Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
Scribd
Upload
141 views

API Testing Approach

To effectively test an API, the tester must: 1. Determine the functional scope of the API and set up a proper test environment. 2. Design test cases that validate input and output formats, business logic, and how the API handles negative test cases and errors. 3. Test the reliability, sequencing, security, and performance of the API calls.

Uploaded by

Saravanan Murugan
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
141 views

API Testing Approach

To effectively test an API, the tester must: 1. Determine the functional scope of the API and set up a proper test environment. 2. Design test cases that validate input and output formats, business logic, and how the API handles negative test cases and errors. 3. Test the reliability, sequencing, security, and performance of the API calls.

Uploaded by

Saravanan Murugan
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 2

API Testing Approach

Testing for APIs is similar to testing any other software, except that you need to think a bit more
technically. Unlike GUI based systems, there are no text fields or buttons which you can test,
you have to essentially hit the backend calls that are made when a user would perform an action.
Since APIs help systems to integrate and communicate, it is important that you check each
system endpoint where an API call can make impact.

In order to effectively test an API, the tester should first determine the functional scope of the
API. Next the test environment should be set up with proper configuration of servers, databases
and every resource the API interacts with.

The test cases designed to test an API should focus around the points given below:

1. Input validation - Test the API with different input parameters and verify the response. The
data, response code, message etc should be correct for each set of input parameters. Does the
API return correct HTTP error codes like 200 for valid and 400 for invalid input parameters?

2. JSON format validation - Verify that the JSON or XML response of the API is correctly
structured.

3. Business Logic - Is the API doing the task it is supposed to do? Suppose we have a
fetchBalance API that gives the current balance for a user. If it returns the correct HTTP
response code, but the actual balance being returned for user is of previous month, the business
logic of this API is broken.

4. Negative test cases - Hit the API with incorrect/invalid parameters, missing/extra values, null
values for mandatory fields and observe the output. Is the API able to gracefully handle
unreasonably large amount of payload data, special and non-ASCII characters, long strings and
integers, incorrect data types for parameters? Are there any buffer overflow conditions? How
does it behave in case of conditions like timeouts, server failures, etc? Is the exception handling
mechanism in place? Are the error messages clear and relevant?

5. Reliability tests - Check whether the API can consistently return correct response, or do
response failures occur often.

6. Call sequencing checks - If the output of the API being tested includes modification of a data
structure, change of a resource state (Like a DB record), firing of an event or call to other APIs,
this should be functioning correctly.

7. Security testing - Every business critical API should undergo security testing techniques, to
ensure that its code and associated features cannot be accessed and used by unauthorized users.

8. Performance testing - Verify if the response time of the API calls is too high or varies
considerably. Also we can verify if the performance of the API response degrades when called
using a large number of clients.

You might also like