As you might be aware, API stands for Application Program Interface. As the name suggests, it acts like an interface between the user and the application. APIs are mainly responsible for the data exchange services between the two different software.
Software testing is complicated and challenging. It is therefore essential to understand best practices and considerations before jump starting testing.
Outlined below are the 5 key considerations before you kick start API testing:
1) REST vs SOAP
REST stands for Representational state transfer. These are web services that provide interoperability between computer systems over the internet. RESTful Web services provide a predefined set of stateless operations and allow requesting systems to access and manipulate textual representations of web resources.
SOAP stands for Simple Object Access Protocol. It helps in exchanging structured information between computer networks. SOAP allows communication between different operating systems using XML.
Nowadays, RESTful API is preferred over SOAP because of the following reasons :
- REST uses Json architecture which is comparatively easier than the XML architecture used in SOAP
- REST can use SOAP web services as it is an architecture and not a protocol like SOAP
- Speed of REST API is faster as compared to SOAP
- REST is not that strict and inherits security measures while SOAP has its own strict standards and defined security measures
2) Commonly used HTTP Methods
There are 4 main HTTP methods that are frequently used during API testing :
- GET Method
The HTTP GET method is used to retrieve data. It is a read only call and data cannot be modified. If it is a successful request, without any errors, then a status of code of 200(OK) will be received along with the data requested in the particular format which is generally JSON or XML.
GET method is considered a safe method to call as no corruption or modification of data will be done. It gives the same response everytime called.
- POST Method
The HTTP POST method is a write method. It is mainly used to create a new resource by providing the input in Json or XML format. When a POST request is made, a new resource is created with the values provided along with it. If it is an error free call, the status returned will be 201.
POST methods are responsible for modification of data and should be carefully handled.
These methods are not idempotent and thus can result in errors or duplicate records if called more than one time.
- PUT Method
The HTTP PUT method is more like an update command. It is used to change the value of any resource whose original value was something else.
PUT methods can also be used to create resources but only if the the request is from the client and not the server.
PUT methods are also not safe as these are responsible for resource modification but if we call the same PUT request again then no changes are made i.e it is idempotent.
- DELETE Method
The HTTP DELETE method, as the name suggests, is used to delete a resource. If the request is made successfully then the status code returned is 200 (OK). These are also idempotent as if a resource is deleted once it cannot affect it. At times, the resource is not deleted completely and in such cases it is not a safe method and can cause modification of resources if called again.
3) HTTP Response codes
The HTTP response codes are divided broadly in five categories :
- 1xx – Informational codes
- 2xx – Success codes
- 3xx – Redirect codes
- 4xx – Client error codes
- 5xx – Server error codes
Some of the most common HTTP response codes used with REST are as follows :
200 (OK): This code indicates that the request was made successfully.
201 (Created): This response code indicates that request was successful and a resource was created. It is used to confirm success of a PUT or POST request.
400 (Bad Request) : This code indicates that the data is in incorrect format.
401 (Unauthorized) : This code indicates an authentication error.
405 (Method Not Allowed) : This code indicates that HTTP method used is not supported for this resource.
409 (Conflict) : This code indicates that there is a conflict request to create the same resource twice.
404 (Not Found) :This code indicates that the required resource could not be found.
500 (Internal Server Error) : This code indicates that there is some error on Server side.
4) What kind of tests are performed using API testing?
Following things can be tested using an API :
- Discovery Testing : API testing helps in identifying APIs where the resources are not exposed.
- Functional Testing : In API testing, by giving input parameters(in Json) it is very easy to test the functionalities. It gives a response code within a few milliseconds which makes it fast and efficient.
- Usability Testing : It is easy to hit the APIs on different platforms and test the usability of a software.
- Security Testing : This helps to know whether the data is encrypted in HTTP and requiring any authentication. It also includes penetration testing.
- Load Testing : This includes validating functionality and performance under load, often by reusing functional test cases.
5) Different tools available for API Testing
Different tools available for API testing are :
- Postman with jetpacks
- Postman with Newman
Testing is really crucial. We hope this blog is able to provide you a lot of knowledge about API testing. API testing is certainly more helpful as compared to UI testing. Moreover, API testing is also advantageous as it is easy and quick. The applicability of API testing is again one more aspect that makes it all the more attractive. Hope you will now be able to perform API testing easily.