An introduction to api testing | David Tzemach

AN INTRODUCTION TO API TESTING

DAVID TZEMACHWWW.MACHTESTED.COM

MAY 12 2017

AGENDA• WHAT IS API?

• MOTIVATION TO TEST API

• WHAT IS AN API TESTING?

• WHAT TESTS SHOULD BE PERFORMED ON API’S

• WHAT ARE THE TYPES OF DEFECTS THAT API TESTING WILL HELP REMOVE?

• WHAT ARE THE CHALLENGES OF API TESTING?

WHAT IS API?

DEFINITION OF API

AN API (APPLICATION PROGRAMMING

INTERFACE) IS A SET OF APPLICATION CODE, STANDARDS, PROTOCOLS AND PROCEDURES

THAT CAN BE USED AS AN INTERFACE BY

EXTERNAL SOFTWARE APPLICATIONS OR

BETWEEN DIFFERENT LAYERS OF THE SAME

APPLICATION (AKA: “LOGIC TIER” OR

“BUSINESS LAYER”).

WHEN CREATING AN APPLICATION API, WE

WILL DETERMINE HOW OTHER SYSTEMS WILL

INTERACT, COMMUNICATE AND SHARE DATA

WITH OUR SYSTEM IN THE BEST AND EFFICIENT

WHAT IS AN API TESTING?

API TESTING IS…

API testing is a testing approach that is used to validate that APIs and the integration they should provide actually work as defined at the beginning of the project.

The main activity of this testing approach is to validate the API response or output based on varying test conditions, the API output can be a reference to another API, Different types of data, and Pass/Fail status.

MOTIVATION TO TEST API

SO WHY SHOULD YOU INVEST TIME IN API TESTING?

THINK ABOUT A SCENARIO THAT YOU RELEASE AN API TO OTHER PROGRAMMERS WITH THE ATTENTION THAT THEY

WILL USE IT AS AN INTERFACE INTERACT WITH THE APPLICATION, ANY DEFECT THAT WILL AFFECT THIS BASIC GOAL, WILL

RESOLVE AN ADDITIONAL DEVELOPMENT AND TESTING ACTIVITIES (SIMILAR TO ANY OTHER BUG FOUND IN CUSTOMER

ENVIRONMENT) THAT WILL AFFECT BOTH THE COSTS AND REPUTATION OF THE COMPANY.

ALTHOUGH API’S ARE USUALLY PUBLISHED FOR FREE AS AN OPEN SOURCE CODE THAT OTHER DEVELOPERS CAN USE

AND EXPAND IT, THERE IS NO WAY THAT THE MARKET WILL ADOPT AND USE IT IF IT’S NOT EFFICIENT, EFFECTIVE AND

OFF COURSE FREE FROM ANY MAJOR DEFECTS.

WHAT TESTS SHOULD BE PERFORMED ON API’S

THE BASIC SET OF TESTS THAT WE CAN USE DURING API TESTING • TEST THAT THE API DOES NOT HAVE SCENARIOS THAT HE FAILS TO RETURN ANY RESPONSE.

• TEST THAT THE API CAN BE INTEGRATED WITH A CORRESPONDING SYSTEM.

• TEST THAT THE API CAN BE INTEGRATED WITH A CORRESPONDING API’S.

• TEST THE API OUTCOME BASED ON DIFFERENT INPUT CONDITION.

• TEST THE HOW EASY IS TO IMPLEMENT AND USE THE API.

• TEST DIFFERENT PERFORMANCE ASPECTS OF THE API.

• TEST THAT THE API CAN PROCESS A LOT OF INPUTS.

• TEST THAT THE API CAN HANDLE NEGATIVE INPUTS.

• TEST DIFFERENT SECURITY ASPECTS OF THE API.

WHAT ARE THE TYPES OF DEFECTS THAT API TESTING WILL HELP REMOVE?

USING API TESTING WE WILL EXPECT TO REMOVE THESES TYPE OF DEFECTS:

• ANY SECURITY BREACH IN THE API THAT OTHER

PROGRAMMERS CAN USE TO ATTACK THE SYSTEM.

• PERFORMANCE RELATED DEFECTS.

• SECURITY RELATED DEFECTS.

• ERRORS AND FAILURES THAT ARE NOT HANDLED IN A

GRACEFUL WAY.

• ANY FUNCTIONAL DEFECT RELATED TO THE API FUNCTIONS.

• UNUSED CODE, DUPLICATE FUNCTIONALITY OR UNUSED

FLAGS.

WHAT ARE THE CHALLENGES OF API TESTING?

THERE CAN BE MANY CHALLENGES WHEN TESTING APIS:

• OK, LET’S SAY IT, API TESTING CAN BE COMPLEX TO SOME TESTERS.

• THERE IS NO ACCESS TO THE SOURCE CODE.

• THE TESTING IS LIMITED TO SPECIFIC FUNCTIONS AND THERE IS NO

VIEW OF THE FULL PICTURE.

• NOT LIKE OTHER BLACK-BOX TESTING METHODS, IN API TESTING

THE TESTER MUST HAVE A CODING KNOWLEDGE THAT HE WILL USE

TO EXECUTE TESTS.

• THERE IS A HUGH CHALLENGES TO TEST THE API OUTPUT UNDER

SOME SYSTEMS.

• THERE IS NO USER INTERFACE THAT THE TESTER CAN USE TO

SIMPLIFY THE TESTS.

• THERE IS ANOTHER TESTING LEVEL WHERE THE TESTER NEEDS TO

VERIFY THE EXCEPTION HANDLING CREATED FOR SPECIFIC

METHODS.

FOR ADDITIONAL KB’S PLEASE VISIT MY BLOG

WWW.MACHTESTED.COM

An introduction to api testing | David Tzemach

Software

The tzemach

David Berra BC - Beric Valves · api 603/ asme b16.34 corrosion resistant valve

API Design in PHP - David Sklar

What is component testing | David Tzemach

In loving memory of Tzemach ben Yisrael z“l

Instructor’s Guide to - Gayle Tzemach Lemmongaylelemmon.com/-/pdf/the-dressmaker-teacher-student...Instructor’s Guide to Harper Perennial: Paperback/9780061732478 These teaching

OS view of networking – Sockets API (an exercise in ... · OS view of networking – Sockets API (an exercise in planning for the future)! David E. Culler CS162 – Operating Systems

API Testing - training.qaonlinetraining.com · API and API Testing Right tool for API Testing How API works ? API Methods ADVANTAGE S DEMO Different API Methods Advantages of API

Meal of Messiah Handout - Amazon S3 · Tzemach Tzedek, the third Lubavitcher Rebbe, in Likkutei Sichos 22:34 The Sod Level of the Meal ... Messiah ben David. It is a perfect completion

a systems management API for Linux lutter@puppet.com … · 2017. 12. 14. · libral a systems management API for Linux David Lutterkort @lutterkort lutter@puppet.com. 3 ... good

EXHIBITION OF THE TZEMACH TZEDEK - Lubavitch Library · 2017-08-29 · EXHIBITION OF THE TZEMACH TZEDEK 2 INTRODUCTION This is the 150th year since the passing, on 13th Nissan, 5626,

API 6AV1 and API 6A Comparison Task Group Report Austin Freeman – Halliburton, Chair David Comeaux – GE, Roy Benefield – FMC, & John Yonker – CEC, members

The complete guide for negative testing | David Tzemach

EXHIBITION OF THE TZEMACH TZEDEKchabadlibrary.org/exhibition2.pdf · of his chasidic discourses, halachic Responsa, Talmudic Novellae, letters, artifacts, books & portraits Location:

“Don’t Fumble These Coverages” David Thompson, CPCU, AAI, API Dthompson@faia.com TODAY’S SPECIAL GUEST Fred Kelly

The complete guide for software integration testing | David Tzemach

1Proprietary and Confidential AirVantage API – Getting started David SCIAMMA – June 13th 2014

The Switchvox Extend API by David W. Podolsky Director of Engineering, Switchvox

Software testing metrics | David Tzemach

Risk Engineer’s Energy Forum (REEF) July 27, 2016 David Black€¦ · API 2001: Fire Protection in Refineries API 2510/A: LPG Processing / Storage API 2218: Fireproofing **All reference