AN INTRODUCTION TO API TESTING
DAVID TZEMACHWWW.MACHTESTED.COM
MAY 12 2017
AGENDA• WHAT IS API?
• MOTIVATION TO TEST API
• WHAT IS AN API TESTING?
• WHAT TESTS SHOULD BE PERFORMED ON API’S
• WHAT ARE THE TYPES OF DEFECTS THAT API TESTING WILL HELP REMOVE?
• WHAT ARE THE CHALLENGES OF API TESTING?
WHAT IS API?
DEFINITION OF API
AN API (APPLICATION PROGRAMMING
INTERFACE) IS A SET OF APPLICATION CODE, STANDARDS, PROTOCOLS AND PROCEDURES
THAT CAN BE USED AS AN INTERFACE BY
EXTERNAL SOFTWARE APPLICATIONS OR
BETWEEN DIFFERENT LAYERS OF THE SAME
APPLICATION (AKA: “LOGIC TIER” OR
“BUSINESS LAYER”).
WHEN CREATING AN APPLICATION API, WE
WILL DETERMINE HOW OTHER SYSTEMS WILL
INTERACT, COMMUNICATE AND SHARE DATA
WITH OUR SYSTEM IN THE BEST AND EFFICIENT
WAY.
WHAT IS AN API TESTING?
API TESTING IS…
API testing is a testing approach that is used to validate that APIs and the integration they should provide actually work as defined at the beginning of the project.
The main activity of this testing approach is to validate the API response or output based on varying test conditions, the API output can be a reference to another API, Different types of data, and Pass/Fail status.
MOTIVATION TO TEST API
SO WHY SHOULD YOU INVEST TIME IN API TESTING?
THINK ABOUT A SCENARIO THAT YOU RELEASE AN API TO OTHER PROGRAMMERS WITH THE ATTENTION THAT THEY
WILL USE IT AS AN INTERFACE INTERACT WITH THE APPLICATION, ANY DEFECT THAT WILL AFFECT THIS BASIC GOAL, WILL
RESOLVE AN ADDITIONAL DEVELOPMENT AND TESTING ACTIVITIES (SIMILAR TO ANY OTHER BUG FOUND IN CUSTOMER
ENVIRONMENT) THAT WILL AFFECT BOTH THE COSTS AND REPUTATION OF THE COMPANY.
ALTHOUGH API’S ARE USUALLY PUBLISHED FOR FREE AS AN OPEN SOURCE CODE THAT OTHER DEVELOPERS CAN USE
AND EXPAND IT, THERE IS NO WAY THAT THE MARKET WILL ADOPT AND USE IT IF IT’S NOT EFFICIENT, EFFECTIVE AND
OFF COURSE FREE FROM ANY MAJOR DEFECTS.
WHAT TESTS SHOULD BE PERFORMED ON API’S
THE BASIC SET OF TESTS THAT WE CAN USE DURING API TESTING • TEST THAT THE API DOES NOT HAVE SCENARIOS THAT HE FAILS TO RETURN ANY RESPONSE.
• TEST THAT THE API CAN BE INTEGRATED WITH A CORRESPONDING SYSTEM.
• TEST THAT THE API CAN BE INTEGRATED WITH A CORRESPONDING API’S.
• TEST THE API OUTCOME BASED ON DIFFERENT INPUT CONDITION.
• TEST THE HOW EASY IS TO IMPLEMENT AND USE THE API.
• TEST DIFFERENT PERFORMANCE ASPECTS OF THE API.
• TEST THAT THE API CAN PROCESS A LOT OF INPUTS.
• TEST THAT THE API CAN HANDLE NEGATIVE INPUTS.
• TEST DIFFERENT SECURITY ASPECTS OF THE API.
WHAT ARE THE TYPES OF DEFECTS THAT API TESTING WILL HELP REMOVE?
USING API TESTING WE WILL EXPECT TO REMOVE THESES TYPE OF DEFECTS:
• ANY SECURITY BREACH IN THE API THAT OTHER
PROGRAMMERS CAN USE TO ATTACK THE SYSTEM.
• PERFORMANCE RELATED DEFECTS.
• SECURITY RELATED DEFECTS.
• ERRORS AND FAILURES THAT ARE NOT HANDLED IN A
GRACEFUL WAY.
• ANY FUNCTIONAL DEFECT RELATED TO THE API FUNCTIONS.
• UNUSED CODE, DUPLICATE FUNCTIONALITY OR UNUSED
FLAGS.
WHAT ARE THE CHALLENGES OF API TESTING?
THERE CAN BE MANY CHALLENGES WHEN TESTING APIS:
• OK, LET’S SAY IT, API TESTING CAN BE COMPLEX TO SOME TESTERS.
• THERE IS NO ACCESS TO THE SOURCE CODE.
• THE TESTING IS LIMITED TO SPECIFIC FUNCTIONS AND THERE IS NO
VIEW OF THE FULL PICTURE.
• NOT LIKE OTHER BLACK-BOX TESTING METHODS, IN API TESTING
THE TESTER MUST HAVE A CODING KNOWLEDGE THAT HE WILL USE
TO EXECUTE TESTS.
• THERE IS A HUGH CHALLENGES TO TEST THE API OUTPUT UNDER
SOME SYSTEMS.
• THERE IS NO USER INTERFACE THAT THE TESTER CAN USE TO
SIMPLIFY THE TESTS.
• THERE IS ANOTHER TESTING LEVEL WHERE THE TESTER NEEDS TO
VERIFY THE EXCEPTION HANDLING CREATED FOR SPECIFIC
METHODS.
FOR ADDITIONAL KB’S PLEASE VISIT MY BLOG
WWW.MACHTESTED.COM