Testing APIs (Automated and Manual Testing)

by
Previous
Next

Why is API Testing Important?

  1. Validates Core Logic: Ensures that the business logic implemented in the API works correctly.
  2. Identifies Issues Early: Catches bugs and performance bottlenecks before deployment.
  3. Enhances Security: Detects vulnerabilities in APIs, ensuring they are secure against attacks.
  4. Improves User Experience: Ensures smooth interaction between client applications and APIs.

Manual API Testing

Manual testing involves a human tester executing API requests and verifying the responses. It’s particularly useful for exploratory testing and scenarios where the API is still under development.

Steps for Manual API Testing

  1. Understand API Requirements: Analyze API documentation to understand endpoints, request methods (GET, POST, PUT, DELETE), and parameters.
  2. Set Up the Environment: Configure tools like Postman or curl for sending requests.
  3. Send Requests: Test various scenarios, including positive and negative cases.
  4. Verify Responses: Validate the status codes, response times, and returned data.
  5. Check Error Handling: Ensure proper error messages are returned for invalid inputs.

Tools for Manual API Testing

  • Postman: A user-friendly interface for sending API requests and inspecting responses.
  • curl: A command-line tool for testing API requests and headers.
  • Swagger UI: Interactive API documentation that supports manual testing.

Example of Manual Testing with curl:

# Sending a GET request
curl -X GET "https://api.example.com/users/1" -H "Authorization: Bearer <token>"

Automated API Testing

Automated testing uses scripts or tools to execute tests repeatedly without human intervention. It is ideal for regression testing, performance testing, and scenarios requiring repetitive checks.

Steps for Automated API Testing

  1. Select a Framework: Choose a testing framework like Postman, RestAssured, or JUnit.
  2. Create Test Cases: Define test cases covering all possible scenarios, including edge cases.
  3. Write Automation Scripts: Develop scripts to automate the execution of API requests and response validations.
  4. Run Tests: Execute the scripts across environments.
  5. Analyze Results: Review logs and reports to identify issues.

Advantages of Automated API Testing

  • Efficiency: Runs tests quickly and repeatedly.
  • Consistency: Reduces the chances of human error.
  • Scalability: Handles large volumes of tests efficiently.
  • Integration: Works well in CI/CD pipelines.

Tools for Automated API Testing

  1. Postman (Newman): Automates API tests and generates detailed reports.
  2. RestAssured: A Java library for automating RESTful API testing.
  3. SoapUI: Supports both REST and SOAP API automation.
  4. JMeter: Performs API performance and load testing.
  5. Katalon Studio: A comprehensive tool for API and web testing.

Example of Automated Testing with RestAssured:

import io.restassured.RestAssured;
import io.restassured.response.Response;

public class ApiTest {
    public static void main(String[] args) {
        Response response = RestAssured
            .given()
            .baseUri("https://api.example.com")
            .header("Authorization", "Bearer <token>")
            .when()
            .get("/users/1");

        System.out.println("Status Code: " + response.getStatusCode());
        System.out.println("Response Body: " + response.getBody().asString());
    }
}

Key Aspects to Test in APIs

  1. Functional Testing: Verifies the correctness of API endpoints.
  2. Load Testing: Ensures APIs can handle high traffic without performance degradation.
  3. Security Testing: Checks for vulnerabilities like SQL injection, XSS, and unauthorized access.
  4. Error Handling: Validates proper error messages and codes.
  5. Response Time Testing: Ensures responses are delivered within acceptable time limits.
  6. Data Validation: Confirms that the API returns the correct data in the right format.

Best Practices for API Testing

  1. Write Comprehensive Test Cases: Cover all possible scenarios, including edge cases and negative tests.
  2. Validate Every Component:
    • Endpoints: Ensure correct routing and functioning.
    • Headers: Check authentication and content-type headers.
    • Parameters: Test with valid and invalid input parameters.
  3. Use Mocks for External Dependencies: Simulate external services to isolate the API under test.
  4. Integrate Testing in CI/CD: Run automated tests as part of the build pipeline.
  5. Maintain Clear Documentation: Document test cases, tools, and scripts for future reference.

Example Scenario: Testing a User Login API

Endpoint: /login

Method: POST

Request Body:

{
    "username": "testuser",
    "password": "password123"
}

Expected Response:

  • Status Code: 200 for successful login.
  • Response Body: Contains a token field.
  • Error Scenarios:
    • 400 Bad Request: Missing fields.
    • 401 Unauthorized: Incorrect credentials.

Automation Script Example (Postman):

{
  "info": {
    "name": "Login API Test",
    "_postman_id": "abc123",
    "schema": "https://schema.getpostman.com/json/collection/v2.1.0/collection.json"
  },
  "item": [
    {
      "name": "Valid Login Test",
      "request": {
        "method": "POST",
        "header": [],
        "body": {
          "mode": "raw",
          "raw": "{\"username\": \"testuser\", \"password\": \"password123\"}"
        },
        "url": {
          "raw": "https://api.example.com/login",
          "host": ["api", "example", "com"],
          "path": ["login"]
        }
      },
      "response": []
    }
  ]
}

Previous
Next

Leave a Comment

BoxofLearn