Four Questions to Consider when Starting your API Testing Journey

Pooja Mistry - Jan 10 '22 - - Dev Community

In today’s API economy, it has become more critical than ever for API-first companies to spend time strategizing on how to deliver the best products in the marketplace.

APIs are the connective tissue between applications, servers, and data. Companies now treat them more as a marketable product rather than just a technical interface. With that said, it can be a daunting task for both developers and testers alike to create a plan that ensures the highest quality. But have no fear! I like to think of this process as a journey. With that perspective in mind, here are four questions that would be useful to consider when testing your APIs.

Am I using the right tool ?

Before starting any journey, one of the most important aspects to consider is what tools you will need to make your trip a success? Perhaps you will need a car, possibly some compact luggage; however, when it comes to API testing, you will need a tool that allows you to send API requests and view the correct response effectively.

Postman is the ideal tool for the job. It is a collaborative API development platform that simplifies creating, using, and testing APIs with an intuitive user interface.

Send Requests with Postman
Send Requests with Postman

A few of the many advantages of the tool include :

  • Ease of Use - Postman users can begin their API journey quickly and effectively using Postman’s comprehensive platform and broad support for all possible HTTP methods and queries such as REST, SOAP, and GraphQL.
  • Robust testing capabilities - Postman supports multiple testing environments, test checkpoints, automated scripting, and built-in support for using variables for security. It also has support for keeping track of API responses which is critical for testers when it comes down to debugging, comparing versions, and managing inconsistencies.
  • Management and Collaboration - Postman Workspace allows users to manage versions, authentication protocols, cookies, and certificates. It is also dedicated to the real-time collaboration between teams with built-in version control, ensuring developers and testers can stay on the same page when testing version releases.

Once you use the right tool, you can consider the following three questions.

How do I start and what is my road map ?

When a new API is ready to test, the first test that you should consider is a smoke test. A smoke test is a small quick test that ensures that the basic functionality of the API is working.

This test includes :

  • Checking to see if API responds to first call
  • Testing API with small amounts of data to see if it responds with a payload in the correct schema
  • Testing API with proper authentication and seeing if it passes/fails to the valid authorization
  • Testing API with any other components that it’s supposed to interact with.

A smoke test is used to smoke out any apparent errors quickly spotted and resolved.

Once your smoke tests pass, it is time for you to create the correct road map. This road map can be defined by ensuring that you can hit all possible functionalities successfully. Usually, you can map out this strategy by considering HTTP methods and CRUD operations.

Some of the tests that can be included in your road map :

  • Functionality Tests - test of specific functions within the codebase
  • Validation Tests - tests to verify aspects of API its behavior, and efficiency
  • Sanity Tests - tests to verify if response makes correct sense
  • Integration Tests - tests to verify API can integrate with other components
  • Load Tests - tests to validate the performance under specific load requirements
  • Runtime Tests - tests related to monitoring, execution errors, resource leaks, or error detection
  • Security Tests - tests to verify authorization and validation of encryption methodologies to enable security from external threats

Once you have strategized which types of tests you will include in your road map, you can also consider making testing easier through automation. Automation can allow you to do regression testing, allowing you to run your entire test suite after a patch, upgrade, or bug fix. Postman is also an excellent tool for all things API automation; check out this blog: API Testing Tips from a Postman Professional to learn more.

What is the Happy Path and the Not -So-Happy Path ?

We may often think that if an API does what it is supposed to do, then it works perfectly. This is only the Happy Path piece of the puzzle when it comes to testing. The other piece is negative testing which is equally essential for ensuring quality.

By performing negative testing, you can see whether or not their API can deal with receiving incorrect or invalid data gracefully, such as with an error message instead of a hard crash or a complete stop.

This blog: Negative testing for more resilient APIs provides notable examples for negative testing, which I recommend you check out! Ideally, you would want to test for all API success and failure responses. Check out this comprehensive list to learn more.

As you go about your testing journey, you may wonder how you can validate your positive and negative responses. Postman has functionality for creating test scripts, which genuinely helps testers level up their validation game.

Do these tests closely mirror the real world ?

The final factor to consider is testing in environments that simulate exact conditions the API will encounter in production or when it is released. Doing so will ensure that the test results accurately reflect the API’s ability to correctly function and perform when subjected to its intended working environment.

However, there may come a time when specific components or other APIs may be missing or unavailable. Simulating a real-world environment may rely on mocking components in this scenario. Mocking components is helpful because you can replace missing parts and customize features to deliver the ideal responses needed to complete the testing procedure.

Learn more about mock servers here

Although API testing can be a daunting process, I hope that after reading this blog, these four questions help you get a head start on your API testing journey. If you are interested in learning more about Postman, check out the learning center! In the meantime, know that every big journey begins with small steps - API testing included.

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .