APIs are crucial for enabling enterprises to achieve better connectivity with diverse business systems and applications. API is a specific set of routines, protocols, or tools for building software applications. They provide all tools necessary for software components to interact properly with one another. These integrate and mediate the varied business systems or applications in which they share resources. This complexity is what makes testing APIs difficult. Here we explore the process and what goes into testing an API.
What is API Testing?
Like any another software application, APIs are tested in order to identify bugs, security vulnerabilities, inconsistencies, or failures within the API.
The process of validating the HTTP Response with respect to the HTTP Request sent to the server by or from the client is referred to as the API Testing. Testing helps to find whether the services are working according to the request sent and if the server responds to the request or not. APIs encompass all the functions that characterize the business logic layer. It acts as a middle-ware between GUI and database.
How API Testing is Performed
API testing should cover the following testing methods apart from usual SDLC process of Software Architecture:
- Discovery Testing: The tester must run the calls listed in the API documentation, to check if the listed resources can be enumerated, created, updated and deleted.
- Usability Testing: This kind of testing usually verifies whether the API is functional and user-friendly. See to it that API integrates well with another platform.
- Security Testing: This testing includes what type of authentication is required and whether sensitive data is encrypted over HTTP or both.
- Automated testing: API testing should be concluded in the creation of a set of scripts or a tool that can be used to execute the API in timely intervals.
- Documentation: Documentation should actually be a part of the final deliverables. The team of Testers make sure the documentation provides enough information to interact with the API.
Let's see the terms for HTTP Request and HTTP Response in detail:
- Resource URL: https://reqres.in/
- Parameter: <name of api>/<Name of the Form>
Sample HTTP Request is given below:
- First, requested data is sent to the server by the client in order to fetch a response from the server.
- Request Line: Request Line consists of method or operation to be used, Request URI and then the HTTP Protocol that’s used one after the other. Ex: GET / expertise
- Headers (0 or more Headers in the list): The Section between Request Line and Request Body is having a set of Headers (0 or more) known as Request Header Section.HTTP Request has 3 Parts:
- An optional Body of the request: It is a part of the HTTP Request where the additional content/data can be sent to the Server from the Client side.
Example: JSON/XML files or file types are sent as body for the request.
Sample HTTP Response is given below:
1. Response is data sent to the Client in turn by the Server for the request received from Client.
2. HTTP Response has 3 Parts:
Part 1: Status Line: It also has 3 parts:
- HTTP Protocol like HTTP/1.1
- Status Code such 200 or 201
- Reason phrase such as OK or Created
Part 2: Headers (0 or more Headers in the List): The Section between Status-Line and Response Body is having set of Headers (0 or more) known as Response Header Section.
Part 3: Body of the response: It contains the resource data requested by the Client.
Example: City New York City Weather where City: New York is considered as main resource.
End-to-End testing can be done by the testers either manually using tools like Postman and SOAP UI or automated using HTTPClient or Rest-Assured libraries.