API Testing and API Automation
API Testing and API Automation: API Automation involves writing scripts or tests that automatically test your APIs (instead of testing manually).
Why Automate?
- Save time on regression testing.
- Ensure consistency.
- Integrate with CI/CD pipelines.
| Tool | Language | Features |
|---|---|---|
| Postman + Newman | JS | Run collections via CLI, good for CI pipelines |
| Rest Assured | Java | BDD-style, powerful for HTTP testing |
| SuperTest | JS (Node.js) | Great with Express APIs |
| Pytest + Requests | Python | Lightweight and flexible |
| Karate DSL | Java | Easy to write test scenarios with Gherkin syntax |
API
- API stands for Application Programming Interface.
- It is a collection of functions, procedures, or methods that are available to be executed by other software applications.
- Its main purpose is to offer access to certain services and provide communication between software components.
- They make life easier for developers as they can take advantage of the functionality of an API, thus avoiding having to reprogram such functionality from scratch.
APIs vs Web Services
- Web services require a network. While APIs can be on- or offline, web services must use a network.
- APIs are protocol agnostic. While APIs can use any protocols or design styles, web services usually use SOAP (but sometimes REST, UDDI, and XML-RPC).
| Aspect | API | Web Service |
|---|---|---|
| Definition | A set of protocols and tools for building software and applications | A type of API that operates over a network (usually the internet) |
| Protocol | Can use any protocol (HTTP, WebSocket, FTP, etc.) | Primarily uses HTTP (or SOAP in traditional cases) |
| Usage Scope | Broad – includes libraries, SDKs, OS APIs, etc. | Narrow – always network-based |
| Data Format | Supports XML, JSON, etc. | Often uses XML or JSON (depending on type) |
| Examples | JavaScript API, REST API, OS APIs | SOAP Web Service, RESTful Web Service |
Request Types
1. GET: GET method is used to retrieve data from an API.
2. POST: POST method is used to send new data to an API
3. PUT: PUT method is used to update existing data
4. PATCH: PATCH method is used to update existing data
5. DELETE : DELETE method is used to remove existing data.
| Method | Usage | Description |
|---|---|---|
| GET | Read data | Requests data from a server (no data modification). |
| POST | Create data | Sends data to the server to create a new resource. |
| PUT | Update (full) | Replaces an entire resource with the provided data. |
| PATCH | Update (partial) | Updates part of a resource (partial changes). |
| DELETE | Delete data | Removes a specified resource from the server. |
API Status Code
1xx: Informational – Communicates transfer protocol-level information.
2xx: Success – Indicates that the client’s request was accepted successfully.
3xx: Redirection – Indicates that the client must take some additional action in order to complete their request.
4xx: Client Error – This category of error status codes points the finger at clients.
5xx: Server Error – The server takes responsibility for these error status codes.
Common tests performed on API’S
- Verification of the API whether it is updating any data structure
- Verify if the API does not return anything
- Based on input conditions, returned values from the API’s are checked
- Verification of the API whether it triggers some other event or calls another API
| Test Type | Purpose | Example |
|---|---|---|
| Functional Testing | Check if the API performs as expected. | Verify login API returns status 200 with a valid token. |
| Validation Testing | Ensure response schema, data types, and formats are correct. | Check that all fields in a user response match expected JSON structure. |
| Load Testing | Check performance under expected traffic volume. | Test how the API behaves when 500 users call it simultaneously. |
| Security Testing | Ensure APIs are protected against attacks. | Test token validation, rate limits, and authentication enforcement. |
| Error Handling | Verify how the API handles invalid requests. | Send malformed data and check for proper 400/422 responses. |
| Latency Testing | Measure response time. | Ensure API responds under 200ms for most requests. |
| Integration Testing | Test interaction between multiple APIs or services. | Create a user and ensure it’s visible in a dashboard API. |
Key difference between UI level testing and API testing
UI ( User Interface) refers to testing graphical interface such as how user interacts with the applications, testing application elements like fonts, images, layouts etc. UI testing basically focuses on look and feel of an application.
How to test API’s ?
To test the API’s you should follow the following steps
- Select the suite in which you want to add the API test case
- Choose test development mode
- Develop test cases for the desired API methods
- Configure application control parameters
- Configure test conditions
- Configure method validation
- Execute API test
- View test reports
- Filter API test cases
- Sequence API test cases
Main challenges of API testing
- Parameter Selection
- Parameter Combination
- Call sequencing
Steps for testing API
API testing steps
- Select the test case that has to be fulfilled
- For API call develop a test case
- To meet the test case configure the API parameters
- Determine how will you validate a successful test
- Using programming language like PHP or .NET execute the API call
- Allow the API call to return the data to validate
Tools used for API test automation
- Rest Assured
- Soap UI
- Postman
Major challenges faced during API testing
The major challenges faced during the API testing are:
- Parameter Selection
- Parameter Combination
- Call sequencing
- Output verification and validation
- A major challenge is providing input values which are very difficult because GUI is not available.
Components of an HTTP request
An HTTP request have five components. These are:
- Action showing HTTP method like GET, PUT, POST, DELETE.
- Uniform Resource Identifier (URI): URI is the identifier for the resource on the server.
- HTTP version: Indicate the HTTP version like- HTTP V1.1.
- Request Header: Request Header carries metadata for the HTTP request message. Metadata could be a client type, format supported by the client, format of a message body, cache setting etc.
- Request Body: Resource body indicates message content or resource representation.
Building Blocks of Postman
Before testing an API, first we will see some building blocks of Postman Tool that are essential for every Postman operations.
- Requests
- Collections
- Environment
API url : https://jsonplaceholder.typicode.com/users
Request to GET
Request to POST
Get Verifications – https://jsonplaceholder.typicode.com/users
pm.test(“Verify status code is 200”, function(){
pm.response.to.have.status(200);
});
pm.test(“Verify staus”, function(){
pm.response.to.have.status(“OK”);
});
var response_json = pm.response.json();
pm.test(“Verify the name of the 1st user – 1”, function(){
pm.expect(response_json[0].name).to.eql(“Leanne Graham”); // Assetion. it checks the expected results aginst the Actual results
console.log(“Test Print” + response_json[0].name);
});
pm.test(“Verify the street user – 1”, function(){
pm.expect(response_json[0].address.street).to.eql(“Kulas Light”);
});
POST Verifications https://jsonplaceholder.typicode.com/users
pm.test(“Verify status code is 201”, function(){
pm.response.to.have.status(201);
});
pm.test(“Verify staus”, function(){
pm.response.to.have.status(“Created”);
});
var response_json = pm.response.json();
pm.test(“Verify the id of created user”, function(){
pm.expect(response_json.id).to.eql(11);
});
Post Response Body
[
{
“id”: 11,
“name”: “OUSL 2021”,
“username”: “WS2021”,
“email”: “ws2021@test.com”,
“address”: {
“street”: “2nd Lane”,
“suite”: “Test”,
“city”: “Nawala”,
“zipcode”: “12400”,
“geo”: {
“lat”: “-37.3159”,
“lng”: “81.1496”
}
},
“phone”: “+94264264724”,
“website”: “ousl.org”,
“company”: {
“name”: “Tesla”,
“catchPhrase”: “Multi-layered client-server neural-net”,
“bs”: “harness real-time e-markets”
}
}
]
