An introduction to RESTful APIs

Alicia Marianne - Oct 3 '23 - - Dev Community

Do you know what is an API? And how to test it? What kind of test that you can do when testing it? Tools that can help you to test it? How put this in your development process? So, to help you my dear padawan, i've create this serie: Deep Dive into API testing.
Basically, will be a serie of articles, publish every week related to API tests(RESTful). During this weeks, we'll discuss and learn about:

  • What is an API
  • What kind of tests we can do in an RESTful API
  • Tools that can be used to tests(Postman)
  • How to use famous frameworks to automate our tests, like cypress, rest assured, python
  • How run this tests in a Pipeline and get results

Starting this week, we'll discuss the main concepts to help us in this journey, like:

What is an API

An application programming interface (API) defines the rules that you must follow to communicate with other software systems. Developers expose or create APIs so that other applications can communicate with their applications programmatically. For example, the timesheet application exposes an API that asks for an employee's full name and a range of dates. When it receives this information, it internally processes the employee's timesheet and returns the number of hours worked in that date range.

In a few words, we can say that a Web API is an gateway that manage the communication between the User Interface and the Server.

Basic Architecture

What is REST

Representational State Transfer (REST) is a software architecture that imposes conditions on how an API should work. REST was initially created as a guideline to manage communication on a complex network like the internet.

The principles of REST architectural style:

  • Uniform interface
  • Statelessness
  • Layered System
  • Code on demand

The benefits of RESTful APIs are: Scalability, Flexibility and Independence. You can learn more here

Common HTTP methods

An HTTP(Hypertext Transfer Protocol) method tells the server what it needs to do to the resource. The following are the common HTTP methods:

  • GET: this method bring the data from the database, is possible to pass parameters to filter the data before sending as well.
  • POST: this method send data to server and create this data in the database.
  • PUT and PATCH: Both of this methods update the data on the database. The main difference between PUT and PATCH is that the with the PUT method, is possible to create a new data if it doesn't exist, the PATCH method only allow update exist data.
  • DELETE: Delete a data from database.

Why test APIs

How the API is responsible to manage the communication between the UI and the Server, make sure that this API is working is very important when we think in software development.
When you have an API bringing a wrong status code or wrong response, the final user for sure will be impacted. This is one of the problems that we can find when an API is not working as expected, in the worst scenario, sensitive data can be exposed.

Type of tests

Knowing the importance to test an API, let's see the most common type of tests for APIs:

  • Integration Testing: This type of test is to make sure that the API is working correctly and validate if the integrations with databases or other external services are working as expected.
  • Functional Testing: In this test, we ensure that the API functions are respecting the documented specifications and requirements.
  • Regression Testing: Ensure that recent code changes haven't broken existing API functionality.
  • Security Testing: Identify and address security vulnerabilities and ensure that the API is protected against common threats. Test for issues like SQL injection, Cross-Site Scripting (XSS), authentication flaws, and improper data handling.
  • Performance Testing: We test how the behavior of the API when we do a lot of requests. For this test, we can validate how the API respond when we have the load expected, more than expected and the endurance of the API when is called for extended periods.
  • Stress Testing: The goal of Stress testing is measuring software on its robustness and error handling capabilities under extremely heavy load conditions and ensure that software doesn’t crash under crunch situations.
  • Load Testing: Evaluate the API's performance under heavy loads to identify bottlenecks and optimize its scalability.

Tools and Frameworks used in API tests

Some tools and Frameworks that is possible to test APIs:

This article was a brief introduction of RestFul APIs we will deep into more details during the next weeks. I hope this content will be useful for you and for any questions, just reach me out! 

Bisous, à la semaine prochain 💅🏼

. . . . . . . . .