What is an API ?
An API(Application Program Interface) is code, that allows two software programs to communicate with each other. One program can call another programs API to get access to data or functionality of the other program.
An API defines functionalities that are independent of their respective implementations, which allows definitions and implementations to vary without compromising each other. The API specifies how software components should interact. An API is used when programming graphical user interface(GUI) components. A good API makes it easier to develop a program by providing all the building blocks.
What is API Testing ?
API testing is a type of software testing that involves testing application programming interfaces (APIs) directly and as part of integration testing to determine if they meet expectations for functionality, reliability, performance, and security.
Since APIs lack a GUI, API testing is performed at the message layer. API testing is considered critical for automating testing because APIs now serve as the primary interface to application logic and because GUI tests are difficult to maintain with the short release cycles and frequent changes commonly used with Agile software development and DevOps.
Where is API testing performed ?
API testing is intended to reveal bugs, inconsistencies or deviations from the expected behavior of an API. Commonly, applications have three separate layers:
- Presentation Layer or user interface
- Business Layer or application user interface for business logic processing
- Database Layer for modeling and manipulating data
API testing is performed at the most critical layer of software architecture, the Business Layer. It is in the business layer, business logic processing is carried out, and all transactions between User Interface (UI) and database happen. So, making sure that, API offers complete intended functionality allows for easy future expansion of the software product.
Advantages of API Testing
It is language-independent : Data is exchanged via XML and JSON formats, so any language can be used for test automation. XML and JSON are typically structured data, making the verification fast and stable.
Faster releases : It is common that executing API testing saves up to eight hours compared to UI testing, allowing software development teams to release products faster
Easier Test Maintenance : UIs are constantly changing and moving around based on how they are accessed - browsers, devices, screen orientation, etc. This creates a nightmare scenario where tests are being constantly rewritten to keep up with the actual code in production. API changes are much more controlled and infrequent - often times API definitions files like OpenAPI Spec can help make refactoring tests only a seconds of work.
GUI-independent : API testing can be performed in the app prior to GUI testing. Early testing means early feedback and better team productivity. The app's core functionalities can be tested to expose small errors and to evaluate the build's strengths.
Improved test coverage : Most API/web services have specifications, allowing you to create automated tests with high coverage
Earlier Testing : With API testing, once the logic is designed, tests can be built to validate the correctness in responses and data. We don't have to wait for various teams to finish their work or for full applications to be built - test cases are isolated and ready to built immediately.
Faster Time To Resolution : When API tests fail, we know exactly where our system broke and where the defect can be found. This helps reduce time triaging bugs between builds, integrations, and even different team-members. The small, isolated footprint of an API test is perfect for faster MTTR stats, a valuable KPI for DevOps teams.
Types of API Testing
In API testing, the following types of testing can be conducted:
Functionality Testing
To check if the API works and does exactly what it’s supposed to do, it includes testing particular functions in the codebase. These features are the representation of specific scenarios to make sure the API functions are handled well within the planned parameters.
Reliability Testing
To check if API can be consistently connected to and lead to consistent results
Validation Testing
It occurs among the final steps and plays an essential role in the development process. Helps verify the aspects of product, behavior, and efficiency of an API
Load Testing
It is performed to ensure the performance of API under both normal and at peak conditions
UI Testing
UI testing focuses more on the interface which ties into the API rather than the API testing itself. Although UI testing is not a specific test of API in terms of codebase, this technique still provides an overview of the health, usability, and efficiency of the app’s front and back ends.
Security Testing
It is used to test that the API is secure against all possible external threats. It also includes additional steps such as validation of encryption methodologies, and of the design of the API access control. It also includes user rights management and authorization validation.
Penetration Testing
Penetration testing is considered the second test in the auditing process. It is done to detect vulnerabilities of an application from an attackers perspective
Fuzz Testing
In fuzz testing, a vast amount of random data (referred to as "noise" or "fuzz") will be input into the system to detect any forced crashes or negative behaviors. This is done to test the API in terms of the limits to prepare for the “worst case scenarios”