API and API Testing — A Walkthrough
What is an API?
Before I tasted the flavor of API and API Testing from the different flavors of Software Testing in the current tech world, API sounded like a kind of a complex puzzle to me.
Today I use this term so often that I started to relate APIs with the real world day-to-day activities 😀, OK so now let’s dive into our topic for today, many have a vague or incorrect idea about what this fairly common term API means. So I would like to share an interesting overview of what is this API all about.
Technically, API stands for “Application Programming Interface”. Companies build APIs for their customers, or for internal use. But how do you explain API in simple terms? To understand this better let’s, have a glimpse on Web and Servers.
Web is nothing but a large network of connected servers. Every page on the internet is stored somewhere on a remote server. A remote server is nothing but a part of a remotely located computer that is tuned to process requests.
Now where does this API fit into when we discuss about the Web and remote servers. Let’s take an example I want to login into my LinkedIn account, the first thing I would do is type www.linkedin.com into my browser, the moment I do that a request goes out to LinkedIn’s remote server. Once the browser receives the response, it interprets the code and displays the LinkedIn page to me.
To the browser, also known as the client, LinkedIn’s server is an API. This means that every time you visit a page on the Web, you interact with some remote server’s API.
So someone might think that an API isn’t the same as the remote server — rather it is the part of the server that receives requests and sends responses.
Now these APIs can be “Private APIs”, “Public APIs”
Private APIs: A Private API is developed and accessible within an organization alone and is not exposed to consumers outside of the organization. They are created exclusively for internal company purposes.
E.g. In-house API’s developed inside any organization
Public APIs: A Public API is intended to be used by anybody interested or in need of the API. The usage is provided to consumers by adhering to a set of directions which is presented in the API Documentation by the API provider. This concept is somewhat similar to open-source software. Once the developers have access to the API, they can pretty much do whatever they want with this data to create something unique.
E.g. Google Maps
Now that we know what is API all about we need to know how efficiently an API meets expectations in terms of functionality, reliability, performance, and security of an application, this is ensured by performing Testing activity directly on the API which is commonly referred as API Testing.
API Testing
Applications frequently have three layers:
1. A Data Layer,
2. A Service Layer — The API layer
3. A Presentation Layer — The User Interface (UI) layer.
The API Layer is the guide to how users can interact with the services, functions, and data held within the app. API testing focuses on analyzing the business logic as well as the security of the application and data responses. An API test is generally performed by making requests to one or more API endpoints and comparing the response with expected results.
Benefits of API Testing
1. API test automation requires less code than automated GUI tests, resulting in faster testing and a lower overall cost.
2. With API Testing we can find minor bugs/errors earlier in the development lifecycle.
3. API Testing is language-independent. Data is exchanged using JSON or XML and it contains HTTP requests and responses.
4. API tests use extreme conditions and inputs when analyzing applications, this helps in testing Core Functionality.
5. With API Testing we can find minor bugs before the GUI Testing. Also, it can be integrated with GUI tests.
Different types of API Testing
Various types of API tests can be performed to ensure the API is working correctly.
Here I have discussed on few main types:
Validation Testing: Validation testing is basically a set of simple questions applied to the project that would be tested.
About the product: Did we build the correct product? Is the designed API the correct product for the issue it attempts to solve?
About the API’s behavior: Is the API accessing the correct data in the correctly defined manner?
About the Efficiency of the API: Is the API the most accurate, optimized, and efficient method of doing what is required?
Functional Testing: The purpose of functional testing is to ensure that you can send a request and get back the anticipated response along with the status. This includes negative and positive testing. Error handling scenarios that are not feasible via the front end can be covered in this type of testing API.
Load Testing: This testing is to ensure that the API can handle user load and determine what happens when it reaches that load limit. This determines whether the theoretical solution works as the practical solution under a given load.
Reliability Testing: This Testing type ensures the API can produce consistent results and the connection between platforms is constant.
Security Testing: Security testing includes the validation of authorization checks. The purpose of this testing is to ensure that the communication with the API is secure and only the authorized user is allowed to make calls/access the API.
Protocols and Formats in API world
The protocol is the set of rules that defines how applications can interact with each other, and the format specifies how the data can be sent to and accessed by other applications.
The most used protocol is HTTP, which stands for Hypertext Transfer Protocol, but SOAP, REST, and XML-RPC can also be used as means of communication.
Different HTTP methods
The HyperText Transfer Protocol — HTTP defines several methods that indicate the desired action to be performed on a resource. The resource is specified by the URI (Uniform Resource Identifier), more commonly, the URL. The most common HTTP methods are: GET, POST, PUT, and DELETE.
Different HTTP status codes:
· informational responses (100–199)
· successful responses (200–299)
· redirects (300–399)
· client errors (400–499)
· server errors (500–599)
Different Tools in the market for API Testing are as follows:
· Postman
· Katalon Studio
· SoapUI
· Assertible
· Tricentis Tosca
· Apigee
· JMeter
· Rest-Assured
· Karate DSL
· API Fortress
· Parasoft
· HP QTP(UFT)
· vREST
· Airborne
· API Science
· APIary Inspector
· Citrus Framework
· Hippie-Swagger
· HttpMaster Express
· Mockbin
· Ping API
· Pyresttest
· Rest Console
· RoboHydra Server
· SOAPSonar
· Unirest
· WebInject
