API testing is a critical component of the whole testing process. It deals with testing the business logic of an application, which is typically encompassed in the business layer and is instrumental in handling all the transactions between user interface and underlying data. It is deemed as a part of Integration testing that involves verification of functionality, performance and robustness of API’s.
1. Do’s and Don’ts of API Testing WWW.WEBOMATES.COM
API testing is a critical component of the whole testing process.
It deals with testing the business logic of an application, which
is typically encompassed in the business layer and is
instrumental in handling all the transactions between user
interface and underlying data. It is deemed as a part of
Integration testing that involves verification of functionality,
performance and robustness of API’s.
API’s evolve and develop as and when business and functional
requirements change, thus making it even more important to
test them on a continuous basis. They also become suitable
candidates for automation testing since they need to be tested
with every release cycle. Besides checking for the functionality
API testing tests for error condition handling, response
handling in terms of time and data, performance issues, security
issues etc. It is quite evident that API testing is the key to testing
2. Do’s and Don’ts of API Testing WWW.WEBOMATES.COM
the business requirements, thus it is imperative to follow certain
best practices in order to achieve good outcome.
Following table gives a quick overview of what to do and what
not to do while conducting API testing. These points are further
elaborated in entailing paragraphs.
Do’sDon’tsCategorize the test casesUse static data Prioritize
API callsIgnore dependenciesAutomateMiss including response
time assertionsChoose suitable automation toolTake security
testing slightly positive and Negative testing ignores one time
call functions share test results Keeping documentation on low
priority reform load tests
What to do for successful API Testing
• Categorize the test cases
3. Do’s and Don’ts of API Testing WWW.WEBOMATES.COM
An application may involve several APIs which may sometimes
run into triple digits. In order to maintain the test cases for
quick reference and execution, it is a good idea to categorize
them.
• Prioritize the API calls
Calls made to API’s should be prioritized for ease of testing.
• Automate the API testing process
4. Do’s and Don’ts of API Testing WWW.WEBOMATES.COM
API tests are usually deemed stable and major changes are done
mainly when business logic is changed. This makes them perfect
candidates for test automation. Since API testing is a type of
Black-box testing different combinations of inputs can be used
to test a scenario, making this a Data driven test approach. The
test data, scripts and API endpoints can be saved for execution
at a later stage.
• Choose a suitable Automation Testing Tool
There are several tools, like Parasoft
SOATest, POSTMAN, RestAssured, JMeter, Swagger, API
5. Do’s and Don’ts of API Testing WWW.WEBOMATES.COM
Fortress etc that are available in the market for API testing.
Choose a suitable tool carefully to leverage the benefits of
automation.
• Create positive and negative tests
For a complete scenario check API testing requires to run both,
positive and negative tests. Since API testing is a data driven
approach, various combinations of data inputs can be used to
test these. In either case, proper care must be taken to ensure
that API returns appropriate response to the calling function.
• Share the test results
6. Do’s and Don’ts of API Testing WWW.WEBOMATES.COM
API testing failure should be brought to the attention of all the
stakeholders involved on a priority basis. Even better approach
would be to send out immediate notifications using team
notification channels in event of any failure. This will help the
team in taking prompt action.
• Perform Load Tests
7. Do’s and Don’ts of API Testing WWW.WEBOMATES.COM
An API should handle load tests either by functioning as
expected or failing gracefully in a predictable manner. It should
be able to handle a variety of input data and manage error
conditions, in case of failure.
What to avoid during API Testing
Following points should be taken care of while performing API
testing.
• Using static data
8. Do’s and Don’ts of API Testing WWW.WEBOMATES.COM
In a real life scenario, API endpoints rely on inputs from calling
code or on the outputs of other API’s. Using static data
embedded in code or otherwise will yield incorrect results when
the API is called in the live environment. It is prudent to
perform a proper Integration testing of API’s by following actual
user and data flows.
• Ignore dependencies
API’s often depend on other API’s and sometimes on external
services also. It is vital to test the third party API’s in test
9. Do’s and Don’ts of API Testing WWW.WEBOMATES.COM
environment and then test the dependent API along with those
API’s to have a holistic picture. In a nutshell, the whole
ecosystem needs to be tested in order to ensure that any
changes/upgrades in other API’s does not impact the
functioning of dependent API’s.
• Missing the response time assertions
It is important to keep track of the response time of API calls.
While a test may pass functionally, there could be a number of
reasons for delayed response. This affects the end user
experience. Any application which takes too long to compute or
load or give results is not what the end user wishes to use.
Hence, it is a good practice to include a time based test to check
the response time. If API is taking too long to respond then it
should be reported so that the developers can look into the code
to understand the delayed response.Click here to read more: Api
Automation
10. Do’s and Don’ts of API Testing WWW.WEBOMATES.COM
Tags: API Testing, Postman, REST API, Swagger