API stands for Application Programming Interface and is widely used for communicating between two different applications. These applications can be completely different, for instance, the back-end and front-end. Let's take a clear example to understand it better.

Consider Pathao, which uses Google Maps, but it cannot directly access Google Maps. There is a security layer in between them called the Google Maps API. The conversation between Pathao and Google Maps is done through APIs. Another famous example is an interaction between a restaurant's customer and chef. They do not communicate directly; instead, a waiter acts as a mediator between the customer and the chef – that waiter is the API.

What is API Testing?

API is created by the back-end developers. The back-end logic tells the front-end developer what needs to be created in the UI. So, API testing falls under back-end testing.

Once the QA team tests and approves the APIs, they are forwarded to the front-end developer to create the UI. If the API is bug-free, we can only say the front-end is also bug-free. Testing is done on the API itself or as part of integration testing.

Importance of API Testing

API testing has several importance, some of which are discussed below:

1. Accelerated Bug Resolution

API testing provides fast results, allowing us to identify and fix bugs quickly in the early stages of the development lifecycle.

2. Cost-effectiveness

Since bugs are identified in the early stage of SDLC (Software Development Lifecycle) and fixed early, it reduces the cost of production.

3. Functionality Verification

API testing ensures that the different functions and operations performed by the API perform properly. It validates that the API operates as expected and generates accurate results for various inputs.

4. Performance

Performance testing of APIs involves subjecting them to specific conditions and loads to assess their behaviour under pressure. This includes testing their responsiveness and speed under increased loads, aiming for an optimised user experience.

Types of API testing

1. Functional Testing

Functional testing checks if a program's features work how they should. It's like looking at things from a user's point of view. For example, functional testing makes sure that login works as expected.

2. Load Testing

Load testing is done to see how well a system handles lots of activity. It's about discovering how the system responds when there are more users than usual.

3. Validation Testing

Validation testing is a type of testing where the software or a system must meet the system's or customers' requirements. It is also known as acceptance testing, as it should meet certain criteria already set by the customer or the system requirements.

4. Unit Testing

Unit testing is mostly done by the developer. It involves testing a certain module or component, as it is named a unit. It ensures that each component's code is working as expected.

5. Security Testing

Security testing is done to ensure the system is safe and there are no loopholes that might lead to the loss of the system, data and many more.

HTTP Methods for API Testing

GET

Retrieves data from a specific source like HTML, documents, etc.

POST

Sends the body to the server.

PUT

Updates and replaces the existing resource.

PATCH

Partially modifies the existing resource.

DELETE

Deletes a specific resource.

✍️
If you want to practice with different methods for API testing, here are some public APIs: Reqres and JSON Placeholder.

Testing an API: A Step-by-Step Process

Step 1: Verify HTTP Status Code

A status code is a three-digit number in computer communication with specific meanings and indicates the outcome of a request. Some of the HTTP status codes and their respective meanings are:

200 OK - Signifies the successful execution of the request and that the server has provided the requested information.

201 Created - Signifies that the new resource has been successfully created.

400 Bad Request - Signifies that the request is wrong. It can either be the wrong URL or any other wrong information.

401 Unauthorised - Signifies that the client's requests lack validation.

404 Not Found - Signifies that server could not find the requested resource.

500 Internal Server Error - This issue is from the server side.


Step 2: Verify the Response Payload

This process ensures that the data in the response is correct, whether in JSON or XML format, by checking its structure and details. This helps prevent mistakes and smooth communication between different parts of the system.

{
"name":"example",
"profession":"QA",
"description":"Hello QA world!"
}
Example: A Response Body in JSON Format

Step 3: Verify Response Headers

This step reviews the data we obtain from the server or analyses the metadata obtained through an API request. This involves closely examining the received information's content, structure, and accuracy to ensure it matches our expectations and serves its intended purpose. Through this process, we verify that the data aligns with our application's requirements and functions seamlessly within our system's operations.

An example of a response body:

Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8
Accept-Encoding gzip, deflate, br
Accept-Language en-US, en;q=0.5
Connection keep-alive
Host reqres.in
Referer https://example123.com
Sec-Fetch-Dest document
Sec-Fetch-Mode navigate
Sec-Fetch-Site same-origin
Sec-Fetch-User ?1
Upgrade-Insecure-Requests 1
User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:109.0) Gecko/20100101 Firefox/116.0

Test Cases Performed in API Testing

  1. Validate request and response
  2. Validate performance testing
  3. Boundary value testing
  4. Validate security testing
  5. Load testing
  6. Version compatibility testing
  7. Regression testing

Uncovering Glitches Through API Testing

  1. Response time
  2. Security issue
  3. Redundant functionalities
  4. Documentation verification
  5. Challenges with multithreading

API Testing Tools

  1. Postman
  2. Swagger
  3. Insomnia
  4. SoapUI

Lastly,

API testing is a part of SDLC. It ensures that APIs work properly, helps reduce costs, facilitates robust testing, and allows for early bug fixing.

Hope this blog covered the basics to get you started with API testing. Leave a comment below and subscribe for more!