What is API Testing? – Types, Methods & Tools

‘Netflix and Chill!’ – Isn’t that the motto of Gen-Z? Ever wondered how quickly and smoothly we are able to browse and watch our favorite shows and movies on Netflix, how easy it is for us to order pizza or sushi from online apps like – Uber Eats, Zomato etc. or even better how convenient life is with ‘GOOGLE MAPS’. Right? The world with its many offerings is literally at our fingertips and all we need to do is just know what we want and press a few buttons on our smartphones. And all this, without even having to know or understand the technicalities of how everything is being done so seamlessly and what exactly is being done behind the scenes. | API Testing

Well, Hello! Welcome to the world of API’s.

INTRODUCTION TO API’S 

Even though it sounds all new and modern, surprisingly the concept of API’s roots back to as far as 1940’s. British computer scientists – Maurice Wilkes and David Wheeler worked on a modular Software library in the 1940’s for EDSAC, an early computer. A library catalog was created in order to understand the subroutines and how to incorporate them into programs. Who knew that these library catalogs would go on to be used so extensively in future and termed as API’s and revolutionize the concept of how computer programs and applications interact with each other and how important and effective they are for delivering a user’s response to a system and sending the system’s response back to the user. API as a concept as well as service has gained so much importance and popularity that it is almost impossible today to come across businesses and applications that don’t use it. 

WHAT EXACTLY ARE API’S?

The acronym API translates to – Application Programming Interfaces. They can be understood as a set of functions and procedures that allow applications to access data and interact with external software components, operating systems or micro services. They are a sort of connection between computer systems. For example – If we are using the Google Maps application on our phone, and we input the directions to a location, the application connects to the Internet and sends data to the server (in our case the location whose directions we are asking for), the server gets the request, interprets it, performs what is required and sends back the information which is then interpreted by the Google Maps application, converted into a readable and understandable form and presented to us. And imagine, all of this being done in microseconds. 

Now, depending upon the scope of usage of web API’s they have been categorized into 4 types –

1. Public API’s – These are an open platform, open and available for use by anybody. They require very little or sometimes no authentication and authorization. The users do not require any API keys (a sort of password) in order to gain access to these API’s or use them. A few examples of Public API’s are – 7Timer! For weather forecasts, Agify.io for predicting a person’s age on the basis of their name, Cocktail Database to access Cocktail recipes and so on.
2. Partner API’s – Partner API’s require licenses and proper authorization to access them. They are built to be used inside an organization and also provide access to some partners that are outside of the organization. This is done in order to run the business activities which require sharing of data outside the organization. Hence the partner API’s can be used to connect the internal customer data with the external partners / stableholders. But it involves strict authorizations and permissions. A few examples of Partner API’s are – eBay, IRS, Apple, Facebook, Google etc.
3. Private / Internal API’s – Private or Internal API’s are developed for use within an organization privately. They are used to access data and systems internally. Does not really require strict Authorization implementation as the system does not have to interact outside. A few examples of Private API’s are – NSArray, Home-Cost etc.
4. Composite API’s – Composite API’s are like an amalgamation of two or more types of API’s which are used to perform operations which are connected to one another. These are used as sometimes two different models and resources of API’s can work together better in order to improve the performance of an individual API. 

API ARCHITECTURE 

Considering how seamlessly the API’s operate with other systems and servers in order to fetch what we need, it is very important that proper rules, structures and protocols are in place to ensure a solid and stable architecture as the basis of an API’s operation. There are 3 types of formats / architecture types for construction of an API, each with its unique features, characteristics and what they have to offer. To list them here –

1. REST API’s – This translates to – (REpresentational State Transfer). This is the most common as well as popular architecture type followed to construct API’s. A client / server approach is followed and the two ends of the API are segregated. The architecture here is made up of – clients, servers and resources with requests being managed through HTTP. The communication between client and server is Stateless as no data or status is stored by API’s between requests. REST allows Caching which can help streamline client-server interactions by storing responses for slow or non-time sensitive API’s. REST is an architecture powerful enough that it can handle to send executable code from server to client if and when requested, which helps extend client functionality. REST API’s are quite fast and easy to work with which makes them perfect to use for scalable applications and resources like – IoT and mobile applications etc.
2. RPC – This translates to (Remote Procedure Call). They are the simplest type of API used for interaction by sending multiple parameters and receiving quick results. Blocks of code are executed on a server which are then implemented in HTTP or AMQP and a web API is created. RPC architecture is compatible for coding with two languages – JSON and XML. They are very easy to work with as we can add new functionality to it very easily and high on performance. Giants like Google, Facebook, Twitch use RPC as their massive microsystem services require internal communication which is clear and can be arranged in short messaging.
3. SOAP – It translates to (Simple Object Access Protocol). It is widely used across the world to create web API’s. It is formatted using XML and follows a very sophisticated web communication protocol. It supports a vast range of communication protocols such as – HTTP, SMTP, TCP. It is extensible which allows developers to add new features. It is tightly packed with Security protocols which ensures privacy and integrity in transactions and follows strict encryption protocols. It is generally used by financial institutions as SOAP has a rigid, tight structure which requires adequate security and authorizations between API provider and consumer.

API TESTING 

API Testing is performed to verify if the application programming interfaces are in sync and interacting with each other as desired or no. Now, testing API’s can be a little tricky as compared to the conventional application testing process as while doing the application testing of any sort, be it – web-based, desktop-based, mobile-based , the user has an advantage of having the look and feel of the application under test and it is comparatively easier to point out the defects. While on the other hand for API’s the standard procedure is that different interfaces, software are interacting with each other and there is to and fro of requests and responses which is happening as a part of the business logic layer of software architecture.

Now, considering that API testing involves the interaction between different software, there are several endpoints that need to be tested for these types of transactions, like – web services, ESB’s, databases, mainframes, web UI’s, ERP’s and so on.

Manual Testing as well as Automation testing play a big part in API Testing as the API’s interact with other interfaces at the business logic level.

Several testing techniques that are used in API testing are 

1. Unit Testing – Unit testing plays a big part in API Testing. Developers work with different API types, protocols and architecture as per the unique needs of different applications and businesses.
2. Functional Testing – Majorly accounts for the end to end testing of an application to validate if enough test cases are being executed for the maximum coverage.
3. Scalability Testing / Load Testing – Scalability Testing is a very important parameter of testing API’s as for all the applications which are to be used by millions of users, it is really important for them to be tested for load to verify that they don’t crash when being accessed by so many users at once.
4. Security Testing – We know that API’s interaction do not happen at GUI layer, but at business logic layer of software instead, so it makes it all the more important that they should be tested for Security purposes and proper measures are taken to ensure that there is proper data encryption, validation, authorization and access control.
5. Penetration Testing – Penetration Testing is also performed for API’s to ensure that they do not fall prey to threats like hacking, compromised data etc. and to uncover the vulnerabilities of a system if there are any.
6.  Usability Testing – It is done to verify how user-friendly an API is, how easy it is to use and how it integrates with other platforms.
7. Discovery Testing – The set of calls documented in the API are tested manually to verify if a specific resource exposed by the API can be listed, created and deleted as appropriate. 
8. Fuzzing – Also known as Fuzz testing, this forms a part of negative testing to test the limits of an API or any unexpected behavior. Heaps of random data called as noise / fuzz are forcibly entered into the system in order to attempt a crash or overflow thus testing its limits.
9. Validation Testing – As the name suggests, it is done to validate as well as verify if the product behavior is as it is expected to be. To be sure that the requirements are met.
10. Runtime & Error Detection – This one is to actually see how an API runs in real-time. It is monitored to see if there are any execution errors or run-time errors.

FORMATS PREDOMINANTLY USED FOR API’S 

JSON (JavaScript Object Notation) and XML.

The format for an application development is chosen on the basis of several factors like –

1. On the basis of the purpose of API development and its usage.
2. A language’s simplicity of use.
3. Data Usage in a format.
4. Its compatibility with the application and interface.
5. How we want to present an API.
6. How we want to integrate the data.

 TOOLS USED FOR TESTING API’S 

1. RapidAPI
2. Rest-assured
3. Postman
4. PAW
5. SoapUI
6. Katalon Studio
7. JMeter
8. KarateDSL
9. Tricentis Tosca
10. Assertible

And the list goes on.

CONCLUSION –

To conclude here, the area of API’s have seen such a big leap in terms of growth and application. There is just so much of it all around us that we cannot ignore the fact that they have come to occupy a big chunk of the market for not just development but the QA as well. API testing has revolutionized the way of testing as well, as it gives the tester an insight of not just what is happening at GUI layer, but also the business layer as well, giving more exposure and understanding of how the system interacts behind the scenes.