appropriately in the specified environment.
- Unit Testing: The developers perform the unit testing to test the code. The goal of unit testing is to cover a max number of lines of code written in the testing. For example, the functions written in the language are tested using all the parameters it takes. This is mostly performed in the same programming language in which the code is written. Unit testing framework example – Nunit, Junit, etc.
- Functional Testing: The QA team performs the Functional testing to ensure the feature/enhancement is working as per the expectation. In this type of testing, all the scenarios are validated against the feature keeping the user’s perspective.
- Security Testing: API testing can be very beneficial for security testing to check all the possible inputs for external threats. It is crucial to check the APIs for encryption of data, access control, and authentication features.
- Penetration Testing: The testing team performs penetration testing to test the system, network, and software application against the vulnerabilities for any possible external attacks.
- Load Testing: This testing is performed to test if the application functions as it is supposed to perform under the normal and under the maximum load.
- Runtime and error detection: This type of testing is performed to expose the race condition(this is a condition in the multi-threaded system when a device or a system tries to perform one or more actions at the same time but they are supposed to operate at a fixed sequence), exceptions, and resource leaks in the application.
- Fuzz testing: The testing team performs this kind of testing to test the APIs at the”worst-case scenarios”. The QAs are supposed to test the application by giving huge amounts of random data as input to make the system forcibly crash, overflow, or the other negative scenarios.
Challenges in API testing:
- The initial setup of API Testing: The most critical problem with API testing is the initial setup of the test environment and infrastructure.
- Updating of API requests testing schema: The testing team must continuously maintain the testing schema(data storage and formatting of the requests and the response). The team has to test the application continuously in alpha and beta versions upon any changes in any APIs.
- Sequencing of API calls: In a multi-threaded application, all the APIs are supposed to be called in proper sequencing; otherwise, the application can return an error. So it becomes very challenging for the team to maintain consistency throughout the application testing.
- Testing all input parameters: It is challenging for the QA team to test the combination of all the input parameters sent through API calls.
Tools for API Testing:
Open-Source API Testing Tools:
– JMeter
– Rest-Assured
– Karate DSL
– Citrus Framework
– Parasoft SOAtest
– Rest Assured
– Tricentis
Commercial API Tools:
– Katalon Studio
– SoapUI
– Postman
– Apigee
An Example of API Testing:
Consider an example of API testing where we want to perform data entry from UI using a web form and persist this data into the database. Here we need to validate that the API used underneath is performing the task correctly and data entered using forms is saved in the database.
I have created a simple UI to store the HDD info in my product_master table. I need to ensure data submitted from UI is stored properly in the database.
On the same screen, data saved earlier is displayed in the grid. So the GET API used to fetch the data from the database should return the recently added item, and this would confirm that both our GET and POST API is working fine.