API is an acronym for Application Programming Interface.
In software application (app) development, API is the middle layer between the presentation (UI) and the database layer. APIs enable communication and data exchange from one software system to another.
API testing is a software testing practice that tests the APIs directly - from their functionality, reliability, performance, to security. Part of integration testing, API testing effectively validates the logic of the build architecture within a short amount of time.
Benefits of API Testing
Data is exchanged via XML and JSON formats, so any language can be used for test automation. XML and JSON are typically structured data, making the verification fast and stable. There are also built-in libraries to support comparing data using these data formats.
API testing can be performed in the app prior to GUI testing. Early testing means early feedback and better team productivity. The app's core functionalities can be tested to expose small errors and to evaluate the build's strengths.
Improved test coverage
Most API/web services have specifications, allowing you to create automated tests with high coverage - including functional testing and non-functional testing.
It is common that executing API testing saves up to eight hours compared to UI testing, allowing software development teams to release products faster.
What You Need To Start API Testing
The first part of API testing involves setting up a testing environment, with the required set of parameters around the API. This involves configuring the database and server for the application's requirements.
Once you've set up your API testing environment, make an API call right away to make sure nothing is broken before you go forward to start your more thorough testing.
You can start combining your application data with your API tests to ensure that the API performs as expected against possible known input configurations.
Next, you need to organise yourself around the API test. Start by asking yourself these questions:
- Who is your target audience? Who is your API consumer?
- What environment/s should the API typically be used?
- What aspects are you testing?
- What problems are we testing for?
- What are your priorities to test?
- What is supposed to happen in normal circumstances?
- What could potentially happen in abnormal circumstances?
- What is defined as a Pass or a Fail? What data is the desired output? What is the chain of events?
- What other APIs could this API interact with?
- Who on your team is in charge of testing what?
After you've created these testing boundaries and requirements, you need to decide what you want to test your API for.
What Types of API Testing Can I Do?
- Functionality testing - the API works and does exactly what it's supposed to do.
- Reliability testing - the API can be consistently connected to and lead to consistent results
- Load testing - the API can handle a large amount of calls
- Creativity testing - the API can handle being used in different ways.
- Security testing - the API has defined security requirements including authentication, permissions and access controls. See some API security tips for protecting vital data
- Proficiency testing - the API increases what developers are able to do.
- API documentation testing - also called discovery testing, the API documentation easily guides the user.
- Negative Testing - checking for every kind of wrong input the user can possibly supply
The kinds of tests you will run will vary, but these are common API test examples, as you can see, they are very similar to the reasons why you would want to test your API:
- Checking API return values based on the input condition
- Verifying if the API doesn't return anything at all or the wrong results
- Verifying if the API triggers some other event or calls another API
- Verifying if the API is updating any data structures.