API testing focuses on testing the business logic or the functionality of the application, using API testing you are also validating the data responses, as well as ensuring whether your APIs are performant and secure.
So you are testing the core functionality of the application without touching the UI or worrying about the look and feel of the application. With API testing you can either test a single request or the integration between multiple requests and validate the response that’s being returned by the server.
Validate an API response:
Let’s say you are testing this ‘users’ API – https://jsonplaceholder.typicode.com/users. You’ll see a response similar to this on a GET call:
{
id: 1,
name: "Leanne Graham",
username: "Bret",
email: "Sincere@april.biz",
...
},
You can validate the following scenarios:
- Ensure the value of the required properties are not empty such as username or email
- Verify email is in the right format
- The name should take ‘x’ number of max characters
Similarly, you can create and verify many such scenarios per your business requirement.
Types of API Testing:
- Functionality Testing – Testing the business logic of the application. For example, if I make an API call to the signup route, I expect it to create a new user for me and provide the details of that new user in the response.
- Load Testing: Basically, making sure if our APIs can handle the application load. For example, if 1000 users are hitting the API at the same time, our APIs should be able to handle that load meaning it should not break or take lots of time to return the response
- Security Testing: Checking if the APIs are secure. For example, we don’t want someone to be able to access the application data without going through the proper authentication process and having the correct token. Another example would be, we don’t want one user to be able to access the data of other users, etc..
- Penetration Testing: Basically going one level deeper and making sure hackers or attackers cannot break your application or access your company’s sensitive data
- Negative Testing: Ensuring that the APIs are able to handle wrong or invalid input. For example – users should not be able to enter an invalid email format, or register without entering email or password, etc…
Advantages of API Testing:
- Early app access: In most cases, your APIs will get created first and then UI will integrate with the API. This way u have early access to the application functionality and you can validate if the business logic is working as expected. Also, you’ll be able to catch bugs earlier in the development process instead of waiting for all the way until the end when UI will be ready
- Test speed and coverage: API testing can be performed a lot quicker than browser testing. Specifically, when you get to automation, API tests run a lot faster than browser tests as you are skipping the entire UI layer and jumping directly to the API layer. At the same time, you are also increasing your test coverage by testing your APIs
- Language independent: API testing is language independent as the data is exchanged via JSON or XML, so you can use pretty much any language for test automation that can handle JSON or XML data
- Easier to maintain: API tests are much easier to maintain as they are less flaky and more reliable since you don’t typically change your business logic or APIs as often compared to the UI
