Basics of API Testing

Hi my fellow testers, let’s revise from the very basics of API testing.

What is API testing?

There are many definitions of API s available on google. I am sure,you would have searched multiple times when you had started working on it or before attending any interview. Let me give you a easy and simple definition to you if this helps. API – As we all know, stands for "Application Programming interface". In simple terms, tt’s an interface which enables communication and data exchange between two separate applications. It provides platform independent communication. It also provides a standard protocol/format for communication. Lets understand it from the below :

1.     Presentation layer – which we call it as UI (User interface) or where we perform GUI testing.

2.     Business layer – where we apply business logic, is at API level.

3.     Database layer – which is our database where we perform db testing.

API Testing works at step 2, in middle of presentation layer and database layer. It concentrates on business logic of the software architecture. Where on one hand, developers build and test the api’s that they are working on, on the other hand, testers are in the charge of testing individual functionalities and make sure that they are worked together from end to end.

Since we do not have UI available to test the application which makes it difficult to give input values. The purpose of API testing is to check the functionality, reliability, performance, and security of the programming interfaces.

If you look around, you will find you are surrounded by APIs. Examples: Every time you use facebook, twitter or google map, you are using an API. Another example is Weather app on your mobile device. How do you see weather each hour for each day? Because they use API’s of “The weather channel”. Isn’t it great?

Now, the question comes - How to do API testing?

There are 2 ways to do it which i am aware of: {there may be more}

1.     Via Manual – using tools like Postman and Swagger.

2.     Via automation – using RestAssured

We will be working on certain endpoints and methods to check the core business logic which developer has implemented. API testing involves validation of HTTP status codes and header responses. HTTP methods like GET, PUT, POST, DELETE and PATCH. HTTP status codes like 200,401,500 etc.. To add more on the different types of status codes on what they represent are as follows:

1xx informational

2xx Success

3xx redirection

4xx Client error

5xx Server error

There are two types of web services available. One is SOAP and the other one which everybody is using these days :REST web services. There are many differences between both of them. Some are listed below:

SOAP - Simple Object Access Protocol. REST - Representational State Transfer.

Where on one side, SOAP is XML-based message protocol, REST is architectural style protocol.

Soap used WSDL for communication. REST uses XML or Json to send and receive data. It simply calls services via URL path. We can call them from javascript as well.

In SOAP, transfer is done over HTTP including SMTP and FTP also whereas in REST, Transfer is done over HTTP only. SOAP does not return human readable result where REST return result in XML or JSON format which is human readable. In REST, Performance is better than Soap.

Thank you for reading and please feel free to contribute.