What is API
APIs are mechanisms that enable two software components to communicate with each other using a set of definitions and protocols. For example, the weather bureau’s software system contains daily weather data. The weather app on your phone “talks” to this system via APIs and shows you daily weather updates on your phone. In other words, APIs are the functions that communicate between the Presentation Layer (The presentation layer is the Interface of the application, which is presented to the end-user) and the Data Base Layer (The database layer is the Data Base of the application, where we store all the user data) in a three-tier application architecture and the API layer also known as a Business logic layer. In simple words, API communicates between two software to perform CRUD (Create, Read, Update, and Delete) operations between the two or more software.
What is meant by API testing?
API testing is a software testing practice that tests the APIs directly — from their functionality, reliability, and performance, to security. Part of integration testing, API testing effectively validates the logic of the build architecture within a short amount of time. In other words, API testing means testing the Business layer of the application and validating the communication between the presentation and Database layers. The process of analyzing the communication between these two layers is called API testing. In other words, verifying that an API fulfills its expected functionality, security, performance, and reliability is known as API testing. In simple words, we test the CRUD (Create, Read, Update, and Delete) operations of the application with the Database are functioning correctly without any interruptions and compromising the data safety.
Why you should Test an API
There are many questions about why should we test API and what are the benefits of testing API in software testing, and If we are testing the front end of the application doesn’t it mean that we are already testing the API? API validating the response well and is it important to test the APIs in software testing? and if we skip the API testing while testing the software product so will it cause any bugs? So why we should invest your time in API testing when we can perform the other types of testing at the same time
So according to google, the answer to these questions is At its most basic level, API testing is intended to reveal bugs: inconsistencies or deviations from the expected behavior. Continuous testing is also very important to make sure it continues to work when the public has access to it.
But according to me, there are more benefits to doing API testing and it is critical to perform API testing because it can find bugs that can be missed in Front end testing, We can introduce API testing to save money by finding defects at an early stage of software development, while the front end is doing development, and with API testing we can also validate the backend of the application. The software product will have some vulnerabilities which can be found by API testing and this can prevent any future disaster
What to Test in API Testing
The main objective of API Testing
Ensure that the implementation is working correctly as expected — no bugs!
Ensure that the implementation is working as specified according to the requirements specification (which later on becomes our API documentation). Prevent regressions between code merges and releases.
The thing that you can test in an API
1. HTTP Response Status Codes:- Verify the HTTP codes like 400 (Bad Request), 404 (Not Found), 200 (OK), 201 (CREATED), 500 (Internal Server Error), etc.
2. The response of the API:- Message in the response or JSON body received in response.
3. Authorization and Authentication:- Authentication verifies the identity of a user or service, and authorization determines their access rights. Although the two terms sound alike, they play separate but equally essential roles in securing applications and data. Understanding the difference is crucial. Combined, they determine the security of a system.
4. The response time of the API:- Compare the response time with the Expected response time and the Time taken on the front end of the application.
5. Schema Validations of the API:- Validating the JSON body of the request and response.
6. CRUD Operations:- Create, Read, Update, and Delete.
7. Performance Testing:- Performance types like load, streets, spike, scalability, endurance, volume, etc.
How to Test an API
An API is essentially a contract between the client and the server or between two applications. Before any implementation test can begin, it is important to make sure that the contract is correct. That can be done first by inspecting the spec (or the service contract itself, for example, a Swagger interface or OpenAPI reference) and making sure that endpoints are correctly named, that resources and their types correctly reflect the object model, that there is no missing functionality or duplicate functionality, and that relationships between resources are reflected in the API correctly.
There are multiple tools available for testing the APIs:-
1. Postman:- This tool is mostly used for API testing.
2. Apache Jmeter:- This tool is used for Performance testing.
3. API Tester:- This tool can be used by your android device for API testing.
4. Rest assured:- This tool is also used for API testing.
There are many more tools that can be used for API testing and some chrome extension as well but I am going to cover Postman in this Article.
How to install postman
1. Download the latest Postman version.
2. Select and run the .exe file to install Postman.
After completing the installation. Signup on the Postman with Gmail.
Accept the agreement.
Create a user name and Your role.
Add team members with Gmail addresses or create an invite link for the invitation or continue without a team.
Select the “New HTTP request” and Click on the continue button.
Select the method type and Copy and Paste the API URL here.
Click on the Send button.
After clicking on the response button you will receive a response body in the body section and the status code in status and the time in milliseconds and the size of the received data in the size. In the below image, you can see the Body is received in the response and the status is “200 OK”, the time taken is “957 ms” and the Size of the data is “1.73 KB”.
To learn more about the POSTMAN tool you can check the postman documentation LINK.