What is API?

API stands for Application Programmable interfaces. API has an underlying collection of software application modules where each module serves the specific function. It accepts a set of input parameters and returns the desired result as output. APIs are generally platform independent so that they can be made available in the cross-platform environment. In order to understand this in simple language, consider a banking application that needs the secure data across multiple applications in cross platforms, instead of using multiple applications to make their separate calls to this database, these calls are made through single API which has multiple functions with different input parameters to serve the desired lookup request.

What is API Testing?

API testing specialized attributes which are distinct from other kinds of common software testing interfaces as follows:

API Architecture knowledge: To test an API, the tester should know what he is going to test which can be made clear after going through the architecture documents thoroughly. One should have the knowledge of the environment that API requires, OS it uses, hardware specifications it demands and its system requirements for smooth operation. This knowledge is very essential before testing could be initiated for an API.

Sound Programming skills: To test an API, the tester should have sound programming knowledge so that he can go through the API code and help the developer in code reviews and understand the underlying workflow among functions within API. This will help in identifying bugs as the tester has the knowledge of the internal behavior of an API. This is where white box testing serves the purpose.

Functional Testing and Test Automation: An API is useful only if it serves the functional purpose for which it is developed for, therefore it demands black box testing or functional testing. As discussed before, API can be considered as a black box which accepts input parameters and responds with the desired output, therefore test cases covering all the functional aspects of the API should be designed and in order to avoid manual effort, it should be well automated. There are various testing tools available in the market like FitNesse, QTP, TestNG, etc. which could be used to automate the functional test cases. Automation saves the regression effort for subsequent release of the API.

Documentation and paperwork: Like SRS document is an essential document for any project development, in the similar way FRD (Functional Requirement Document) is required before API can be developed. FRD covers every possible detail about each and every function and procedure present in the API like a number of input parameters that function accepts, output object or parameter, input parameters type, output parameters type, boundary values, etc. FRD helps the tester to write the functional test cases to cover both positive and negative test scenarios which could be either manually tested for automated for regression test.

Integration and System testing: Just testing the API is not enough. It should be tested after integration with other software applications that it is well compatible and there are no surprises. Usually, such system testing is done in collaboration with the different testing team which requires lots of coordination and good communication skills.

Performance Testing: An API is used by multiple application, therefore, performance testing is required to test on the volume of requests it can handle with acceptable latency. Load and reliability testing are required to mark the threshold point and hence it decides on the number of application that this API can serve at a time.

Project Deadline: As discussed above, API testing is not very common and it involves within itself different kinds of testing, therefore it consumes lots of testing time and demands an effective project management which should not compromise on the project resources and its quality.

Advantages of using API:

1) Single gateway for multiple requests across many platforms.

2) Easy to add on new function within API on top of existing functions to serve a new purpose.

3) Handling changes within the API are very simple, instead of implementing those changes in multiple applications individually it could be done at one place within API.

4) API follows the standard input and output procedure of call which could be local or remote.

5) It is platform independent thus easy to use in multiple applications in cross platforms easily.

6) Building an API is an investment for future software within an organization as it encourages reusability.

API Testing Best Practices:

• API test cases should be grouped using a test category
• Every API request should have a declaration of API which we are calling.
• Write a test case which is independent and should be as autonomous so that it will get executed without any dependency.
• In the test case explicitly mention the request parameters.
• Make sure that you are creating cases with all possible inputs to do most of the test coverage.
• Each and every API function calls should be prioritized.
• Try to stay away from API “test chaining”.

Example on API Testing:

So far we have discussed API and how its testing is different from another common software testing like GUI testing, web testing, etc. Now, we are going to discuss various points and guidelines which are required to be taken care of while testing API.

Input and Output Parameters:

• While writing the test cases for testing API, the tester should keep in mind to cover all aspects of input and output parameters i.e. all possible combinations made out of input and outputs. Let’s understand this with below example of a function within an API.

String retrieveBankLocation (String CUSIP, String productType, Integer FirmCode, String currency);

In the above example, the test should cover below points:

• As a positive test scenario, the test case should cover the valid input type and a number of parameters passed to a function for desired output.
• As a negative test scenario, how the API will behave if the application happens to pass input parameter like an integer in place of String. Does API has enough exception handling?
• What will happen if the API does not found any record in its database for given set of input parameters?
• How API will inform the partner application in case something went wrong within API while operation e.g. out of memory error, internal server error, etc.

Boundary Values:

• API should set a limit on the boundary value of its parameters. E.g., CUSIP field in above function can accept only 9 characters and anything more than that if partner application passes to the API, it should reject the call with a required error string to the application.
• A positive test scenario where boundary conditions of input parameters are satisfied which ranges from a minimum value to maximum value length.
• Negative test scenario where boundary conditions are not met and the input parameter range varies beyond the minimum and maximum value length.
• Also, remember to add scenarios where special characters or junk data are passed into string input parameter, etc.

Mandatory values:

• A function in an API can have multiple input parameters out of which some could be mandatory and cannot accept null values whereas other can accept null values. Below are some of the important points to take care while writing test cases.
• Positive test scenario covering for combinations where mandatory parameters have valid values and non-mandatory input parameters with and without valid values.
• Negative test scenario where a null value is passed to mandatory input parameters. How would API respond to this? Does it have enough exception handling? Does it notify the target application with a required error code or string?

Sequence or Order of API Call:

• The application may need the output from one of the API function as input to other API function and so on. While testing such complex logic with partner application below points should be kept in mind. Let’s understand this with below example.

String getBankAccountNumber (retrieveBankLocation (String CUSIP, String productType, Integer FirmCode, String currency), String LegacyCode);

• Order in which functions are executed in sequence. Here retrieveBankLocation function should be executed before getBankAccountNumber function.
• Latency in the response of the intermittent function must be reasonable to avoid passing of null or error value in the subsequent functions while processing the logic.
• Boundary values are well enforced while using one function output as input to other function of the API in a sequence.
• Proper exception and error handling should be done.

Difference between API Testing and Unit Testing:

Tools for API testing:

Few Open Source API Testing Tools For REST & SOAP Services:

• SOAP UI
• Postman
• API Fortress
• Parasoft
• HP QTP(UFT)
• vREST

• Airborne
• API Science
• Apigee
• APIpray Inspector
• Citrus Framework
• Hippie-Swagger
• HttpMaster Express
• JMeter
• Karate DSL
• Mockbin
• Ping API
• Pyresttest
• Rest Console
• Rest-assured
• RoboHydra Server
• SOAP Sonar
• Tricentis
• Unirest
• WebInject 

Conclusion:

In this article, we discussed about API testing and explained it with the help of suitable example.