An API (Application Programming Interface) is a collection of software functions and procedures known as API calls which can be called & executed by other software applications. A test harness, an application that links the API and methodically exercises its functionality, would be constructed to simulate the use of the API by end-user applications during testing.

What to consider?

The API Testing would be performed for such systems having a collection of API that ought to be tested. During testing, following things should be considered:-

• Explore boundary conditions and ensure that the test harness varies parameters of API calls in a way that they verify functionality and expose failures.
• Think about more value added parameter-combinations to verify the calls, with two or more parameters/conditions.
• Verify the behavior of the API which considers external environment conditions such as files, peripheral devices, and so forth.
• Verify the sequence of API calls and checks if the API's produce useful results from successive calls.
• Take care of the parts that are trickiest, unclear, least tested and most rushed.
• Regression suite probably is the best candidate to automate.

Why you need it?

As per the below given quote:

“One day you may achieve something that we Simpsons have dreamed about for generations. You may outsmart someone.”

There are always few situations in every project which demand out of the box thinking to generate some errors.

Many of us have been in such precariously held positions where we need to reproduce a defect of production environment on our local machines. This is the time we need to think something different from ordinary. API testing can help in such cases where errors cannot be reproduced from GUI.

How to test using API?

An API could to be used to perform a specific action such as:

• triggering an event
• updating data
• making a change to the registry
• Setting a flag to true or false etc.

Using API testing user can generate unexpected behavior of the application in unexpected scenarios. For example: there are role specific accesses in every application, admin user has all rights and they can create update or delete anything, whereas other user do not have all the permissions. A general user can try accessing the functions of Admin user using API. Of course, one needs some tools to do that.

Challenges in API testing

API testing normally includes white box testing approach.

• API testing normally includes white box testing approach.
• GUI only exposes outer functionality and testers cannot go into code while testing all negative scenarios. This leaves the application to attack by the end users, malicious code and breakage.
• No GUI is available to test the application which is difficult to give input values.
• Verifying and validating the output in different systems is little difficult for testers.
• Parameters selection and categorization need to be known to the testers.
• Exception handling function needs to utilized and used properly.

API Documentation

API requests should be self-explanatory & clearly define the exceptional conditions. And such conditions should be verified. For example: handling blank requests, missing data, invalid data, invalid user name and password and server response like HTTP 500 error or successful response messages like HTTP 200 Ok, Ok with Errors or Error processing request.

Pros and cons of API testing

Pros

• Time and Cost savings
• Potential for new ideas

Cons

• Dependence on external services
• Proprietary APIs are a recipe for chaos

API Testing Tools

There are many open source tools available such as:-

JMeter

JMeter is an open source tool which can be used to run a suite of API’s. If a user wants to run around 2000 API’s; JMeter has an answer to that. Using JMeter user can execute 1000’s of APIs with a single click. Click here to get more info on How to use JMeter .

Hurl

Hurl is a web-based tool for testing APIs. You could choose the request method, customize headers and POST parameters, add basic authorization, and follow redirects. Then view the nicely formatted request and response. It is a very clean and easy tool for testing your APIs.

Fiddler

Fiddler is a free Web Debugging Proxy which logs all HTTP(S) traffic between your computer and the Internet. It is a desktop application that only runs on Windows operating system. For more details, please visit Hurl and Fiddler.

Test Manager

Test manager is tool to test API request and response on a particular server. User has to enter the application IP and application port. Then create new request from “Create new request” button followed by copying the request-data in request message and run the ‘Test’. On successful execution, a response would be received. ‘Http 200 Ok’ indicates the request has been executed successfully. Following snapshots describe this:-

API Request

Request

 

API Response

Response