HOME

TheInfoList



Click Here for Items Related To - API testing
OR:
API testing on:   [Wikipedia]   [Google]   [Amazon]

API testing is a type of
software testing Software testing is the act of examining the artifacts and the behavior of the software under test by validation and verification. Software testing can also provide an objective, independent view of the software to allow the business to apprecia ...
that involves testing application programming interfaces (APIs) directly and as part of
integration testing Integration testing (sometimes called integration and testing, abbreviated I&T) is the phase in software testing in which individual software modules are combined and tested as a group. Integration testing is conducted to evaluate the compliance ...
to determine if they meet expectations for functionality, reliability, performance, and security.Testing APIs protects applications and reputations
by Amy Reichert, SearchSoftwareQuality March 2015 Since APIs lack a
GUI The GUI ( "UI" by itself is still usually pronounced . or ), graphical user interface, is a form of user interface that allows users to interact with electronic devices through graphical icons and audio indicator such as primary notation, inste ...
, API testing is performed at the message layer.All About API Testing: An Interview with Jonathan Cooper
by Cameron Philipp-Edmonds, Stickyminds August 19, 2014 API testing is now considered critical for automating testing because APIs now serve as the primary interface to
application logic In computer software, business logic or domain logic is the part of the program that encodes the real-world business rules that determine how data can be created, stored, and changed. It is contrasted with the remainder of the software that migh ...
and because GUI tests are difficult to maintain with the short release cycles and frequent changes commonly used with
Agile software development In software development, agile (sometimes written Agile) practices include requirements discovery and solutions improvement through the collaborative effort of self-organizing and cross-functional teams with their customer(s)/ end user(s), ...
and
DevOps DevOps is a set of practices that combines software development (''Dev'') and IT operations (''Ops''). It aims to shorten the systems development life cycle and provide continuous delivery with high software quality. DevOps is complementary t ...
.The Forrester Wave Evaluation Of Functional Test Automation (FTA) Is Out And It's All About Going Beyond GUI Testing
, by Diego Lo Giudice, Forrester April 23, 2015Produce Better Software by Using a Layered Testing Strategy
by SEAN Kenefick,
Gartner Gartner, Inc is a technological research and consulting firm based in Stamford, Connecticut that conducts research on technology and shares this research both through private consulting as well as executive programs and conferences. Its clients ...
January 7, 2014


API testing overview

API testing involves testing APIs directly (in isolation) and as part of the end-to-end transactions exercised during integration testing. Beyond RESTful APIs, these transactions include multiple types of endpoints such as web services, ESBs,
database In computing, a database is an organized collection of data stored and accessed electronically. Small databases can be stored on a file system, while large databases are hosted on computer clusters or cloud storage. The design of databases spa ...
s,
mainframes A mainframe computer, informally called a mainframe or big iron, is a computer used primarily by large organizations for critical applications like bulk data processing for tasks such as censuses, industry and consumer statistics, enterpris ...
, web UIs, and ERPs. API testing is performed on APIs that the development team produces as well as APIs that the team consumes within their application (including third-party APIs).Onus for third-party APIs is on enterprise developers
by Amy Reichert, SearchSoftwareQuality July 2014 API testing is used to determine whether APIs return the correct response (in the expected format) for a broad range of feasible requests, react properly to edge cases such as failures and unexpected/extreme inputs, deliver responses in an acceptable amount of time, and respond securely to potential security attacks.
Service virtualization Service may refer to: Activities * Administrative service, a required part of the workload of university faculty * Civil service, the body of employees of a government * Community service, volunteer service for the benefit of a community or a p ...
is used in conjunction with API testing to isolate the services under test as well as expand test environment access by simulating APIs/services that are not accessible for testing.Accelerate Development with Automated Testing
by Nathan Wilson,
Gartner Gartner, Inc is a technological research and consulting firm based in Stamford, Connecticut that conducts research on technology and shares this research both through private consulting as well as executive programs and conferences. Its clients ...
December 30, 2013 API testing commonly includes testing
REST Rest or REST may refer to: Relief from activity * Sleep ** Bed rest * Kneeling * Lying (position) * Sitting * Squatting position Structural support * Structural support ** Rest (cue sports) ** Armrest ** Headrest ** Footrest Arts and ente ...
APIs or
SOAP Soap is a salt of a fatty acid used in a variety of cleansing and lubricating products. In a domestic setting, soaps are surfactants usually used for washing, bathing, and other types of housekeeping. In industrial settings, soaps are used ...
web services with
JSON JSON (JavaScript Object Notation, pronounced ; also ) is an open standard file format and data interchange format that uses human-readable text to store and transmit data objects consisting of attribute–value pairs and arrays (or other s ...
or
XML Extensible Markup Language (XML) is a markup language and file format for storing, transmitting, and reconstructing arbitrary data. It defines a set of rules for encoding documents in a format that is both human-readable and machine-readable. ...
message payloads being sent over
HTTP The Hypertext Transfer Protocol (HTTP) is an application layer protocol in the Internet protocol suite model for distributed, collaborative, hypermedia information systems. HTTP is the foundation of data communication for the World Wide Web, ...
,
HTTPS Hypertext Transfer Protocol Secure (HTTPS) is an extension of the Hypertext Transfer Protocol (HTTP). It is used for secure communication over a computer network, and is widely used on the Internet. In HTTPS, the communication protocol is e ...
, JMS, and MQ.A Guidance Framework for Designing a Great Web API
by Eric Knipp and Gary Olliffe ,
Gartner Gartner, Inc is a technological research and consulting firm based in Stamford, Connecticut that conducts research on technology and shares this research both through private consulting as well as executive programs and conferences. Its clients ...
August 20, 2014 It can also include message formats such as
SWIFT Swift or SWIFT most commonly refers to: * SWIFT, an international organization facilitating transactions between banks ** SWIFT code * Swift (programming language) * Swift (bird), a family of birds It may also refer to: Organizations * SWIFT ...
,
FIX Fix or FIX may refer to: People with the name * Fix (surname) Arts, entertainment, and media Films * ''Fix'' (film), a feature film by Tao Ruspoli Music * ''Fix'' (album), 2015 album by Chris Lane * "Fix" (Blackstreet song), 1997 song by Black ...
, EDI and similar fixed-length formats, CSV,
ISO 8583 ISO 8583 is an international standard for ''financial transaction card originated'' interchange messaging. It is the International Organization for Standardization standard for systems that exchange electronic transactions initiated by cardholde ...
and
Protocol Buffers Protocol Buffers (Protobuf) is a free and open-source cross-platform data format used to serialize structured data. It is useful in developing programs to communicate with each other over a network or for storing data. The method involves an inte ...
being sent over transports/protocols such as
TCP/IP The Internet protocol suite, commonly known as TCP/IP, is a framework for organizing the set of communication protocols used in the Internet and similar computer networks according to functional criteria. The foundational protocols in the suit ...
,
ISO 8583 ISO 8583 is an international standard for ''financial transaction card originated'' interchange messaging. It is the International Organization for Standardization standard for systems that exchange electronic transactions initiated by cardholde ...
,
MQTT MQTT (originally an initialism of MQ Telemetry Transport) is a lightweight, publish-subscribe, machine to machine network protocol for Message queue/Message queuing service. It is designed for connections with remote locations that have devices ...
,
FIX Fix or FIX may refer to: People with the name * Fix (surname) Arts, entertainment, and media Films * ''Fix'' (film), a feature film by Tao Ruspoli Music * ''Fix'' (album), 2015 album by Chris Lane * "Fix" (Blackstreet song), 1997 song by Black ...
,
RMI RMI may refer to: Science and technology * Radio-magnetic indicator, an instrument used in aircraft navigation * Repetitive motion injury, an injury to the musculoskeletal and nervous systems * Richtmyer–Meshkov instability, an instability occu ...
,
SMTP The Simple Mail Transfer Protocol (SMTP) is an Internet standard communication protocol for electronic mail transmission. Mail servers and other message transfer agents use SMTP to send and receive mail messages. User-level email clients typic ...
,
TIBCO Rendezvous TIBCO Rendezvous is a software product that provides a message bus for enterprise application integration (EAI). Details TIBCO provides messaging APIs in C, C++, Java, Visual Basic, Perl and .NET to provide messaging between two or more se ...
, and
FIX Fix or FIX may refer to: People with the name * Fix (surname) Arts, entertainment, and media Films * ''Fix'' (film), a feature film by Tao Ruspoli Music * ''Fix'' (album), 2015 album by Chris Lane * "Fix" (Blackstreet song), 1997 song by Black ...
.How Do We Learn Composite App Testing-Speak?
by Adrian Bridgwater, Dr. Dobb's Journal February 14, 2012


API testing, GUI testing, and test automation

API Testing is recognised as being more suitable for
test automation In software testing, test automation is the use of software separate from the software being tested to control the execution of tests and the comparison of actual outcomes with predicted outcomes. Test automation can automate some repetitive bu ...
and
continuous testing Continuous testing is the process of executing automated tests as part of the software delivery pipeline to obtain immediate feedback on the business risks associated with a software release candidate.
(especially the automation used with
Agile software development In software development, agile (sometimes written Agile) practices include requirements discovery and solutions improvement through the collaborative effort of self-organizing and cross-functional teams with their customer(s)/ end user(s), ...
and
DevOps DevOps is a set of practices that combines software development (''Dev'') and IT operations (''Ops''). It aims to shorten the systems development life cycle and provide continuous delivery with high software quality. DevOps is complementary t ...
) than GUI testing. Reasons cited include: * System complexity: GUI tests can't sufficiently verify functional paths and back-end APIs/services associated with multitier architectures. APIs are considered the most stable interface to the system under test. * Short release cycles with fast feedback loops: Agile and DevOps teams working with short iterations and fast feedback loops find that GUI tests require considerable rework to keep pace with frequent change. Tests at the API layer are less brittle and easier to maintain. For these reasons, it is recommended that teams increase their level of API testing while decreasing their reliance on GUI testing. API testing is recommended for the vast majority of test automation efforts and as much edge testing as possible. GUI testing is then reserved for validating typical use cases at the system level, mobile testing, and usability testing.


Types of API testing

API testing typically involves the following practices: *
Unit testing In computer programming, unit testing is a software testing method by which individual units of source code—sets of one or more computer program modules together with associated control data, usage procedures, and operating procedures&m ...
- Testing the functionality of individual operations. *
Functional testing Functional testing is a quality assurance (QA) processPrasad, Dr. K.V.K.K. (2008) ''ISTQB Certification Study Guide'', Wiley, , p. vi and a type of black-box testing that bases its test cases on the specifications of the software component unde ...
- Testing the functionality of broader scenarios, often using unit tests as building blocks for end-to-end tests. Includes test case definition, execution, validation, and
regression testing Regression testing (rarely, ''non-regression testing'') is re-running functional and non-functional tests to ensure that previously developed and tested software still performs as expected after a change. If not, that would be called a ''regres ...
. *
Load testing Load testing is the process of putting demand on a structure or system and measuring its response. Software load testing The term ''load testing'' is used in different ways in the professional software testing community. ''Load testing'' gen ...
- Validating functionality and performance under load, often by reusing functional test cases. * Runtime error detection - Monitoring an application the execution of automated or manual tests to expose problems such as race conditions, exceptions, and resource leaks. *
Security testing Security testing is a process intended to reveal flaws in the security mechanisms of an information system that protect data and maintain functionality as intended. Due to the logical limitations of security testing, passing the security testing ...
- Includes
penetration testing A penetration test, colloquially known as a pen test or ethical hacking, is an authorized simulated cyberattack on a computer system, performed to evaluate the security of the system; this is not to be confused with a vulnerability assessment. ...
and
fuzz testing Fuzz may refer to: * ''Fuzz'' (film), a 1972 American comedy * '' Fuzz: When Nature Breaks the Law'', a nonfiction book by Mary Roach * The fuzz, a slang term for police officers Music * Fuzz (electric guitar), distortion effects to create "wa ...
as well as validating authentication, encryption, and access control. * Web UI testing - Performed as part of end-to-end integration tests that also cover APIs, enables teams to validate GUI items in the context of the larger transaction. * Interoperability testing - (SOAP only) Checking conformance to
Web Services Interoperability The Web Services Interoperability Organization (WS-I) was an industry consortium created in 2002 and chartered to promote interoperability amongst the stack of web services specifications. WS-I did not define standards for web services; rather, i ...
profiles. *
WS-* There are a variety of specifications associated with web services. These specifications are in varying degrees of maturity and are maintained or supported by various standards bodies and entities. These specifications are the basic web services ...
compliance testing - (SOAP only) Checking compliance to WS-* standards such as WS-Addressing, WS-Discovery, WS-Federation, WS-Policy, WS-Security, and WS-Trust. *
Penetration testing A penetration test, colloquially known as a pen test or ethical hacking, is an authorized simulated cyberattack on a computer system, performed to evaluate the security of the system; this is not to be confused with a vulnerability assessment. ...
- testing a computer system, network or Web application to find vulnerabilities that an attacker could exploit. *
Fuzz-testing In programming and software development, fuzzing or fuzz testing is an automated software testing technique that involves providing invalid, unexpected, or random data as inputs to a computer program. The program is then monitored for exceptions ...
- massive amounts of purely random data, sometimes referred to as "noise" or "fuzz", is forcibly input into the system in order to attempt a forced crash, overflow, or other negative behavior. This is done to test the API at its absolute limits, and serves somewhat as a "worst case scenario".


Software


See also

*
Automated testing In software testing, test automation is the use of software separate from the software being tested to control the execution of tests and the comparison of actual outcomes with predicted outcomes. Test automation can automate some repetitive bu ...
*
Service virtualization Service may refer to: Activities * Administrative service, a required part of the workload of university faculty * Civil service, the body of employees of a government * Community service, volunteer service for the benefit of a community or a p ...
*
Software testing Software testing is the act of examining the artifacts and the behavior of the software under test by validation and verification. Software testing can also provide an objective, independent view of the software to allow the business to apprecia ...
* Web API security


References

{{Software testing Software testing