An application programming interface (API) is a way for two or more computer programs to communicate with each other. It is a type of software interface, that offers a service to other pieces of software.
API testing is a type of software testing that analyzes an application program interface (API) to verify it fulfills its expected functionality, security, performance, and reliability.
Think of API testing as something like a truck full of supplies that need to be delivered to your local store so you can access them.
What the API does is that it allows the communication between what's behind an application/web page (in the truck) and what’s in front of you, the user interface (the supplies).
In order to do API testing, we need to know the scope of the program and we can obtain the information by asking the following questions:
Answering those questions should give you a great understanding of what needs to be tested.
API testing can analyze multiple endpoints, such as web services, databases, or web user interfaces. You should watch for failures or unexpected inputs.
For example, making a request calls as a normal user, but the request you are supposed to check is purposely created for admins only. This will always display error 403 forbidden.
Response time should be within an acceptable agreed-upon limit, for example; APIs that are considered high-performing have an average response time between 0.1 and one second. At this speed, end users will likely not experience any interruption, but at around one to two seconds, users begin to notice some delay.
Also very important, the API should be secured against potential attacks. You can protect your API using strategies like generating SSL certificates, configuring a web application firewall, setting throttling targets, and only allowing access to your API from a Virtual Private Cloud (VPC).
One of the tools I prefer using is Postman; it's simple to use, and it gets the job done.
Postman is an API client that makes it easy for developers, QA specialists, and everyone using it to create, share, test, and document APIs. With this open-source solution, users can create and save simple and complex HTTP/s requests, as well as read their responses.
Example of API testing:
Let's say you need to test the login functionality and booking flow of different types of users who will have access to different parts of a booking webpage.
For this example, multiple types of access/users will be required for a better understanding:
API testing verifies that the travel booking system is successfully communicating with the other companies and presenting the correct results to users in an appropriate time frame. Furthermore, it checks that the information is displayed according to the user permissions on the page.
So, the normal user can only see the necessary information for the booking flow, while the Admin will be able to not only see but to edit, delete and overwrite data made by other users. Also, accept or decline bookings made.
The most commonly used calls in Postman are:
API testing plays an important role in any application. If it is not tested properly, it can create problems when performing requests from the BE (back end) and displaying them to FE (front end). It is a crucial and mandatory test in the software lifecycle. As QA specialists, we need to make sure that data is stored and shown properly on every call made by the app.
Stay up to date with the tech solutions we build for startups, scale-ups and companies around the world. Read tech trends and news about what we do besides building apps.