All you need to know about API Testing
Posted By : Neha Dahiya | 29-Dec-2017
As we all know, API stands for Application Program Interface. API is nothing but a set of protocols and tools which acts as a bridge between the user and the application. They are basically responsible for exchanging data between different software.
Following are some of the points which we should know before we start API testing:
1) REST vs SOAP
REST stands for Representational state transfer. REST provides the ability to exchange information between different computers over the internet. RESTful web services also help in providing a predefined set of operations which are stateless and also helps systems to request and wield textual representations of web resources.
SOAP stands for Simple Object Access Protocol which helps in exchanging efficient and structured data between different computer networks. It is done using an XML file.
Today, RESTful API is given preference over SOAP API because of the following reasons:
-
Jason is used in REST which is easy to implement as XML is used in SOAP
-
SOAP web services can be used in REST because REST is not a protocol but an architecture.
-
REST API is comparatively faster than SOAP
-
Security measures are not that tough in REST whereas SOAP has its own security standards.
2) Commonly used HTTP Methods
Following are the main HTTP methods that are used during API testing:
GET Method
HTTP GET is used to fetch data. Data is not modified as it is only a read call. A successful request returns a status code of 200 (OK) if there are no errors detected while fetching a data. Data is returned in JSON or XML format when we use this method.
As there is no alternation or extortion of data in getting request, it is considered a safe method.
POST Method
HTTP POST method is a used to write data. The POST is used to enter data by providing the input in either JSON format or XML format. Whenever called, this method creates a new entry in the database along with the inputs provided. It returns a status code of 201 if the request is completed without any error.
As this method modifies the data, care should be taken while entering the request as it could result in data redundancy or errors.
PUT Method
HTTP PUT method is mainly used to update the data. It changes the value of any data which was something else primarily.
However, this method can also be used to create new data but for this thing, the request should be sent from the client and not from the server side.
Again these methods are not considered safe as they can modify the data but if called, again and again, no changes are made.
DELETE Method
As the name says, HTTP DELETE method is used to delete data values. It also returns the status code of 200 (OK) if the request is successful. The same result is produced if we repeatedly call the same request, so in a way, it does not affect the data if it is deleted.
However, in some cases, it is not considered a safe request where the data is not completely deleted.
3) HTTP Response codes
There are 5 major categories in which the HTTP responses are divided:
1xx – Informational codes
2xx – Success codes
3xx – Redirect codes
4xx – Client error codes
5xx – Server error codes
Following are some of the commonly used HTTP response codes in RESTful web services:
200 (OK): When a request is successfully made.
201 (Created): When a request is successfully made and data is created. PUT/ POST requests are confirmed by this response code.
400 (Bad Request): When the data is in the incorrect format
401 (Unauthorized): when there is an authentication error.
405 (Method Not Allowed): When an HTTP method which is used in the request is not supported
409 (Conflict): When there is a conflict between data due to entering the same values again and again
404 (Not Found): When data is not found
500 (Internal Server Error): When server side has
4) What kind of tests are performed using API testing?
Below are some of the things which can be tested using an API:
Discovery Testing: It helps in analyzing and finding the APIs where the data is uncovered
Functional Testing: Jason input is given in API testing to test the functionality of the application which gives us a response code within milliseconds because of which it is fast and useful.
Usability Testing: Usability of the software can be tested by hitting the APIs on different platforms and browsers
Security Testing: Penetration testing is included in this as it helps us to know if the data is encrypted in HTTP and it required any authentication or not.
Load Testing: Performance and functionality of the application is tested under load by reusing the test cases
5) Different tools available for API Testing
Following are the different tools which are available for API testing are :
- SOAPUI
- Runscope
- Postman with jetpacks
- Postman with Newman
- Curl
Thanks!
Cookies are important to the proper functioning of a site. To improve your experience, we use cookies to remember log-in details and provide secure log-in, collect statistics to optimize site functionality, and deliver content tailored to your interests. Click Agree and Proceed to accept cookies and go directly to the site or click on View Cookie Settings to see detailed descriptions of the types of cookies and choose whether to accept certain cookies while on the site.
About Author
Neha Dahiya
Neha is a bright QA Engineer with skills in manual testing . Apart from finding bugs in application, she loves sketching and painting.