This document provides an overview of API testing tools and methods. It defines APIs and REST, describes how API testing works, lists common API testing tools like Postman, and outlines different types of API tests including functionality, reliability, load, and security testing. Examples are given of the GET, POST, PUT, and DELETE HTTP methods along with response status codes. A live demo of an API is presented at the end.

1. 1
11/19/2018

2. API Testing Tools Selection Work flow
API Methods Advantages Demo
API - REST API
&
API Testing
Tools for API testing How API works?
&
Testing types
Different API methods Advantages of API testing Live Demo
2
11/19/2018

3. API stands for Application Programming
Interface.
API is an software to software interface,
not a user interface.
 With APIs, application talk to each other
without any user knowledge or
intervention.
 Implemented by writing function calls in
the program.
3
11/19/2018

4. 4
REST- stands for Representational State Transfer.
It is a set of functions to which the developers performs
requests and receive responses. In REST API
interaction is made via HTTP protocol.
REST also allows computers to talk to each other over
a network.
It involves using HTTP methods to send an receive
messages, and does not require a strict message
definition, unlike Web Services.
REST messages often take the form of XML, or
JavaScript Object Notation (JSON).
11/19/2018

5. 5
API testing uses software to send calls to the API and
get the output.
API testing treats the component user test as black
box.
 The goal of API testing is to verify correct
performance and error handling of the component prior
to its integration into an application.
11/19/2018

6. 6
 Data Tier: Data is retrieved from the database and file system and
then stored.
 Business Logic Tier: This is the brain of the application, this
processes the data between the layers, coordinating the application,
processing commands, and making logical decisions. This layer is
made of the API.
 Presentation Tier: This top layer of the app is the user interface,
which translates tasks into something the user understands.
11/19/2018

7. 7
11/19/2018

8. 8
 SOAPUI
 Runscope
 Eclipse SDK tool
 Curl
 Cfix
 Check
 CTESK
 dotTEST
 Postman
11/19/2018

9. 9
Postman is a Google Chrome app for interacting with HTTP APIs.
11/19/2018
Why Postman
1. Easy to create test suites.
2. Store information for running tests in different
environments.
3. Store data for use in other tests.
4. Integrates with build systems, such as Jenkins
using the Newman command line tool.
5. Easily move tests and environments to code
repositories.
6. On-the-fly testing

10. 10
Functionality testing - The API works and does exactly what it’s
supposed to do.
Reliability testing - The API can be consistently connected to and lead
to consistent results.
Load testing- The API can handle a large amount of calls
Creativity testing -The API can handle being used in different ways.
Security testing - The API has defined security requirements including
authentication, permissions and access controls.
Proficiency testing - The API increases what developers are able to
do.
API documentation testing – This is also called discovery testing, the
API documentation easily guides the user.
Negative Testing -Checking for every kind of wrong input the user can
possibly supply.
11/19/2018

11. 11
4 Commonly Used Methods-
 GET- Provides a read only access to a
resource.
 POST- Used to update an existing resource
or create a new resource.
 PUT- Used to create a new resource.
 DELETE-Used to Remove a resource.
RESOURCE GET PUT POST DELETE
URL Retrieve the
member
Create/
Replace a
new
resource
Create new
entry
Used to
remove a
resource
11/19/2018

12. 12
URL- http://www.pmts6currentapi.tpgsi.com:9333
11/19/2018

13. 13
URL- http://www.pmts6currentapi.tpgsi.com:9333/token
11/19/2018

14. 14
11/19/2018
www.pmts6currentapi.tpgsi.com:9333/api/Customer/Search/Asharaminfra

15. 15
11/19/2018
www.pmts6currentapi.tpgsi.com:9333/api/Customer/Contract
Body - JSON(application/ json)
{
"id": 0,
"contractCode": "ASHARAM1945-1945-2015",
"contractName": "ASHARAM65487-1945",
"fromDate": "2018-01-01T00:00:00",
"toDate": "2019-12-31T00:00:00",
"isActive": true,
"contractDescription": "Materials and properties
Being ill 1 intransitive transitive.
"projectName": null,
"projectContractTypeId": 3,
"projectContractTypeName": null
}
Status- 200Ok

16. 16
Response Status Code Meaning
200 Ok Successful requests other than creations and deletions.
201 Created Successful creation of a queue, topic, temporary queue, temporary topic,
session, producer, consumer, listener, queue browser, or message.
204 No Content Successful deletion of a queue, topic, session, producer, or listener.
400 Bad Request The path info doesn't have the right format, or a parameter or request body
value doesn't have the right format, or a required parameter is missing, or
values have the right format but are invalid in some way (for
example, destination parameter does not exist, content is too big, or
client ID is in use).
403 Forbidden The invoker is not authorized to invoke the operation.
404 Not Found The object referenced by the path does not exist.
405 Method Not Allowed The method is not one of those allowed for the path.
409 Conflict An attempt was made to create an object that already exists.
500 Internal Server Error The execution of the service failed in some way.
11/19/2018

17. 17
 Time Effective
 Language Independent
 Test core Functionality
 Reduce Testing Cost
 Reduced Risks
11/19/2018

18. 18
API LIVE DEMO
11/19/2018

19. 19
11/19/2018

20. 20
11/19/2018