An API (Application Programming Interface) is a set of application code, standards, protocols and procedures that can be used as an interface by external software applications or between different layers of the same application (AKA: “Logic Tier” or “Business Layer”).
When creating an application API, we will determine how other systems will interact, communicate and share data with our system in the best and efficient way.
Motivation to test API
Think about a scenario that you release an API to other programmers with the attention that they will use it as an interface interact with the application, any defect that will affect this basic goal, will resolve an additional development and testing activities (Similar to any other bug found in customer environment) that will affect both the costs and reputation of the company.
Although API’s are usually published for free as an open source code that other developers can use and expand it, there is no way that the market will adopt and use it if it’s not efficient, effective and off course free from any major defects.
What is an API testing?
API testing is a testing approach that is used to validate that APIs and the integration they should provide actually work as defined at the beginning of the project.
The main activity of this testing approach is to validate the API response or output based on varying test conditions, the API output can be a reference to another API, Different types of data, and Pass/Fail status.
What tests should be performed on API’s
- Test that the API does not have scenarios that he fails to return any response.
- Test that the API can be integrated with a corresponding system.
- Test that the API can be integrated with a corresponding API’s.
- Test the API outcome based on different input condition.
- Test the how easy is to implement and use the API.
- Test different performance aspects of the API.
- Test that the API can process a lot of inputs.
- Test that the API can handle negative inputs.
- Test different security aspects of the API.
What are the types of defects that API testing will help remove?
- Any Security breach in the API that other programmers can use to attack the system.
- Errors and failures that are not handled in a graceful way.
- Unused code, Duplicate functionality or unused flags.
- Any functional defect related to the API functions.
- Performance related defects.
- Security related defects.
What are the challenges of API testing?
There can be many challenges when testing APIs:
- The testing is limited to specific functions and there is no view of the full picture.
- There is a Hugh challenges to test the API output under some systems.
- There is no User Interface that the tester can use to simplify the tests.
- Ok, let’s say it, API testing can be complex to some testers.
- Not like other Black-Box testing methods, in API testing the tester must have a coding knowledge that he will use to execute tests.
- There is no access to the source code.
- There is another testing level where the tester needs to verify the exception handling created for specific methods.