What is API Testing? What is its Importance?

Understanding API

Application Programming Interface or API is simply an intermediary between two applications that help them to communicate with each other.

In simpler terms, when you use an online application, the application sends data to the server. The server then retrieves the data, interprets it, and sends the response back to the application by performing necessary actions needed to the data.

Furthermore, when the application receives the now-processed data, it interprets it further and presents it in a readable fashion.

So, where is API in all this? Well, all of these processes happen via an API.

The communication between your application and its database or a server is done via API.

Now that we know what an API is, in basic terms, let us look into what an API testing is?

What is API Testing?

API Testing, like the name suggests, is a software testing type that validates Application Programming Interfaces. 

The main objective of API Testing is to check the functionality, performance, and security of the programming interfaces along with the reliability of the API.

Furthermore, testing the core business logic of the application is important for API Testing. This is because it drastically reduces the number of defects that could be found when conducting functional testing of the application at later stages while UI testing.

So, now that we know what API testing is, let’s find out why API testing is important.

Importance of API Testing

To explain it simply, API Testing narrows down the probabilities of defect detection at later stages.

Since APIs need to be integrated with front-end applications, they are developed early. So, if we can find any defect from the early stages present in the core coding for the application, it is more efficient and effective. 

Importance of API
Importance of API

When testing an API, we feed it with different sets of inputs and conditions. While doing so, we are ensuring that the same set of data won’t create any problem when the API is coupled with the application’s UI.

Automation possibilities for API Testing

There are multiple tools available to automate API calls. These tools help to create an API testing automation suite.

Additionally, we can also use CI/CD(Continuous Integration/Continuous Delivery), where the API scripts can run after any changes made in the application.

Furthermore, this can help to identify any glitches making deployments and integrations error-free.

Here are a few other reasons why API testing is important.

Single testing iteration, multiple platform quality assurance

The same set of APIs are used when the same application is made available for different platforms like mobile, desktop, etc.

Therefore, when we are testing API collection, we are also ensuring that the business logic will provide the same functionality across all the sets of platforms.

API testing is time efficient

Yes, as bamboozling it may sound, API testing takes less time compared to functional testing.

Considering the same set of scenarios are to be tested, we just need to change the parameters for each call instead of filling out whole UI forms, like in the case of functional testing. 

Also, with the help of API automation, we can test complete applications in a much lesser time.

Security Concerns

In API testing, there are more test possibilities as compared to UI testing.

For example, if an application uses a token to login, attackers or hackers can change the token or send the request without a token. 

In such cases, we can check how the API can respond during API testing.

So, API testing not only reduces security risks but also provides more flexibility in enabling better security.

Performance Check

As already explained, API is the bridge to fetch out data from the database with simple or complex processing on it. 

With the help of various tools, we can easily check the time taken for an API to process and provide a response. 

Furthermore, we can watch the response time and raise issues if an API takes unusual time to respond.

How to Test APIs?

Now that we know what API testing is and its importance. So, let’s see how we can test APIs.

The first step to test APIs, before you can begin the actual test, is to ask about these to the API developer:

  • API documentation (with proper request, response example, parameters, authorization, required fields)
  • Validation limits on the fields?
  • Response codes for a successful request?
  • Response codes for an unsuccessful request?
  • Error messages to be returned in the body of an unsuccessful request?

After gathering all of this information, you can start to build scenarios to test a particular API. 

Furthermore, there are two types of testing that can be applied in every API testing:

  • Positive testing (Happy path testing)
  • Negative testing

Positive Testing

Talking about positive testing, positive tests include the requests that the API developer would expect users would make in the normal course of using the application. 

While designing a happy path test, it is important to include assertions. 

One assertion should be that the correct response code is returned (often a 200 response). If the response includes a body, there should be an assertion on that as well. 

For example, if a GET request is being verified, there should be an assertion that the body of the response contains the data that was expected with that record.

Negative Testing

On the contrary, negative tests are those that make sure that any kind of error is handled correctly. 

Here are some examples of negative tests:

  • Sending a request with the wrong endpoint
  • Sending a request with the wrong headers
  • Sending a request with missing headers
  • Sending a request without the proper authorization
  • Requesting data for a record that does not exist
  • Sending a request with a body that has missing required fields
  • Sending a request with a body that has invalid field values

How to build API test scenarios?

Now that we have learned that most of the API testing is done through various scenarios, let us now find out how these scenarios can be created.

Let’s assume that we are given three APIs to test: GET, POST, and DELETE. These APIs are behind authentication.

  1. GET (URL/api/v1/customers/list/{{customerID}})
  2. POST(URL/api/v1/customer/create)
  3. DELETE(URL/api/v1/customer/delete/{{customerID}})
APITest CasesTest DataAssertions
URL/api/v1/customers/list/{{customerID}}With correct endpoint and valid authorization tokenURL/api/v1/customers/list/{{customerID}}
Status code: 200
With incorrect endpointURL/api/v1/customers/lists/{{customerID}}Status code: 400
Without authorizationStatus code: 401
With correct token of user of another roleTokenBStatus code: 401
With invalid customer idURL/api/v1/customers/lists/{{customerID}}Status code: 404
URL/api/v1/customers/createWithout payload{}
Status code: 422
Without required field{ “Option1”: “somedata”
}
Status code: 422
With incorrect endpointURL/api/v1/customers/listsStatus code: 400
Without authorizationStatus code: 401
With correct token of user of another roleTokenBStatus code: 401
With valid payload{ “Option1”: “somedata”,“Required1: “requiredData”
}
Status code: 200
Message: “Customer created successfully”
URL/api/v1/customers/delete/{{customerID}}With invalid id435436546
Status code: 404
With incorrect endpointURL/api/v1/customers/deleted/5Status code: 400
Without authorizationStatus code: 401
With correct token of user of another roleTokenBStatus code: 401
With valid id1Status code: 200
Message: “Customer deleted successfully”
With deleted id1Status code: 404
API test scenarios

How to write an automated test suite using postman? (POST/GET/DELETE)

POST(URL/api/v1/customers/create)

  1. Create a collection using postman
  2. Add a new folder. Name it “Customer”
  3. Add a new folder within “Customer”. Name it “Create”
  4. Add a new request. Name it “With valid payload”

5. In URL section, Input “URL/api/v1/customers/create” and select HTTP method

  1. In the authorization tab, select the proper type and input token
  2. Click the send button.
  3. Check response code, response time, and other response data.

9. In order to automate the collection here, you need to extract the customer id from the response.

Fetch (URL/api/v1/customers/list/{{customerID}})

  1. Add a new folder. Name it “List”
  2. Add a new request. Name it “With correct endpoint and valid authorization token”
  1. In the URL section, Input “URL/api/v1/customers/list/{{customerID}}” and select HTTP method. To fetch the customer which you have added recently, call the variable with double braces wherever you need it.
  2. In the authorization tab, select the proper type and input token
  3. Click on the send button
  4. Check response code, response time, and other response data.
  5. Go to test tab and select, status code and contains string from snippet list

DELETE(URL/api/v1/customers/delete/{{customerID}})

  1. Add a new folder. Name it “Delete”
  2. Add a new request. Name it “With correct endpoint and valid authorization token”
  3. In the URL section, Input “URL/api/v1/customers/delete/{{customerID}}” and select HTTP method. To delete the customer which you have added recently, call the variable with double braces.
  4. In the authorization tab, select the proper type and input token
  5. Click on the send button
  6. Check response code

7. Go to test tab and select, status code and contains string from snippet list

How to run a collector?

  1. Click on collection name (“Customer”)
  2. Click on view more actions (3 vertical dots)
  3. Click “Run Collection”
  4. You can click Run directly or configure some parameters like iterations and delay before running the test.

Note: I have shared happy path automation. You can add negative scenarios just like above and build a complete automation test suite.

So, I hope this helped you guys and please stay connected to learn more about other interesting topics.