============================ API TESTING ============================
========================= what is api testing ========================
api is an acronym for application programming interface.
in software application(app) development,api is the middle layer between the presentation (UI) and the database layer.apis is enable communication and data exchange from one software system to another.
api testing is a software testing practice that tests the apis directly-from their functionality,reliability,performance,to security.part of integration testung.api testing effectively validates the logic of the build architecture within a short amount of time.
another defination
api testing is a software testing type that validates application programming interfaces(APIs) .the purpose of api testing is to check the functionality,reliability ,performace,and security of the programming interfaces.in api testing ,instead of using standard user inputs(keyboards) and outputs,you use software to send calls to the API,get output,and note down the systems response.api tests are very different from GUI tests and wont concentrate on the look adn feel of an application.it mainly concentrates on the bussiness logic layer of the software architecture.
=============================== where is api testing performed? ===============================
presentation layer
|____ -> ui functional testing
bussiness layer
|____ -> api testing
database layer
there are 3 layeers sepearate layers in a typical app the presentation (or user interface) layer,the bussiness layer,and the database layer for modeling and manipulating data.
api testing is performed at the most critical layer: bussiness which bussiness logic processing is carried out all transactions between the user interface and database layers happen.
=================================================== benefits of api testing ===================================================
language-independent
data is exchanged via xml and json formats so any language can be used for test automation,xml and json are typically structured data,making the verification fast and stable.there are also buil-in libraries to support comparing data using these data formats.
gui-independent
api testing can be performed in the app prior to gui testing .Early testing means early feedback and better team productivity.the app core functionalities can be tested to expose small errors and to evaluate the build strengths.
improved test coverage
most api/web services have specifications,allow you to create automated tests with high coverage-including functional testing and non-functional testing.
faster releases
it is common that executing api testing saves upto eight hours compared to UI testing,allowing software development teams to release product faster.
=================================== api testing types ===================================
1) validation testing
validation testing occurs among hte final steps and plays an essential role in the developemnt process.it verifies the aspects of product behaviou and efficiency.in other words validation testing can be seen as an assurance of the correct developement.
2) functional testing
includes testing particular functions in the codebase.these features are the representation of specific scenarios to make sure that api functions are handled well within the planned parameters.
3)UI testing ui testing is defined as a test of the user interface for the apu and other integral parts.UI testing focuses more o the interface which ties into the api rather than the api testing itself.although ui testing is not a specific test of api in terms of codebase,this technique still provides an overview of the health,usability,and efficiency of the app front and backends.
4) load testing
load testing generally occurs after a specific unit or the whole codebase has been completed,this technique checks if the throretical solutions work as planned.Load testing monitoes the apps performanceat both normal and peak conditions.
5) security testing
this practive ensures the api implementation is secure from external threats.security testing also includes additional steps such as validation of encryption methodologies ,and of the design of the api access control .it also includes user rights management and authorization validtaion.
6)runtime and error detection
this testing type is releated to the actual running of the api-particularly with the universal results of utilizing the api codebase.this technique focuses on one of the below aspects,monitoring,execution errors,resource leaks,or error detection.
7) penetration testing penetration testing is considered the second test in the auditing process.in this type,users with limited api knowledge will try to access the threat vector from an outside perspective,which is about functions,resources,processes, or aim to the entire API and its components.
8) fuzz testing
fuzz testing is another step in the security audit process.in fuzz testing a vast amount of random data(referred to as "noise" or "fuzz") will be input into the system to detect any forced crashes or negative behaviours.this technique tests the api's limits to prepare for the "worst-case scenarios."
=========================================================================================================================
IN THIS API TESTING ,YOU WILL LEARN ABOUT
=========================================================================================================================
-> setup of api test environment -> types of output of an api -> test cases for api testing -> approach of api testing -> difference between api testing and unit testing ->how to test api ->best practices of api testing ->types of bugs that api testing detects. -> how to do api test automation -> challenges of api testing
set-up of api test environment
-> api testing is different thatn other software testing types as GUI is not available,and yet you are required to setup initial environment that invokes api with a required set of parameters and then finally examines the test result.
-> hence,setting up a testing environment for api automation testing seems a little complex.
-> database and server should be configured as per the applicaiton requirements.
-> once the installation is done,the api function should be called to check wheather that api is working.
types of otuput of an api
an output of api should be
1) any type of data 2)status(say pass or fail) 3) call another api function.
lets look at an example of each of the above types in this api testing.
-->> any type of data example: there isa n api function which should add two integer umbers. Long add (int a, int b)
the numbers have to be given as input parameters,the output should be a summation of two integer numbers.this output needs to be verified with an expected outcome.
calling needs to be done such as
add (1234, 5655)
exceptions have to handled if hte number is exceeding hte integer limit.
-->> status (say pass or fail)
consider the below api function-
1)lock() 2)unlock() 3) delete()
they return any value such as true(in case of suceess) or false (in case of error) as an output.
a more accurate Test case would be ,can call the functions in any of hte scripts and later check for changes either in the database or the application GUi.
calling of another api/event
in case ,we call one of the api function which in turn will call another function.
for example-first api function can be used for deleting a specified record in the table and this function,in turns,calls another function to refresh the database.
-->> test cases for api testing
test cases of api testing as based on:
1) return value based on input condition: it is relatively easy to test,as input can be defined and resutls can be autheticated 2) does not return anything: when there is no value, a behaviour of api on the system to be checked.
3) trigger some other api/event /interrupt:if an output of an api triggers some event or interrupt,then those events and interrupt listeners should be tracked.
4) update data structure:updating data structure will have some outcome or effect on the system,and that should be authenticated
5) modify certain resources: if api call modifies some resources then it should be validated by accessing respective resources.
-->> API TESTING APPROACH
api testing approach is a predefined strategy or a method that QA team will perform in order to conduct the api testing after the build is ready.this testing does not include the source code.the api testing approach helps to better understand the functionalities ,testing techiniwues,input parameters and the execution of test cases.
FOLLOWING POINTS HEPLS THE USERS TO DO API TESTING APPROACH: 1) understand the functionality of the ap program and clearly define the scope of the program 2) apply testing techniques such as quivalence classes,boundaries value analysis,and error guessing and write test cases for the api 3) input parameters for the api need to be planned and defined appropraitely. 4) execute the test cases and compare expected and actual results.
=================== api testing points ===================
-> testers perform it -> end to end functionlaity is tested. ->testers cannot access the source code. -> only api functions are tested. ->all functions issues are tested. -> broader in scope -> ran after build is created.
======================== how to test api ========================
api automation testing could cover atleast following testing methods apart from usual SDLC process.
DISCOVERY TESTING: the test group should manually execute the set of calls documented in the api like verifying that a specific resource exposed by the api can be listed,created and deleted as appropriate USABILITY TESTING: This testing verifies whether the api is functional and user-friendly.and does api integrates well with another platform as well. SECURITY TESTING: This testing includes what type of authentication is required and whether sensitive data is encrypted over http or both.
AUTOMATED TESTING: api testing should culminate in the creation of a ser of scripts or a tool that can be used to execute the api regularly.
DOCUMENTAION: the test team has to make sure that the documentation is adequate and provides enough information to interact with the api.Documentation should be a part of the final deliverable.
=============================== BEST PRACTICES OF API TESTING ===============================
-> api test cases should be grouped by test category. -> on the top of each test,you should include the declarations of the apis being called. -> parameters selection should be explicitly mentioned in the test case itself. ->prioritize api function calls so that it will be easy for testers to test. ->each test case should be as self-contained and independent from dependencies as possible. -> avoid "test chaining" in your development. -> special care must be taken while handling one-time call functions like-delete,clodewindow,etc.. -> call sequencinng should be performed and well planned. -> to ensure complete test coverage,create api test cases for all possible input combinations of the api.
=========================================== types of bugs that api testing detects ===========================================
-> fails to handle error conditions gracefully -> unused flags ->missing or duolicate dunctionality -> reliable issues,difficulty in connecting and getting a response from api -> security issues -> multi-threading issues ->performance issues.api respose time is very high -> improper errors/warnings to a caller -> incorrect handling of valid arguments values -> response data is not structured correctly(json or xml)
========================== challenges of api testing ========================== challenges of api testing includes:
-> main challenges in web api testing is paramter combination,parameter selection,and call sequencing -> validating and verifying the output in a different system is little difficult for testers. -> paramters selctions and categorization is required to be known to the testers. -> exception handling function needs to be tested -> coding knowledge is necessary for testers.
============== conclusion ============== api consists of a set of classes/functions/procedures which represent the bussiness logic layer.if api is not tested properly,it may cause problems not only the api application but aslo in the calling application.it is an indispendable test in software engineering.