API TESTING AUTOMATION
API testing refers to the process of testing Application Programming Interfaces (APIs) to ensure their functionality, reliability,
performance, and security. It is the process of using a testing tool to programmatically execute API tests at certain times or
frequencies, or in CI/CD pipelines. It is particularly important for agile development teams, as it enables them to maintain fast-paced
development cycles while continuously and systematically verifying that their API is working as expected
COMMON HTTP METHODS
POST: It is used to create new data or resources on an API.
GET: It is used to retrieve data or resources from an API.
PUT: It is used to update existing data or resources on an API.
PATCH: It is used to update existing data or resources from an API partially.
DELETE: It is used to delete data or resources from an API
DIFFERENT TYPES OF API TESTING
Functional testing, UI testing, Load testing, Security testing, Validation testing, Runtime and error detection, Penetration testing, API
hacking and Fuzz testing
DIFFERENCES BETWEEN API AND WEB SERVICE
All Web services are APIs but not all APIs are Web services.
Web services might not contain all the specifications and cannot perform all the tasks that APIs would perform.
A Web service uses only three styles of use: SOAP, REST, and XML-RPC for communication whereas API may be exposed in
multiple ways.
A Web service always needs a network to operate while APIs don’t need a network for operation.
PURPOSE OF HTTP STATUS CODES IN API TESTING
The purpose of HTTP status codes in API testing is to indicate the outcome of an API request. Status codes are three-digit numbers
included in the response message from the server to provide information about the result of the request
TOOLS USED FOR API TESTING – Postman, SoapUI, JMeter, Soap Test, Apigee, Katalon Studio
HOW TO AUTOMATE API TESTING? – Same as above
JSON & XML
JSON stands for JavaScript Object Notation, and is a lightweight data-interchange format that is commonly used in API testing.
JSON is commonly used in RESTful APIs since it enables efficient data serialization and deserialization, making it ideal for API
testing
XML, which stands for Extensible Markup Language, defines the set of rules for encoding documents in a format that is readable by
both humans and machines. XML is used in API testing when APIs require data exchange in XML format
API FRAMEWORK
API framework is a foundation on which a software developer can build applications for a specific platform. It is defined by the
configuration file which consists the list of all APIs that is required to be activated and activated for a particular program run.
WHAT NEEDS TO BE VERIFIED IN API TESTING?
API testing helps to verify the correctness of data and responses. The API should return the return correct data and responses
according to the specified requirements and expected behavior.
API testing should verify the functionality and behavior. The API should perform its intended functions accurately.
HTTP status codes of the API needs to verified.
Error codes if the APIs are expected to throw an error.
Authorization details.
HOW DO API’s WORK? Or PROCEDURE TO PERFORM API TESTING
API takes requests from the user.
It processes the request which may involve data validation, data processing, database interaction, etc.
The response is sent back to the source
TESTING AN API USING POSTMAN
Sign up: Download and install Postman, then sign up for a free account.
Create a request: Click New, then select the request protocol.
Enter request details: Choose the HTTP method, and enter the request URL.
Send the request: Click Send to send the request.
Analyze the response: Check the status code to verify the request was successful, and review the response body.
Create a collection: Group related requests into a collection by clicking New, then selecting Collection.
Add requests to the collection: Save individual requests to the collection.
Run the collection: Use the Collection Runner to run all the requests in the collection
COMMON PROTOCOLS USED IN API TESTING
Common protocols include HTTP, REST, SOAP, JMS, and UDDI. These define how data is structured and transmitted between
systems during API testing.
COMMON AUTHENTICATION METHODS USED IN API TESTING
Token-based authentication: This involves issuing a token to the client after successful authentication, which is then included in
subsequent API requests for authorization.
Basic authentication: This involves sending the username and password as part of the API request headers, encoded in base64
format.
OAuth: This is a widely used authorization framework that allows for the delegation of access rights from one entity to another
without sharing credentials.
API VERSIONING
API versioning is the practice of specifying a version number in the API endpoint or headers to ensure backward compatibility and
manage changes in the API over time. API versioning is important in API testing to ensure that the correct version of the API is
being tested and that changes in the API do not break existing client applications.
DIFFERENT TYPES OF ERROR RESPONSES IN API TESTING
HTTP error status codes: These are standard HTTP status codes, such as 4xx and 5xx codes, that indicate errors in the API
request or response.
Custom error responses: These are custom error messages or error objects returned by the API in case of errors or exceptions.
Validation errors: These are errors that occur when the API request does not meet the validation criteria or constraints defined by
the API
HOW DO YOU HANDLE ERROR RESPONSES IN YOUR API TESTS?
Clear error messages: One of the best practice to handle error responses is to provide clear and helpful error messages that
explain the cause of the error and the solution to the error.
Error logging: Best practice is to implement error logging and monitoring tools that can help track, analyze, and resolve errors in
API testing.
Use consistent error codes: It is important to use consistent and meaningful error messages that indicate the type and severity of
the error.
HOW DO YOU PERFORM API LOAD TESTING?
API load testing is a type of performance testing that is done to check the application’s capability to perform under various user
loads. It is done by simulating many users hitting the API at the same time to identify if the application is capable of handling the
load by maintaining the consistency in the response times and not impacting the functionality.
WHAT ARE THE DIFFERENT BUGS THAT CAN BE FOUND IN API TESTING?
Duplicate or missing functionality.
Improper messaging.
Multi-threading issues.
Security and performance issues.
Reliability issues.
Stress, Unused flags, Not implemented errors, Inconsistent error handling
LIST THE CHALLENGES FACED WHILE PERFORMING API TESTING.
Building irrelevant tests: Building tests without considering how the APIs will be consumed may be quicker in short term.
Initial setup of API testing: Setting up an API testing setup requires certain level of expertise and dedication among the team
members.
Not including API dependencies: Failure to include API dependencies as a part of API testing strategy can be a critical API testing
challenge.
Not validating data: It might be possible that API tests pass successfully but APIs are not returning the correct data in their
responses. It is important to verify that the API is returning correct data.
WHAT IS THE PURPOSE OF API DOCUMENTATION IN API TESTING?
API documentation is a technical document that describes the API in detail. It includes instructions on how to effectively use and
integrate API and provides updates regarding API’s lifecycle such as new versions. It is primary resource explaining what is
possible with the API and how to get started with the API.
API DOCUMENTATION TEMPLATES - Swagger, Miredot, Slate, FlatDoc, API blueprint, RestDoc, Web service API specification
WHAT MUST BE CHECKED WHEN PERFORMING API TESTING?
During the API testing process, a request is raised to the API with the known data. This way you can analyze the validation
response. While testing an API, you should consider:
Accuracy of data
Schema validation
HTTP status codes
Data type, validations, order, and completeness
Authorization checks
Implementation of response timeout
Error codes in case API returns, and
Non-functional testing like performance and security testing
HOW DO YOU HANDLE DYNAMIC DATA IN API TESTING?
1. Data Parameterization: Using data-driven tests where input values are generated dynamically from a data source (e.g.,
database, files).
2. Assertions with Patterns: Instead of hardcoding expected values, validate dynamic responses with patterns, regex, or partial
matches.
3. State Management: Keeping track of the state of the system and using that information (such as generated user IDs) in
subsequent tests.
4. Mocking: For external services that provide dynamic data, mocks or stubs can simulate expected responses.
5. Environment-specific Data: Adjust test data based on the environment (e.g., development vs. production).
