API Testing Checklist
What is an API?
An API (application programming interface) can be thought of as a bridge that initiates a conversation among the software components. It is a set of instructions that establishes a dialogue session between components of a software with another, like a user wishes to access a location via GPS, the necessary API will fetch the needful information from the server and generate a response to the user.
To state it very simply, an API is an interface that receives an input from the user and gets the response from a valid source.
Few popular API's are -
- Google Maps API - This API lets developers integrate Google Maps on a webpage or a mobile device.
- YouTube API's - With this API, developers can integrate YouTube videos into an application or website.
- Flicker API's - It is a photo sharing community. The Flicker API enables access to photos via any website where this API is present.
- Twitter API's - This API lets developers to access Twitter data.
- Amazon Product Advertising API - This API lets users access Amazon's product selection.
API testing is about verifying whether an API abides by the instruction set and delivers the expected functionality.
An application generally has three essential components:
- Data Layer - This layer is about data retrieval from a data source.
- Logic Layer - The logic layer represents an application's structure, that is, this layer is responsible for processing requests sent by the user, deciding what to do with the request and how to respond to it.
- Presentation Layer - This is the uppermost layer which provides an interface to the users. This layer interacts with the user to get requests, translating the results fetched into something comprehensible by the user.
API testing is thus to ensure that it performs in the most optimal manner. API testing requires a software to make calls to an API just the same way as in a real world scenario.
When the API returns a response, either the result is a correct one or some output. It could one of the following:
- Pass or Fail test
- Data or information
- A call to another API
Need for API Testing:
Generally we conduct software testing to find bugs in an application, to offer an error free product to our clients. The performance of API is also important considering that it is responsible for processing user requests. An important dimension to API testing is security as well. If an API is vulnerable to security threats, the product as a whole may suffer and as a result we may lose out on our client base. If API fails to offer an edge, then irrespective of how easily an application is available, it won't gain acceptance among people.
Beginning with API testing:
Before gearing up for testing the API, it is essential to take into consideration few important points:
- The various aspects that need to be tested.
- Select an environment that is best suitable for API testing.
- The most important is to determine the target audience for whom the API is intended for.
- The aspects that need to be tested.
- Setting the priorities for testing.
- Identifying the possible set of mishaps in the event of any failure.
- Evaluating pass and fail results and determining the degree of impact it can have on the system.
Now once we define clearly what are our requirements, we need to decide why do we want to test our API and what purpose shall it serve. We may wish to conduct few common types of testing like -
Functional testing,usability testing , reliability testing, load testing, security testing,API documentation testing (acts as a user guide).
API testing Checklist:
After discussing the do's and dont's of API testing and analysing the importance of the same, we can summarise the entire concept in brief.
- HTTP Validations:
- While testing an API, HTTP methods like GET, HEAD, PUT, DELETE etc. are idempotent methods
- Validate user authentication, trying to access an API using HTTP authentication header
- Verifying various error/authentication codes, to ensure validation of a response. Some of the validation codes include 404 (server not found), 201 (request fulfilled), 204 (no content) and so on
- 4xx vs 5xx errors are worth mentioning as they help to reflect client side and server side errors respectively.
- To ensure best network performance, HTTP compression mechanisms should be applied to API’s being tested. (HTTP compression is a technique to facilitate efficient bandwidth between client and the server)
- An API must ideally support format conversion, say, JSON to XML or vice versa
- Check with API version number to verify whether that specific version is compatible with the device being used
- An API must be strong enough to handle bulk operations, therefore it is necessary to build an API in such a manner
- Pagination is an important factor that helps to reduce unnecessary computations at the server, as pagination indexes a document in pages
- An API must efficiently handle errors that arise during an application's duration of operation.
- Type of contents such as +JSON, JSON HAL and XTML, should be included while testing an API, is an important aspect from an API testing perspective.
- While taking RESTful API's into consideration, a feature named HATEOAS, an acronym for Hypermedia as the Engine of Application State, is a REST constraint provides an effective way for a client to interact with any network application.
- An API's date and time must adhere to the time zone specifications meant for a particular locale
Security, apart from the aforementioned points, is an inevitable factor in determining the effectiveness of API testing. Cyber-crime has been at its peak for quite some time, prevalent in the present day as well. Hence the significance of 'security' cannot be denied to pursue a strong and quality application.
To optimise and provide seamless performance of an application, a thorough testing of API is necessary. API testing brings to the fore the various dimensions to an application, and also reveals failures, if any.