API Testing Tutorial: What is API Test Automation?
Thomas Hamilton
โก Smart Summary
API testing validates Application Programming Interfaces to ensure functionality, reliability, performance, and security using code-based calls rather than GUI interactions.
What is API Testing?
API Testing is a software testing type that validates Application Programming Interfaces (APIs). The purpose of API Testing is to check the functionality, reliability, performance, and security of the programming interfaces. In API Testing, instead of using standard user inputs(keyboard) and outputs, you use software to send calls to the API, get output, and note down the systemโs response. API tests are very different from GUI Tests and wonโt concentrate on the look and feel of an application. It mainly concentrates on the business logic layer of the software architecture.
For background, API (Application Programming Interface) is a computing interface that enables communication and data exchange between two separate software systems. A software system that executes an API includes several functions/subroutines that another software system can perform. API defines requests that can be made, how to make requests, data formats that can be used, etc., between two software systems.
Set-up of API Test Automation Environment
API automation testing requires an application that can be interacted with via an API. To test an API, you will need to:
- Use a testing tool to drive the API
- Write your own code to test the API
Few points to note:
- API testing is different from other testing types as GUI is not available, and you must set up an environment that invokes the API with required parameters and then examines test results.
- Setting up a testing environment for API automation testing seems a little complex.
- Database and server should be configured as per application requirements.
- Once installation is done, the API function should be called to check whether that API is working.
Types of Output of an API
An output of an API could be:
- Any type of data
- Status (say Pass or Fail)
- Call another API function.
Any Type of Data
Example: There is an API function that should add two integer numbers.
Long add(int a, int b)
The numbers have to be given as input parameters. The output should be a summation of two integer numbers. This output needs to be verified with an expected outcome.
add (1234, 5656)
Exceptions have to be handled if the number exceeds the integer limit.
Status (Pass or Fail)
Consider the below API functions:
- Lock()
- Unlock()
- Delete()
They return any value such as True (in case of success) or False (in case of error) as an output. A more accurate test case would call the functions in any of the scripts and later check for changes either in the database or the application GUI.
Calling of Another API / Event
In this case, we call one of the API function which in turn will call another function. For example โ First API function can be used for deleting a specified record in the table and this function, in turn, calls another function to REFRESH the database.
Test Cases for API Testing
Test cases of API testing are based on:
- Return value based on input condition: it is relatively easy to test, as input can be defined and results can be authenticated
- Does not return anything: When there is no return value, a behavior of API on the system to be checked
- Trigger some other API/event/interrupt: If an output of an API triggers some event or interrupt, then those events and interrupt listeners should be tracked
- Update data structure: Updating data structure will have some outcome or effect on the system, and that should be authenticated
- Modify certain resources: If API call modifies some resources then it should be validated by accessing respective resources
API Testing Approach
API Testing Approach is a predefined strategy or a method that the QA team will perform in order to conduct the API testing after the build is ready. This testing does not include the source code. The API testing approach helps to better understand the functionalities, testing techniques, input parameters and the execution of test cases.
The following points help guide an API testing approach:
- Understanding the functionality of the API program and clearly defining the scope of the program
- Apply testing techniques such as equivalence classes, boundary value analysis, and error guessing and write test cases for the API
- Input parameters for the API need to be planned and defined appropriately
- Execute the test cases and compare expected and actual results.
How to Test API
API automation testing should cover at least the following testing methods apart from the usual SDLC process:
- Discovery testing: The test group should manually execute the set of calls documented in the API like verifying that a specific resource exposed by the API can be listed, created and deleted as appropriate
- Usability testing: This testing verifies whether the API is functional and user-friendly. And does API integrates well with another platform as well
- Security testing: This testing includes what type of authentication is required and whether sensitive data is encrypted over HTTP or both
- Automated testing: API testing should culminate in the creation of a set of scripts or a tool that can be used to execute the API regularly
- Documentation: The test team has to make sure that the documentation is adequate and provides enough information to interact with the API. Documentation should be a part of the final deliverable
Difference Between API Testing and Unit Testing
| Unit Testing | API Testing |
|---|---|
| Developers perform it | Testers perform it |
| Separate functionality is tested | End-to-end functionality is tested |
| A developer can access the source code | Testers cannot access the source code |
| UI testing is also involved | Only API functions are tested |
| Only basic functionalities are tested | All functional issues are tested |
| Limited in scope | Broader in scope |
| Usually run before check-in | Test run after the build is created |
Best Practices of API Testing
- API test cases should be grouped by test category.
- On top of each test, you should include the declarations of the APIs being called.
- Parameters selection should be explicitly mentioned in the test case itself.
- Prioritize API function calls so that it will be easy for testers to test.
- Each test case should be as self-contained and independent from dependencies as possible.
- Avoid โtest chainingโ in your development.
- Special care must be taken while handling one-time call functions like Delete, CloseWindow, etc.
- Call sequencing should be performed and well planned.
- To ensure complete test coverage, create API test cases for all possible input combinations of the API.
Types of Bugs that API Testing Detects
- Fails to handle error conditions gracefully
- Unused flags
- Missing or duplicate functionality
- Reliability issues, including difficulty connecting and getting a response from API
- Security issues
- Multi-threading issues
- Performance issues where API response time is very high
- Improper errors/warning to a caller
- Incorrect handling of valid argument values
- Response data is not structured correctly (JSON or XML)
How to Do API Test Automation
The following provide detailed guides to automate API testing:
- How to test API with REST Assured
- How to test API with Postman
- How to test API with UFT
Besides, there are other tools for API testing.
How AI is Transforming API Testing
Artificial intelligence is reshaping API testing by automating manual tasks. Machine learning algorithms can analyze API specifications, generate test cases, and identify edge cases that human testers might overlook.
AI also enhances security testing by detecting vulnerabilities. However, AI should complement rather than replace human expertise, as QA engineers bring domain knowledge that AI cannot replicate.
Challenges of API Testing
- The main challenges in web API testing are parameter combination, parameter selection, and call sequencing.
- There is no GUI available to test the application, which makes it difficult to give input values.
- Validating and verifying the output in a different system is a little difficult for testers.
- Parameters selection and categorization are required to be known to the testers.
- Exception handling function needs to be tested.
- Coding knowledge is necessary for testers.
Conclusion
API consists of a set of classes/functions/procedures representing the business logic layer. If API is not tested properly, it may cause problems not only in the API application but also in the calling application. It is an indispensable test in software engineering.
