Let’s talk about API testing

An application programming interface (API) is a piece of software that lets applications and services interact with each other. They provide the interface that facilitates data and logic transfer among diverse hardware and software systems. 

For example, a mobile banking app uses an API to access your phone’s camera so you can take a picture of a check and deposit into your account remotely.

Without APIs, the seamless digital interactions we enjoy every day with our computers, smartphones, TVs, and other devices, would not be possible.

What is API testing?

API testing helps developers to determine whether APIs meet expectations for functionality, performance, reliability, and security. The intention is to find bugs and any other unexpected behavior so your users don’t end up with a bad or insecure product. You want to make sure that you release APIs that work efficiently and effectively, or they won’t be adopted.

But API testing might not be as easy to do as it sounds. APIs typically use protocols and standards that you may not normally work with. These protocols and standards are needed so that different platforms, applications, and systems can talk to each other. So not only do you need to test an API’s functionality, you need to test its performance, security, and how all of the components work together to create a reliable interface.

Why should you do API testing?

APIs help us to do our daily work, find important information, and more. According to Akamai’s State of the Internet report, API calls make up 83% of all traffic on the web. Because APIs are so important to your users’ everyday lives, testing them should be a high priority for the following reasons:  

• Language independent: APIs use formats such as XML and JSON to exchange data. This means they are language independent so you can use any language to create testing automation. 
• GUI independent: APIs can be tested without a user interface to check the application’s core functionality and to find errors and bugs.
• Improved test coverage: APIs include features that let you create automation scripts with greater coverage. 
• Reduce cost of testing: Testing APIs helps you to find small bugs in the core functions before being tested in the GUI. These small bugs can potentially become big problems during GUI testing, so if you can find and fix bugs during API testing it saves you time and money.
• Faster product release: API testing typically takes a fraction of the time it takes to perform complete UI regression testing. So errors can be found and fixed faster and more efficiently and new builds can be released faster.
• Determine whether the APIs work properly: Your testing helps you to ensure that the API does what you expect it to do.
• Ensure APIs can handle the load: Run tests that apply the amount of traffic you expect your APIs to handle. It’s a way to simulate multiple users sending simultaneous requests to see how robust your application is. 
• Test compatibility: Your testing should ensure that your API can work with all devices, browsers, and operating systems.
• Anticipate user errors: Testing can help you to find ways that users can potentially mess up. This information can help you to anticipate user errors and improve your design.

Want more information about developing an API? Read “How to build an API.”

How to test an API

Like with most technology projects, you can’t start API testing without a plan. The plan helps you to determine your goals and how you will achieve them. Following are a few tips to help you get started with the API testing process:

• Understand the requirements: Document the API requirements and answer the following questions:

• What is the API’s purpose?
• Who is the target audience?
• What problems are you testing for?
• What is the desired output?
• What are the API’s features and functions?
• What is the application workflow?
• Which integrations does the API support?
• What are the testing priorities?

• Set up your testing environment: Set up your environment based around the API requirements. Configure the database and server to meet the application’s requirements. Then make an API call to make sure everything is configured correctly and nothing breaks before you start actually testing.
• Choose your API testing tools: Unless you plan to manually test everything, you’ll need an API testing tool to help you structure and manage your test cases.
• Decide which types of API testing you will do: When you’ve set up your testing environment and made sure that everything works, you need to decide what you will test your API for. 

Which types of API testing can you do?

What you decide to test determines the type of test you will perform. For example, if you want to test features and functions, you might do a functional test.

There are several different types of API tests to choose from: 

• Functional test: Tests different functions in the codebase. The tests represent specific scenarios to ensure that the API functions work within the planned and expected parameters.
• Reliability test: This type of test verifies that the API can operate without failures during a specific amount of time in a specific environment.
• Load test: This test monitors the API’s performance during normal and peak conditions.
• Security test: Used to ensure that the API is secure against external threats. The tests include encryption methodologies, API access control, user rights management, and authorization validation.
• UI test: This involves testing the API’s user interface. It’s focus is on the interface that ties into the API rather than testing the API itself. UI tests can give you an overview of the app’s health and usability on the front and back ends.
• Negative test: The purpose of negative testing is to see what happens when the app receives invalid or unintentional input. You are trying to find out what will break the system so you can develop more appropriate responses. For example, entering a letter in a number field should trigger a warning message and should not cause the app to crash. 
• Validation test: This type of testing is used to verify that the API has been developed correctly and that everything works.

Manual testing vs. automated testing

Manual testing is a very hands-on process where a QA professional executes individual tests one by one. Testers are involved in every part of the process from test case creation to execution. Testers validate features, look for bugs, and write error reports without automation tools.

Manual testing is more time-consuming and can be tedious. Automation lets you run more test cases, improves test coverage, and is generally more efficient. 

Why use manual testing?

Manual testing has more focused attention on the testing process. Creating and executing your own tests manually can give you more nuanced control over the test. In addition, there is lower risk of the tests generating false negatives, which can create a lot of extra work to validate reported errors as true or not.

You should use manual testing when doing the following types of tests:

• Exploratory testing
• Usability testing
• UI testing
• Ad hoc testing

You might want to use manual testing to look at small changes. Even the smallest change would require writing new code to run an automated test, which could end up being more time consuming than a quick manual test. 

Why use automated testing?

The biggest advantage of API testing automation is being able to do more testing in less time. It increases productivity and helps you to make testing more efficient. Faster testing leads to faster fixes which leads to faster product releases.

Automated testing should be used for the following types of tests:

• Functional testing
• Load testing
• Performance testing
• Validation testing
• Dynamic testing
• Data-driven testing
• Error testing
• Multi-language testing
• Regression testing

What are some API testing best practices?

While you should run exploratory and UI tests manually, most of your API testing should be automated. Here are a few best practices for automated API testing. These practices can help you to streamline testing, get more testing done in less time, save you money, and release a better quality product.

Document everything

The success of your tests can be determined by how well you define your business requirements and test cases. Most of your APIs do not have a front-end GUI to reference, so documentation that clearly specifies every field and its associated parameters is essential. Testers reference the documentation to ensure all of the necessary use cases are covered.

You also need to create detailed, comprehensive test reports that document the reasons for test failures. These reports make it easier for developers to pinpoint the areas that need to be fixed.

Use the DRY approach

The don’t repeat yourself (DRY) approach is used to avoid code repetition. If code is common to components and actions in multiple APIs, put it in a common library where it can be easily accessed from all the parts that need it.

Start with the small APIs

Ease into a testing routine by starting with the simple APIs that have only one or two inputs (for example, a login API). Focusing on the small ones helps you to build confidence and ensure that your testing environment works properly before tackling the bigger APIs.