API testing is a type of software testing that involves testing application programming interfaces (APIs) directly and as part of integration testing to determine if they meet expectations for functionality, reliability, performance, and security. Source: Wikipedia
What to Test?
When determining what to test with an API, it’s helpful to understand the different categories of tests.
Security testing checks how well the API is protected from malicious actors. It ensures that resources (data) are protected and only provided to authenticated or authorized clients.
Functional testing checks whether the endpoints are satisfying their requirements. Functional and security testing have more options when it comes to testing. Some of the things that are tested include:
- HTTP status code (i.e 200, 404, 405)
Performance testing makes sure that an API can respond to requests of specific sizes, or can respond to clients quickly enough to satisfy system requirements. Performance testing may time how long it takes for a request to receive a response.
Connectivity determines if the API is responding and operational. If you are focusing on the connectivity of an API, you may execute a simple “ping” test to make sure that the server is responding.
Each of the above categories and subsequent testing factors increases the complexity of large-scale API testing. When an organization looks to start planning its APIs, certain challenges with API testing arise.
Hmmm… hope above intro helps and below are some of the gems I had bookmarked from the past years…. Hope it helps.
Links To different sites related to API Testing
A slide deck from Angiejones– https://slides.com/angiejones/abcs-of-apis and another link from the master – http://angiejones.tech/verifying-entire-api-responses
An API course from test automation University helps a lot for beginners to start with –
From abstracta – https://abstracta.us/blog/software-testing/api-testing-guide
From Ambertests – https://github.com/ambertests/explore-with-postman
This link from sisense – https://www.sisense.com/blog/rest-api-testing-strategy-what-exactly-should-you-test/
A link from devops site – https://devops.com/how-api-testing-can-save-you-thousands/
A free course from Execute Automation – https://executeautomation.com/learning-path/learn-api-testing
An awesome graphQL list – https://github.com/chentsulin/awesome-graphql
A free fake API for testing and prototyping. – https://jsonplaceholder.typicode.com/
REST Api tips-> https://www.restapitutorial.com/lessons/restquicktips.html
Maybe an offtopic but an awesome explanation about the Internet – https://explained-from-first-principles.com/internet/
Checklist of the most important security countermeasures when designing, testing, and releasing your API. – https://github.com/shieldfy/API-Security-Checklist
An awesome schema loader/visulaizer – https://apis.guru/graphql-voyager/
Other than above, Also here is a google drive link that was collected by many people in the community about API/All testing documents and you can access it from the link below.
Hope all these links help in your API testing career. I will add more if I get any new…
Some of the best practices to follow while doing API Testing –>
- API Test cases should be grouped by test category
- On top of each test, you should include the declarations of the APIs being called.
- Parameters selection should be explicitly mentioned in the test case itself
- Prioritize API function calls so that it will be easy for testers to test
- Each test case should be as self-contained and independent from dependencies as possible
- Avoid “test chaining” in your development
- Special care must be taken while handling one-time call functions like – Delete, CloseWindow, etc…
- Call sequencing should be performed and well planned
- To ensure complete test coverage, create API test cases for all possible input combinations of the API.
In this article, I gave you a brief intro and a lot of links to API testing. Testing should make your life easier. There’s plenty to explore with API Testing so make sure you take a look at the API documentation as well. I can help you Overshoot Your Goals in the Right Ways, head over to my profile here – https://testwitharjun.com/about/ to get more info.
Thanks for reading!!! I will be keep updating this list if i get any new resources 🙂