Tools for API Testing
What is API Testing ?
API stands for Application Programming Interface. API testing is a technique for testing the interface by sending calls to it, receive the output and log it's response. API is basically a set of software functions and procedures that can be used by other software applications. So if we put it simply then API testing emphasises on the business logic layer of the software architecture. In API testing, we use a software to send calls to the API , observe and note the system response. An API can be thought of as a backbone which provides support for some other software to perform the intended task. It facilitates interaction between the GUI and the back end(database). An API is itself a piece of code, written in XML.
The Internet is expanding like a giant. It can be considered the lifeline of modern day civilisation.
Hence API acts as a support system. Calls to the API are managed by web services. Web services are a set of standards and protocols, that enables communication over the web.
How API testing is Done :
We can perform API testing in the following two ways -
- By using a testing tool to check the API
- By writing our own code and run the test
Web services and API are the background processes, enabling the applications to perform their respective roles. A web service works on the following set of protocols and programming languages.
- SOAP (Simple Object Access Protocol) - It encodes the XML messages in order to make it recognizable by any operating system, and also provide support for any type of network protocol.
- UDDI (Universal Description, Discovery and Integration) - This can be thought of as an XML based directory that contains the list of all businesses. This process facilitates collaboration among business through web services.
- WSDL (Web Services Description Language) - This can be interestingly understood as the protocol(SOAP) of the universal description(UDDI). It is the XML based language used by businesses to describe their services in the UDDI.
Now let us understand the API testing tools and the benefits does the various testing tools offer :
- Soap UI - A functional testing tool that is free and open source. It facilitates one to perform automated functional, compliance, regression and load tests. Few noteworthy features of this testing tool are as follows -
- Creates test cases from the web method request, directly.
- Organizing test cases in test suites.
- Eases the task of creating very complex validation scripts using Groovy.
- Provides test coverage and requirements management.
- Depending on the target environment for performing tests, one can change the test setup also.
- HP QTP(UFT) - It stands for Unified Functional Testing (former QTP), is a very helpful tool in executing and building the functionality of such systems that do not have a user interface. Helps in testing Databases, web services etc. This tool is a product of HP and offers an amalgamation of GUI and API services, allowing testing of both front-end and back-end functionalities. It's robustness lies in the fact that it provides component re-usability that makes the testing process fast.
UFT IDE supports VB script as a scripting language. Additionally it also supports java script and Windows shell script.
.Net, Stingray, Oracle, Siebel, Web services, Java, Smalltalk , Silverlight, WPF, PeopleSoft, Delphi, are the few technologies that uses UFT.
Next, let us look into the features that shall expand our understanding about this tool.
- HP combines "Quick test Professional" and "HP Service Test", which provides the developers and testers a chance to test the various layers of a software application, namely, interface layer, service layer, database layer. Earlier QTP only had support for GUI testing, which is now overcome by UFT.
- Unlike QTP, UFT has a cross platform feature, and runs on almost all the major browsers. Like Internet Explorer(version 6-11), Firefox(version 3-31), Google Chrome(version 12-35) and Apple safari, almost all the major browsers.
- OS support - UFT supports Windows XP/Vista/2003/7/8/8.1 and Windows Server 2008/Windows Server 2012 R2. Whereas QTP runs on Windows upto 7 and Windows Server 2008.
- Installation process of UFT is much faster and secure , is less time consuming.
- Offers support for Flex- based applications.
- UFT offers a graphical representation of all actions performed during the testing process.
- Enables insight recording, an image-based identification technique by which an object is recognized within the application
- HttpMaster - Considered an efficient testing tool for testing web API calls. It has got all the requisite validation techniques for validating the data and also has support for Http methods like Get, Post, Delete etc. It also supports RESTful web services and API applications.
Following points highlight few key features of HttpMaster.
Parasoft - Enables automating the interface in case of messaging layer, databases and mainframes. It simplifies testing of API's that do not have a GUI, offers 100% code coverage, and also designs tests without coding. Robust support for various platforms and protocols, also automates end-to-end test scenarios. Parasoft offers functional,load,security testing with test data management. Parasoft's API testing eases the complexity involved in API driven applications.
- Request Chaining - Combines API calls in separate batches, for execution. For example, POST is followed by GET.
- Response Data Validation - Validates the returned http request status codes and defines execution result based on the status code.
- Request Chaining - This concept simply states that a chain of requests are created, aligning current request code with the previous one.
- Data Upload Support - HttpMaster enables uploading of texts, files, etc.
- Request Data Builder - When we want to test a website based on the various options of input data, we can build a request body from Html content that is obtained from the URL.
- Request Time Execution - Allows to only the opened requests. We can monitor the progress of execution and their status.
- Data Review - Once the execution of request item is completed , one can open and view their execution results. Http headers, cookies, response data etc. Can be reviewed.
Following are some of the features that define Parasoft .
- Test Creation and Automated Validation - This involves creating parameterised test messages, validations, and configurations from variables and test scenarios. We have the option of creating a structured test flow logic without the need to write scripts.
- Change Management for Test Assets and Environments - Parasoft has a feature named "Change Advisor" that helps users to keep track of changes and its impact on the current tests. It is simply to assess the impact of amendments in the existing test and update it if any deviations occur.
- Service Virtualization for Simulated Test Environments - The term "virtual" is self explanatory. In this context "virtualization" means one has access to various such platforms that are otherwise dependant resource. Such resources may be databases, web services, mobile front-end apps etc. Hence in API testing, service virtualization can be thought of as follows :
Performance Testing - Sometimes it is quite possible that there is a lot of traffic on the web which results in the website crashing or failure to respond. Testing of such a scenario is often termed as "performance/ load testing". By emulating a similar kind of scenario, one can perform load test for their website.
Security Testing - Parasoft provides extensive security which includes strict authentication and encryption mechanisms. Enables creating a lot of penetration attack scenarios like injections, large payloads etc.
vREST - It is an online solution for automation testing, recording and specifications for REST/Http API's. It offers a Mock Server Functionality with the help of which mock http requests can be used for developing front end.
- Simulate behaviour of API's by creating a similar kind of test environment. This enables developers and testers to perform their respective tasks without having to worry about scarcity of resources.
- Providing access to dependant resources.
Provides a platform for automated REST API testing.
Ways to record and replay the test process conducted so far.
Enables creation of mock API, thereby removing any dependency from front-end and back-end.
Provides integration of JIRA, Jenkins.
Postman - It is a plugin in Chrome, a powerful tool for testing web services. It has such a robust functionality. One can extract all web API data using this tool, Postman interface enables one to write Boolean tests.
- Postman has a request builder, with the help of which one can write their own test cases to validate response data and response time.
- It has a cloud service that helps sharing API information in real time. Postman's cloud is a very safe and reliable testing tool.
Few demerits of test oracle can be, oracles only address a small subset of inputs and outputs. The tester may need to set values for a variable. We may generate a set of test inputs based on the previous observation of a custom model, previous release of a program etc.