All you need to know about API Testing

As we all know, API stands for Application Program Interface. API is nothing but a set of protocols and tools which acts as a bridge between the user and the application. They are basically responsible for exchanging data between different software.

Following are some of the points which we should know before we start API testing:

1) REST vs SOAP

REST stands for Representational state transfer. REST provides the ability to exchange information between different computers over the internet. RESTful web services also help in providing a predefined set of operations which are stateless and also helps systems to request and wield textual representations of web resources.

SOAP stands for Simple Object Access Protocol which helps in exchanging efficient and structured data between different computer networks. It is done using an XML file.

Today, RESTful API is given preference over SOAP API because of the following reasons:

• Jason is used in REST which is easy to implement as XML is used in SOAP

• SOAP web services can be used in REST because REST is not a protocol but an architecture.

• REST API is comparatively faster than SOAP

• Security measures are not that tough in REST whereas SOAP has its own security standards.

2) Commonly used HTTP Methods

Following are the main HTTP methods that are used during API testing:

GET Method

HTTP GET is used to fetch data. Data is not modified as it is only a read call. A successful request returns a status code of 200 (OK) if there are no errors detected while fetching a data. Data is returned in JSON or XML format when we use this method.

As there is no alternation or extortion of data in getting request, it is considered a safe method.

POST Method

HTTP POST method is a used to write data. The POST is used to enter data by providing the input in either JSON format or XML format. Whenever called, this method creates a new entry in the database along with the inputs provided. It returns a status code of 201 if the request is completed without any error.

As this method modifies the data, care should be taken while entering the request as it could result in data redundancy or errors.

PUT Method

HTTP PUT method is mainly used to update the data. It changes the value of any data which was something else primarily.

However, this method can also be used to create new data but for this thing, the request should be sent from the client and not from the server side.

Again these methods are not considered safe as they can modify the data but if called, again and again, no changes are made.

DELETE Method

As the name says, HTTP DELETE method is used to delete data values. It also returns the status code of 200 (OK) if the request is successful. The same result is produced if we repeatedly call the same request, so in a way, it does not affect the data if it is deleted.

However, in some cases, it is not considered a safe request where the data is not completely deleted.

3) HTTP Response codes

There are 5 major categories in which the HTTP responses are divided:

1xx – Informational codes

2xx – Success codes

3xx – Redirect codes

4xx – Client error codes

5xx – Server error codes

Following are some of the commonly used HTTP response codes in RESTful web services:

200 (OK): When a request is successfully made.

201 (Created): When a request is successfully made and data is created. PUT/ POST requests are confirmed by this response code.

400 (Bad Request): When the data is in the incorrect format

401 (Unauthorized): when there is an authentication error.

405 (Method Not Allowed): When an HTTP method which is used in the request is not supported

409 (Conflict): When there is a conflict between data due to entering the same values again and again

404 (Not Found): When data is not found

500 (Internal Server Error): When server side has any error

4) What kind of tests are performed using API testing?

Below are some of the things which can be tested using an API:

Discovery Testing: It helps in analyzing and finding the APIs where the data is uncovered

Functional Testing: Jason input is given in API testing to test the functionality of the application which gives us a response code within milliseconds because of which it is fast and useful.

Usability Testing: Usability of the software can be tested by hitting the APIs on different platforms and browsers

Security Testing: Penetration testing is included in this as it helps us to know if the data is encrypted in HTTP and it required any authentication or not.

Load Testing: Performance and functionality of the application is tested under load by reusing the test cases

5) Different tools available for API Testing

Following are the different tools which are available for API testing are :

• SOAPUI
• Runscope
• Postman with jetpacks
• Postman with Newman
• Curl

Thanks!