API Testing and its challenges

What is an API?

API is a short form of “Application Programming Interface”. API allows communication and data exchange between two applications without a user interface. Every time you use an app like Google, Facebook, Amazon you are using an API.

For Example: When you use an application on you mobile, that application connects to the internet and send data to server. After that server perform required action and sends response to your phone in unreadable form. Application decodes that response and presents you to in readable way. This complete process accomplished using API.

What is an API Testing?

API testing is a type of Software testing. In this testing we will verify that APIs are fulfilling expectations that are designed for functionality, reliability, security and performance. In simple word objective of API testing to check whether the output of API is correct or not in aspect of validation, functionality, security and error detection.

Why APIs Need to be Tested and GUI Testing isn’t enough

In previous development testing was taken care at the GUI level when developers have finished their work, they hand over their work to QA. QA had limited time to test that code at GUI level which covers both frontend and backend testing which means later you find defects, the cost of fixing the defects is increased. So with the help of API testing, testers engage in API testing early in development lifecycle or at a lower level and they will increase the testing coverage.

Type of API Testing:

1.       Unit Testing- Testing the functionality of the individual operations.

2.       Functional testing- Verifying that functionality of an API works exactly as per desired requirement.

3.       Load Testing - Testing that API can handle large amount of request and response.

4.       Security Testing- Testing that whether the authentication, permission and access control is implemented in API or not.

5.       Runtime Detection -  Verifying the runtime error problem such as race conditions, exceptions and resource leaks.

6.       Web UI Testing- Verifying the end-to-end integration tested that cover APIs as well.

7.       Penetration Testing - Verifying the security of computer system, network or web application.

8.       Negative Testing- Testing that API can handle invalid input values.

Common type of Bugs in API Testing

When we are doing API testing some common bugs we can find in our testing.

1.       Request and Response time is high.

2.       Response Data is not structured.

3.       Invalid Response Code.

4.       Response based on invalid data (Negative Testing) passed in Request.

5.       Verifying that if API is encrypting secure data in response. For example Credit Card details.

6.       Incorrect handling of valid arguments value.

7.       Based on input request response is checked.

Advantages of API Testing

1.       We can access the application without user interface.

2.       It is technology or language independent. Data is exchanged via XML or JSON so we can use any language.

3.       It reduces the testing cost. GUI testing cost is very high as compared to API.

4.       It is very helpful to test Core functionality.

Tools for API Testing

We can do API testing manually but it will take lots of time so API testing can be performed with tool as well.  Please refer the below Tools name:

1.       SoapUI

2.       Postman

3.       REST-Assured

4.       JMeter

5.       Fiddler

6.       KarateDSL

Challenges in API Testing

Testing teams face many challenges when testing an API. Please refer the some challenges in below section.

• API Call Sequence:

Sequence of APIs is the biggest challenge in API Testing. Apart from testing of each API, the sequence of APIs is very important because in many cases API calls need to appear in specific order to work properly as per requirement or we can say that in some cases the output of an API can be used as an input of other APIs. So API call sequence is very important.

•  Validating Parameter Combination:

API takes various input parameters so there will be a huge number of combinations of input parameter for validating. So it is also a big challenge in API Testing. User need to make sure on below points:

1.       Validation of parameter length limit

2.       Validation of parameter Data type

3.       Parameter output validation

3.       Maintenance:

Maintenance is also a challenge in API Testing. It is very difficult to maintain test suite which was created for Release1. If any update on API is required in further releases then user has to create complete test suite again and it will take lots of time.

4.       Tracking system Integration:

It is very important to make sure that API testing system is working fine with the data tracking system. This is necessary to obtain the exact response as per desired requirement.

Conclusion:

In addition to GUI level of application Companies have started focusing on automation at service level [APIs] of application which gets developed earlier in application lifecycle. Testing at service level always reduce the risk of issue found in integration of different level of application in later phase of application development.

 About Author  

Niharika, has an overall 6 years of experience in software testing. She has worked on varied applications like Desktop application, E-Commerce Web Application, Mobile Application and Casino games. An  ISTQB Certified Tester, she currently resides at  San Fransisco Bay Area, USA.