The traditional idea of QA Testing is often limited to testing the User Interface (UI) layer only, but its applications are wider. Here we give you an introduction to API Testing: what is it, which types there are, and its pros when applying it.
More than UI Testing
The traditional idea of QA Testing is often limited to testing the UI layer. But, that is not entirely true. The truth is software testing is as wide as development. And, even though UI has been king in software testing for a long time, there are a lot of QA testers that takes care of the backend just as well. In fact, there are testers focusing exclusively on backend related stuff: here is where API Testing comes in.
Software testing is as wide as development. There are testers that focus exclusively on the backend, and there is where API Testing comes in.
What is an API?
API is an acronym derived from the initial letters of Application Program Interface. So, API is a suite of functions, procedures, and commands. It is formally known as an interface that performs certain actions to allow programs and applications to connect to each other through it, without coding everything from scratch. A perfect example is Uber. Uber's mapping architecture was not built by them from scratch. Rather, they use an API from Mapbox that has all the necessary mapping architecture the application needs.
API is an acronym derived from the initial letters of Application Program Interface.
What is API Testing?
API Testing is part of the software development process. It is where QA and devs validate and verify that an API meets the product requirements (just as they would do at UI level). The testing involved here is more focused on the backend or servers within the application (which is also known as the business logic).
Types of API Testing: What can we Test?
API Testing is where QA and devs validate and verify that an API meets the product requirements.
API Testing can be performed manually or automated, but always implies any of the following types:
- Functional Testing: The process of verifying that the endpoints are providing all the functionalities they are supposed to, as per requirements.
- Reliability Testing: The process of verifying whether the system can perform a failure-free operation for a specified period of time in a particular environment.
- Performance Testing: This type seeks to find bottlenecks in software systems. There are different types of testing that can be implemented in order to test the performance, such as load testing, stress testing, spike testing, etc. This is a good resource when projects want to scale up their product. Also, when want to know how much they can handle in terms of the number of users making requests at the same time in some components of the application, especially the more critical ones.
- Security Testing: It’s where ensure the API has no gaps in terms of security. A use case could be that we should verify the application is not sharing data that it is not supposed to or testing the authentication methods it has.
- Integration Testing: It is the level of testing that combines individual units in order to run a sequence of API Requests. It does that to test their behavior when interacting with each other.
Pros of Implementing API Test Plans
- Faster feedback
Since API tests bypass the UI, feedback is given in the early stages of the development process (when there is still no UI). And even when there is a UI, in some cases we would still get faster feedback by testing at the API level.
- The ease to test in different environments
By using a software tool to perform the API Testing, we can have easy access to the different environments that have been set up very rapidly. To make this possible, it is just a matter of making sure that we have set each variable from each environment, whether is local, staging, or production.
- The facility to implement
We can start with basic test cases. That will allow us to actually cover bigger scenarios that would allow us to assure the expected quality very easily.
- Organized test plans
The different tools that exist for API’s allow us to create strategies to keep our test plans well organized. An example of this is the collections that we can create in order to place the test plans in the correct spot.
- Covers scenarios in the business layer
On the business logic layer, API testing allows us to improve the application test coverage.
- Pre-defined code snippets
Most of the tools for API Testing provide user-friendly code snippets to implement. They actually give us an idea of where to start and how far we can go in our testing.
As of 2020, there are plenty of tools in the market when it comes to testing web services and APIs. We can choose from software such as Swagger, Postman, SoapUI or something as simple as the terminal to make a quick and small request.
- Postman and SoapUI: these are free tools used to test SOAP and RESTful Web Services.
- cURL: client to make requests (via HTTP, HTTPS, FTP, FTPS, SCP, SFTP, TFTP, LDAP, DAP, DICT, TELNET, FILE, IMAP, POP3, SMTP, and RTSP protocols). Unlike Postman or SoapUI, with cURL we cannot store collections or change from one environment to another very easily. But, is used for quick HTTP requests and when we don’t need any more details than just making the request.
With the evolution of technologies, the needs in software testing have extended and evolved so much. Nowadays, QA testers have several ways of getting their testing done at different levels. At the end of the day, the path they choose will be up to the needs of the project, and their personal choices.
API Testing is a very reliable resource when it is integrated into agile-based products.
API Testing has proven that it is a very reliable resource when integrated into agile-based products. Also, it is important to mention that this type of testing is not only aimed at QA teams, but also for product managers and developers. In the next blog series, we will learn about the different things we have to take into account when performing functional Rest API testing.
Thanks for reading!