API stands for Application Programming Interface. It is a collection of functions, procedures, or methods that are available to be executed by other software applications. Its main purpose is to offer access to certain services and provide communication between software components. They make life easier for developers as they can take advantage of the functionality of an API, thus avoiding having to reprogram such functionality from scratch.
An API endpoint is the destination of the API requested by the owner of a website. If a content management system (CMS) requests access to an API, the CMS serves as the API endpoint. It is important that websites function well so that they can become secure and supportive endpoints for developers who want to share their data.
What is an API call?
It´s also known as an API request, is the time when a website owner “calls” to use a developer’s API. “Saving the API”, “logins on the developer’s website” and “queries about the application” count as API calls.
With this in mind, an API call limit is the number of times that you can request information about an API from a web service within a certain period of time.
What are the testing phases for APi's
We must consider the following items as the basis for designing test cases:
Execution and evaluation of results
For its execution and verification of results, we must take into account the behavior of the results:
Does the API return a list? What is the size of the list? Does it support paging? Does it have a default paging size? Can I control the number of results I get on each page? Could it be different for each user? How does the API obtain this information for the user? Are there any restrictions for different API consumers, such as web, mobile or tablet?
Who can access this API? How are they authenticated? How is authentication maintained for subsequent calls? How long does authentication remain valid? What is the risk of someone gaining unauthorized access?
Query parameters / strings
How are we sending data in the query string? What information is mandatory? What is optional? Are you validating it? Is it valid for Null types? What defines that the values are correct? What if those values change? Do I have to escape certain characters?
Are you returning the correct error codes? Are you giving the correct HTTP codes? Is the entry validated? Does it handle missing parameters? Handling wrong inputs? Is the appropriate error issued if the content type is wrongly requested? Are users blocked after issuing the same type of errors? Are there asynchronous calls – If yes, what if there is an error in that? Are these errors logged? What if the whole system or some part of the system is not available, how would it affect the user? What if the system crash during the transaction, how could it recover?
What error should I give?
It should be remembered that one of the important characteristics of the external quality of the software that is intended to be tested in the API’s is interoperability, that is, “the ability of two or more systems or software components to exchange information and use the information exchanged.
How can I run the tests?
For calls to an API, the Postman tool can be used.
About the Author
Laura Vitelli is a Senior QA Engineer, with 18 years of professional experience in the market, both locally and internationally.