AN INTRODUCTION TO API TESTING

DAVID TZEMACHWWW.MACHTESTED.COM

MAY 12 2017

AGENDA• WHAT IS API?

• MOTIVATION TO TEST API

• WHAT IS AN API TESTING?

• WHAT TESTS SHOULD BE PERFORMED ON API’S

• WHAT ARE THE TYPES OF DEFECTS THAT API TESTING WILL HELP REMOVE?

• WHAT ARE THE CHALLENGES OF API TESTING?

WHAT IS API?

DEFINITION OF API

AN API (APPLICATION PROGRAMMING

INTERFACE) IS A SET OF APPLICATION CODE, STANDARDS, PROTOCOLS AND PROCEDURES

THAT CAN BE USED AS AN INTERFACE BY

EXTERNAL SOFTWARE APPLICATIONS OR

BETWEEN DIFFERENT LAYERS OF THE SAME

APPLICATION (AKA: “LOGIC TIER” OR

“BUSINESS LAYER”).

WHEN CREATING AN APPLICATION API, WE

WILL DETERMINE HOW OTHER SYSTEMS WILL

INTERACT, COMMUNICATE AND SHARE DATA

WITH OUR SYSTEM IN THE BEST AND EFFICIENT

WAY.

WHAT IS AN API TESTING?

API TESTING IS…

API testing is a testing approach that is used to validate that APIs and the integration they should provide actually work as defined at the beginning of the project.

The main activity of this testing approach is to validate the API response or output based on varying test conditions, the API output can be a reference to another API, Different types of data, and Pass/Fail status.

MOTIVATION TO TEST API

SO WHY SHOULD YOU INVEST TIME IN API TESTING?

THINK ABOUT A SCENARIO THAT YOU RELEASE AN API TO OTHER PROGRAMMERS WITH THE ATTENTION THAT THEY

WILL USE IT AS AN INTERFACE INTERACT WITH THE APPLICATION, ANY DEFECT THAT WILL AFFECT THIS BASIC GOAL, WILL

RESOLVE AN ADDITIONAL DEVELOPMENT AND TESTING ACTIVITIES (SIMILAR TO ANY OTHER BUG FOUND IN CUSTOMER

ENVIRONMENT) THAT WILL AFFECT BOTH THE COSTS AND REPUTATION OF THE COMPANY.

ALTHOUGH API’S ARE USUALLY PUBLISHED FOR FREE AS AN OPEN SOURCE CODE THAT OTHER DEVELOPERS CAN USE

AND EXPAND IT, THERE IS NO WAY THAT THE MARKET WILL ADOPT AND USE IT IF IT’S NOT EFFICIENT, EFFECTIVE AND

OFF COURSE FREE FROM ANY MAJOR DEFECTS.

WHAT TESTS SHOULD BE PERFORMED ON API’S

THE BASIC SET OF TESTS THAT WE CAN USE DURING API TESTING • TEST THAT THE API DOES NOT HAVE SCENARIOS THAT HE FAILS TO RETURN ANY RESPONSE.

• TEST THAT THE API CAN BE INTEGRATED WITH A CORRESPONDING SYSTEM.

• TEST THAT THE API CAN BE INTEGRATED WITH A CORRESPONDING API’S.

• TEST THE API OUTCOME BASED ON DIFFERENT INPUT CONDITION.

• TEST THE HOW EASY IS TO IMPLEMENT AND USE THE API.

• TEST DIFFERENT PERFORMANCE ASPECTS OF THE API.

• TEST THAT THE API CAN PROCESS A LOT OF INPUTS.

• TEST THAT THE API CAN HANDLE NEGATIVE INPUTS.

• TEST DIFFERENT SECURITY ASPECTS OF THE API.

WHAT ARE THE TYPES OF DEFECTS THAT API TESTING WILL HELP REMOVE?

USING API TESTING WE WILL EXPECT TO REMOVE THESES TYPE OF DEFECTS:

• ANY SECURITY BREACH IN THE API THAT OTHER

PROGRAMMERS CAN USE TO ATTACK THE SYSTEM.

• PERFORMANCE RELATED DEFECTS.

• SECURITY RELATED DEFECTS.

• ERRORS AND FAILURES THAT ARE NOT HANDLED IN A

GRACEFUL WAY.

• ANY FUNCTIONAL DEFECT RELATED TO THE API FUNCTIONS.

• UNUSED CODE, DUPLICATE FUNCTIONALITY OR UNUSED

FLAGS.

WHAT ARE THE CHALLENGES OF API TESTING?

THERE CAN BE MANY CHALLENGES WHEN TESTING APIS:

• OK, LET’S SAY IT, API TESTING CAN BE COMPLEX TO SOME TESTERS.

• THERE IS NO ACCESS TO THE SOURCE CODE.

• THE TESTING IS LIMITED TO SPECIFIC FUNCTIONS AND THERE IS NO

VIEW OF THE FULL PICTURE.

• NOT LIKE OTHER BLACK-BOX TESTING METHODS, IN API TESTING

THE TESTER MUST HAVE A CODING KNOWLEDGE THAT HE WILL USE

TO EXECUTE TESTS.

• THERE IS A HUGH CHALLENGES TO TEST THE API OUTPUT UNDER

SOME SYSTEMS.

• THERE IS NO USER INTERFACE THAT THE TESTER CAN USE TO

SIMPLIFY THE TESTS.

• THERE IS ANOTHER TESTING LEVEL WHERE THE TESTER NEEDS TO

VERIFY THE EXCEPTION HANDLING CREATED FOR SPECIFIC

METHODS.

FOR ADDITIONAL KB’S PLEASE VISIT MY BLOG

WWW.MACHTESTED.COM