How to test an API.

Before going to API testing, let's first understand

What is an API?

API is an acronym for Application Programming Interface.
It enables communication and data exchange between two separate software systems. A software system implementing an API contains functions/sub-routines which can be executed by another software system.

What is API testing?

API testing is entirely different from GUI testing and mainly concentrates on the business logic layer of the software architecture. This testing won't concentrate on the look and feel of an application.
Instead of using standard user inputs(keyboard) and outputs, in API Testing, you use software to send calls to the API, get output, and note down the system's response.
API Testing requires an application to interact with API. In order to test an API, you will need to
  • Use Testing Tool to drive the API
  • Write your own code to test the API

Set-up of API Test environment


  • API testing is different than other testing as GUI is not available, and yet you are required to setup initial environment that invoke API with required set of parameters and then finally examine the test result.
  • Hence, Setting up testing environment for API testing seems little complex.
  • Database and server should be configured as per the application requirements.
  • Once installation is done, API Function should be called to check whether that API is working.

Types of Output of an API

Output of API could be
  1. Any type of data
  2. Status (say Pass or Fail)
  3. Call to another API function.
Let's look at an example of each of above Types
Any Type of Data
Example: There is an API function which should add two integer numbers.
?
1
Long add(int a, int b)
The numbers have to be given as input parameters. Output should be summation of two integer numbers. This output needs to be verified with expected outcome.
Calling needs to be done such as
?
1
add (1234, 5656)
Exceptions have to be handled if number is exceeding the integer limit.
Status (say Pass or Fail)
Consider the below API function -
  1. Lock()
  2. Unlock()
  3. Delete()
They return any value such as True (in case of success) or false (In case of error) as an output.
A more accurate test case would be, can call the functions in any of the script and later check for changes either in the database or the Application GUI.
Calling of another API / Event
In this case, we call one of the API function which in turn will call another function.
For example - First API function can be used for deleting a specified record in the table and this function in turn call another function to REFRESH the database.

Test Cases for API Testing:

Test cases of API testing are based on
  • Return value based on input condition: it is relatively easy to test, as input can be defined and results can be authenticated
  • Does not return anything: When there is no return value, behavior of API on the system to be checked
  • Trigger some other API/event/interrupt: If output of an API triggers some event or interrupt, then those events and interrupt listeners should be tracked
  • Update data structure: Updating data structure will have some outcome or effect on the system, and that should be authenticated
  • Modify certain resources: If API call modifies some resources then it should be validated by accessing respective resources

Approach of API Testing:

Following points helps the user to do API Testing approach:
  1. Understanding the functionality of the API program and clearly define the scope of the program
  2. Apply testing techniques such as equivalence classes, boundary value analysis and error guessing and write test cases for the API
  3. Input Parameters for the API need to be planned and defined appropriately
  4. Execute the test cases and compare expected and actual results.

Comments

Post a Comment

Popular posts from this blog

Book ticket online through IRCTC using Selenium Webdriver.

Hi Guys, Everyday I try something new, So Today I will share code to book ticket online From IRCTC with the help of Selenium Webdriver. But before please! NOTE some points before Executing the code: All the CAPTCHA Field's have to be filled Manually because I didn't found how to auto fill it. After Searching trains all fields and links are generated dynamically so you have to Inspect the field every time. I have wrote this code to book ticket between NDLS(New Delhi) to CNB(Kanpur) Journey date June,13 You cannot inspect element by right clicking on element, press F12 and do it manually. This code will only take you to payment gateway after that you have to handle it manually. Now The Code is Below: import java.util.List; import java.util.concurrent.TimeUnit; import org.openqa.selenium.By; import org.openqa.selenium.Keys; import org.openqa.selenium.WebDriver; import org.openqa.selenium.WebElement; import org.openqa.selenium.firefox.FirefoxDriver; im
Read more

How to create a New Gmail Account using Selenium Web Driver.

package Signup_gmail; import org.apache.bcel.generic.Select; import org.apache.james.mime4j.message.Message; import org.openqa.selenium.By; import org.openqa.selenium.WebDriver; import org.openqa.selenium.WebElement; import org.openqa.selenium.firefox.FirefoxDriver; public class Sign_up { public static void main(String[] args) throws InterruptedException { WebDriver driver=new FirefoxDriver(); //Creating Object of firefox driver. driver.navigate().to("https://accounts.google.com/signup?hl=en-GB"); //Navigating to web page. driver.findElement(By.id("FirstName")).sendKeys(""); //Entering First Name. WebElement TxtBoxContent = driver.findElement(By.id("errormsg_0_LastName")); //Object creation of web element. TxtBoxContent.getText(); //Fetching value of error message through "TxtBoxContent" object. Object obj= new Object(); //Creating New Object. obj=driver.findElement(By.i
Read more

SQL Injection.

Image
An SQL Injection can destroy your database. SQL in Web Pages When SQL is used to display data on a web page, it is common to let web users input their own search values. Since SQL statements are text only, it is easy, with a little piece of computer code, to dynamically change SQL statements to provide the user with selected data: Server Code txtUserId = getRequestString("UserId"); txtSQL = "SELECT * FROM Users WHERE UserId = " + txtUserId; The example above, creates a select statement by adding a variable (txtUserId) to a select string. The variable is fetched from the user input (Request) to the page. The rest of this chapter describes the potential dangers of using user input in SQL statements. SQL Injection SQL injection is a technique where malicious users can inject SQL commands into an SQL statement, via web page input. Injected SQL commands can alter SQL statement and compromise the security of a web application. SQL Injection B
Read more