13 What exactly needs to verify in API testing
Testing Strategy for APIs
While testing APIs, a tester should concentrate on using software to make APIcalls in order to receive an output before observing and logging the system’sresponse. Most importantly, tests that the API returns a correct response oroutput under varying conditions. This output is typically one of these three: * A Pass or Fail status * Data or information * A call to another APIHowever, there also could be no output at all or something completelyunpredicted occurs. This makes the tester’s role crucial to the applicationdevelopment process. And because APIs are the central hub of data for manyapplications, data-driven testing for APIs can help increase test coverage andaccuracy.In testing the API directly, specifying pass/fail scenarios is slightly morechallenging. However, in comparing the API data in the response or incomparing the behavior after the API call in another API would help you setupdefinitive validation scenarios.API testing is one of the most challenging parts of the whole chain ofsoftware testing and QA testing because it works to assure that our digitallives run in an increasingly seamless and efficient manner. While developerstend to test only the functionalities they are working on, testers are incharge of testing both individual functionalities and a series or chain offunctionalities, discovering how they work together from end to end.
Types of API Testing
First, identify what type of tests you need to perform on API. Like testers dodifferent type of testing for features of their product, the same goes forAPIs. Common testing of APIs includes: * Unit Testing: To test the functionality of individual operation. For example, Google provides geocoding API to get the longitude and latitude of any location. This usually takes the address as input and returns lat-longs. Now for unit testing of this API, the tester may pass different location and verify the result. * Functional Testing: This type of testing mainly focuses on the functionality of API. This would include test cases to verify HTTP response codes, validation of response, error codes in case API return any error, etc. * Load Testing: This type of test is necessary in cases where API is dealing with huge data and chances of application to be used by no.of users at the same time. This increases the API hits at the same time and it may crash and not able to take that load. * Security Testing: Security testing is particularly critical as API are used to create a link between two different applications. The core purpose of using an API is to abstract or hide the application’s database from other. This may include test cases like authorization checks, session management, etc. * Interoperability Testing: This is to test that API is accessible to the applications where it should be. This applies to SOAP APIs. * WS compliance Testing: API is tested to ensure standards such as WS-Addressing, WS-Discovery, WS-Federation, WS-Policy, WS-Security, and WS-Trust are properly implemented and utilized * Penetration Testing: This is to find the vulnerability of API from external sources.
Tools for API Testing and Automation
There are several tools to test the APIs. When a tester gets to test an API,they must ask for its document, whether it is a REST or SOAP API or its not-web based API there should always be a document where the details should bewritten. To approach API testing 1. Ask for Doc 2. Write functional or service level cases first 3. Write integration tests 4. When API is stable enough and passes most of the above tests, perform security, performance and load testing. * A typical API doc has all the information related to the API like its request format, response, error codes, resource, mandatory parameters, optional parameters, headers, etc. The doc can be maintained in various tools like Swagger which is open source. * After that, try to write service-level cases for the API. For example, if an API takes n parameters to get the response in which m are mandatory parameters and others are optional, then one test case should be to try different combinations of parameters and verify the response. Another test case might verify the headers and try to run API without passing authentication and verify the error code. * Next comes the step of integration testing, where you need to test the API and all its dependent APIs or functions. This also includes testing API response, the data it should return to another API or method and what happens if this API fails. * Once the API is stable and functional testing is almost done, the tester can perform load, security and performance testing.
2) What is API testing?
API testing is a type of software testing that involves testing APIs directly.API is a part of integration testing to check whether the API meetsexpectations in terms of functionality, reliability, performance, and securityof applications. Multiple API system can performed API testing. In APItesting, our primary focus is on Business Logic Layer of the softwarearchitecture.* * *
4) What are the protocols used in API Testing?
Protocols used in API testing are:* * *
5) What are the tools used for API Testing?
Tools used for API testing are: * Parasoft SOAtest * PostMan * AlertSite API monitoring* * *
6) What is API test environment?
For API the test environment is a quite complex method where the configurationof server and database is done as per the requirement of the softwareapplication. API testing does not involve graphical user interface (GUI).API is checked for its proper functioning after installation.* * *
9) What are the advantages of API testing?
Advantages of API testing are: * Test for core functionality: API testing provides access to the application without the user interface. The core functionality of the application will be tested before the GUI tests. This will help to detect the minor issue which can become bigger during the GUI testing. * Time effective: API testing is less time consuming than GUI testing. Particularly, API test requires less code so it can provide better and faster test coverage compare to GUI test automation. This will reduce the cost for the testing project. * Language Independent: In API testing data is exchange using XML or JSON. These transfer mode are completely language-independent, which allows users to select any code language when adopting automation test service for the project. * Easy Integration with GUI: API tests provide highly integrable tests which is useful to perform functional GUI tests after GUI tests. Simple integration would allow new user accounts to be created within the application before GUI started.* * *
10) What are the principles of an API test design?
Here, are the seven principles of API test design. 1. Exhaustive Testing: Exhaustive testing is not possible. Instead we need optimal amount of testing which is based on the risk assessment of the application. 2. Defect Clustering: Defect Clustering states that a small number of modules contain the most of the defect detected. Approximately 80% of the defect found in 20% of the modules. By experience we can identify such risky modules. But this approach has its own problems. If the same tests are repeated over and over again, eventually the same test case will no longer find new bugs. 3. Pesticide Paradox: Testers cannot depend on existing technique. They must have to look continually to improve the existing method to make testing more effective. But even all these hard work in testing we can never claim our product is bug free. To overcome this, test cases need to be regularly reviewed and revised add new and different test cases to help find more defects. 4. Testing shows presence of defects: Testing principle states that- testing talks about the presence of defects not about the absence of defect. Software testing reduces the probability of undiscovered defects remaining in the software but even if no defects found, it is not a proof of correctness.But if we work hard, taking all precautions and make our software products 99%bug free. The software does not meet the needs and requirements of the client. 5. Absence of error -fallacy: This can be possible the software which is 99% bug free is still unusable. The case can be if the system is tested for the wrong requirement. Software testing is not finding the defects but also to check that software addresses the business needs. The absence of error is fallacy i.e. finding and fixing defects does not help if the system build is unusable and doesn’t fulfill the user’s needs and requirements. 6. Early Testing: Testing should start as soon as possible in the software development lifecycle. So that defects in the requirement or design phase captured in the early stages. It is cheaper to fix defect in the early stages of testing. We should start finding the bug at the moment the requirements are defined. 7. Testing is context dependent: Testing is context dependent that we test an e-commerce site will be different from the way we test the commercial. All the developed software’s are not identical. We will use different methodology; techniques and type of testing depend on the application type.* * *
12) What are the common tests that performed on API?
Here, are the common tests that performed on API are as: 1. Response of the API should be verified based on the request. We will verify that the return value is based on request. 2. When API is updating any data structure we should verify the system is authenticating the outcome. 3. We will verify whether the API is trigger other event or request another API. 4. We will verify the behavior of the API when no value is return.* * *
13) What exactly needs to verify in API testing?
In API testing, we send a request to API with the known data and then analysisthe response. 1. We will verify the accuracy of the data. 2. Will see the HTTP status code. 3. We will see the response time. 4. Error codes in case API returns any errors. 5. Authorization would be check. 6. Non-Functional testing such as performance testing, security testing.* * *
18) What are the difference between API testing and UI testing?
UI (User Interface) testing means the testing of the graphical user interface.The focus of UI testing is on the look and feel of the application. In userinterface testing the main focus is on how users can interact with appelements such as images, fonts, layout etc. are checked.API testing allows the communication between two software systems. API testingworks on backend also known as backend testing.* * *