4. A little bit about me
• Developer at SmartBear working on soapUI
• Lives in Stockholm, Sweden
• Agile enthusiast
• Linux and Open Source lover
• Just another fellow geek
12. Quality aspects of APIs
• Functionality – does it work as expected?
• Performance – does it perform as required?
• Security – is it secured for common attacks?
• Usability – is it usable?
• Compliance – does it follow common practices?
13. How are APIs tested?
APIs generally implement a request-response
model for exchanging messages or data
Parameterized Request
Test API
Response
A simple test sends a request message and validates
that the response message has the expected content
15. APIs + the Cloud = true
• High availability
• High scalability
• Easy deployment on the locations of your customer
16. Quality aspects of cloud APIs
• Functionality – does it work as expected?
• Performance – does it perform as required?
• Security – is it secured for common attacks?
• Usability – is it usable?
• Compliance – does it follow common practices?
• Policy and regulations– does it follow your legal regulations?
17. Functionality
• Does it matter where your API is deployed?
– Timestamps?
– Time zones?
– Locales?
18. Performance
• How to handle shared resources with others?
• How to make sure that the API is able to scale?
20. Policy and regulations
• How much of your traffic that is allowed to cross
country boarders?
• US export controls
• Is there a limit for load testing?
• What about costs related to transactions?
24. Quality aspects of APIs tested from the Cloud
• Functionality – does it work as expected?
• Performance – does it perform as required?
• Security – is it secured for common attacks?
• Usability – is it usable?
• Compliance – does it follow common practices?
• Policy and regulations– does it follow your legal regulations?
35. Benefits of Test Asset Reuse
Development :
Continuous Integration / Deployment
API Tests and
Quality Assets
Operations : API Monitoring
36. Functionality
• Reuse test cases during development for monitoring
• Start with a local baseline setup to compare with
• Mock out external dependencies to begin with
• Mind the backwards compatibility
38. Performance
• Make performance requirements
• Experiment with the load
• Parallelize
• Consider using dedicated machines
• Use monitoring together with the load test
39. Performance
• Run load tests in an isolated environment for root
cause analysis
• Chaos monkey!
40. Security
• Make security requirements
• Encrypt sensitive transactions to your backend
• Encrypt data before sending it to the Cloud
• Find out who is responsible for the different aspects
of security
41. Policy and regulations
• Check the legal implications with your company
experts
• Check what backup/recovery solution your provider
offers
• Check the providers regulations for load testing
• Do a calculation on what it may cost you to run your
load tests
42. Compliance
• Don’t always follow standards to the letter (others
may not).
• Look for best practices and reference
implementations
44. Functionality
• Beware of from where you tests are run
• Run functional tests that depends on a geographical
location from that actual geographical location
• Easily create nodes in your test lab for different client
setups