API Testing Tutorial: A Complete Guide For Beginners

Definition

API stands for Application Programming Interface. It is a collection of functions, procedures, or methods that are available to be executed by other software applications. Its main purpose is to offer access to certain services and provide communication between software components. They make life easier for developers as they can take advantage of the functionality of an API, thus avoiding having to reprogram such functionality from scratch.

An API endpoint is the destination of the API requested by the owner of a website. If a content management system (CMS) requests access to an API, the CMS serves as the API endpoint. It is important that websites function well so that they can become secure and supportive endpoints for developers who want to share their data.

What is an API call?

It´s also known as an API request, is the time when a website owner “calls” to use a developer’s API. “Saving the API”, “logins on the developer’s website” and “queries about the application” count as API calls.
With this in mind, an API call limit is the number of times that you can request information about an API from a web service within a certain period of time.

What are the testing phases for APi's

As with tests to evaluate any other type of software, the typical phases are as follows:
  • Analysis: understanding of functionality and expected behavior, knowing structure and parameters, expected return value.
  • Design and application of test techniques: partition classes of equivalences, limit values, negative condition, basic functional test-happy path, etc.
  • Preparation of the environment.
  • Preparation of test data: identification of input parameters and expected return values.
  • Testing execution.
  • Reporting, administration and monitoring of incidents / defects.
  • Obtaining and analyzing metrics.
Api Definition

We must consider the following items as the basis for designing test cases:

  • Selection of parameters and return values; it consists of calling API functions / methods applying a creative selection of parameters and generating return values ​​that evaluate them.
  • Negative condition; It is recommended to validate the mechanisms for handling errors and exceptions, exercising various possible cases that may show either an incorrect or absent validation. The API should continue to work when faced with an unexpected or incorrect way of calling.
  • Limit values; It is required to exercise the API making calls where it is evaluated that these work properly before input parameters that consider values ​​not only in the maximum and minimum limits allowed, but also at least in: (N-1); 0; N; (N + 1).
  • Equivalence partition; This allows establishing a relationship between the elements of a set of values ​​that share a certain characteristic or property that represents them, whose values ​​would reveal the same error if they were all used in several tests. Using these input values ​​allows you to limit the amount of data to be used in testing.
  • Happy Way; it consists of testing the basic flow, in this case, considering calls to API functions whose result is as expected, executing each function or method also in the “normal” sequence.
  • Modification of resources accessed by the API; It is suggested to evaluate the API calls that involve modifying certain resources, such as: deleting, inserting or updating records from the database. And once these tasks are done, make sure they are actually done as expected.

Execution and evaluation of results

For its execution and verification of results, we must take into account the behavior of the results:

Pagination

Does the API return a list? What is the size of the list? Does it support paging? Does it have a default paging size? Can I control the number of results I get on each page? Could it be different for each user? How does the API obtain this information for the user? Are there any restrictions for different API consumers, such as web, mobile or tablet?

Authentication

Who can access this API? How are they authenticated? How is authentication maintained for subsequent calls? How long does authentication remain valid? What is the risk of someone gaining unauthorized access?

Query parameters / strings

How are we sending data in the query string? What information is mandatory? What is optional? Are you validating it? Is it valid for Null types? What defines that the values are correct? What if those values change? Do I have to escape certain characters?

Negative condition

Are you returning the correct error codes? Are you giving the correct HTTP codes? Is the entry validated? Does it handle missing parameters? Handling wrong inputs? Is the appropriate error issued if the content type is wrongly requested? Are users blocked after issuing the same type of errors? Are there asynchronous calls – If yes, what if there is an error in that? Are these errors logged? What if the whole system or some part of the system is not available, how would it affect the user? What if the system crash during the transaction, how could it recover?

 What error should I give?

It should be remembered that one of the important characteristics of the external quality of the software that is intended to be tested in the API’s is interoperability, that is, “the ability of two or more systems or software components to exchange information and use the information exchanged.

How can I run the tests? 

For calls to an API, the Postman tool can be used.

About the Author

Laura Vitelli is a Senior QA Engineer, with 18 years of professional experience in the market, both locally and internationally.

Don't forget to share this post!

Share on facebook
Share on google
Share on twitter
Share on linkedin
Share on whatsapp
Share on print

SAN DIEGO

6790 Embarcadero Lane Suite 100
Carlsbad, CA 92011, USA
+1 (888) 622-7098

MIAMI

1951 NW 7th Ave #600
Miami, FL
33136, USA
+1 (888) 622-7098

CÓRDOBA

Velez Sarsfield 576
Cordoba, Argentina X5000CCD
+54 (351) 426-5110

LIMA

Jiron Colina 107
Barranco, Lima CP 04, perÚ
+51 (1) 248-8687

MEDELLÍN

Calle 29 #41 – 105
Edificio Soho
El Poblado, Medellin COLOMBIA
+57 (4) 403-1770

©Santex 2019. All rights reserved.