API testing has become a very frequently used term in software testing now. What exactly is API testing, how and why it is done? How is it different from the usual UI testing? What are the tools that can be used for API testing? These are some of the questions that you would have in mind if you were searching for information on API testing. Well, this article aims to answer these basic questions about API testing and help you get started with API testing.

What is meant by API?

Before we jump into API testing let’s start by understanding what an API is. API stands for Application Programming Interface. The word interface implies ‘point where two systems meet and interact and it has the same meaning in the API context too. An API is a set of functions, communication protocols, and tools for building software which acts an interface for the software components. It simply allows a piece of software to interact with another piece of software. It can be considered as a messenger that delivers your request to the provider that you are requesting it from and then delivers the response back to you.
An API defines functionalities that are independent of their respective implementations and acts as building blocks to develop a program. When developers want to create a code, they don’t have to start from scratch; instead, they can reuse other modules APIs easily. API acts as an abstraction because as it gets a request from the user, it gives the response without exposing the internal logic. An API may be program-centric or web-based. Web APIs are APIs provided by third parties over the internet.
Are you still confused or not getting a clear idea of what is an API? Don’t worry let's end this section by introducing a couple of real-life example for a web API so that the idea will be clear to you. You might have come across various websites or applications which gives an option to sign up with your Google/Facebook account. You would be able to sign up without requiring you to fill the signup forms and details, all your data will be fetched from your Google account sign up information. This is an example where the website uses Google API to fetch your details. Another real-time example you can think of is Paytm. The Paytm API can be integrated into the payments features of your mobile or web e-commerce applications. So when you are making your UBER ride payment through Paytm, Uber is really making a request to Paytm servers for the payment. Google maps is another API which developers can embed into any application they are developing with just a few lines of HTML code without having to maintain large sets of map data. There are thousands of such APIs available in 'Programmable Web' now. Whoa! Thanks to APIs for making app development easy and saving a lot of time of developers with so many such reusable APIs. From these examples, API is nothing but an endpoint to which you send requests and receives back data. The examples that we discussed were third-party APIs, the same happens with program-centric APIs as well- send a request and receive data.

What is API testing?

Now, that we have discussed what an API is, we shall move on to API testing. API testing involves testing the API of an application bypassing the User Interface. It is one of the most important types of software testing, which is a part of integration testing and is used to determine the expectations for reliability, functionality, and performance of the application under test as APIs serve as the primary interface to application logic.
API forms the business logic tier of an application and can be considered to be the brain of the application. An application also has other layers – the Data-tier where data is retrieved from the database and file system and stored, and the Presentation layer which is the user interface part. API is the middle layer which processes data between the layers and coordinates the application by processing commands and making logical decisions. So, API testing concentrates on the business logic layer of your software application.
You would be familiar with the user interface testing where you can directly test a webpage or an application using standard inputs and outputs and checking the screens with controls like menus, buttons, icons, dialog boxes, etc. But API testing is entirely different and here you communicate with the application directly by making calls to its API. You would have to use software to send calls to the API, get output and validate the system’s response to ensure things are working as expected.
API testing tests that the APIs returns a correct response or output under varying conditions. The output received may be a pass or fail status, some data or information that has been requested for, or a call to another API. Developers would be carrying out unit tests on the APIs to test the functionalities they are working on. But the testers doing API testing has the responsibility of testing both individual functionalities and a series or chain of functionalities, how they work together from end to end. API testing has to be done on the APIs provided by your application development teams as well as APIs that the team uses in the application including third-party APIs.
API testing is often referred to as headless testing and allows you to test headless technologies like JMS, HTTP, databases and Web services. Thus, API testing commonly includes testing REST APIs or SOAP web services with JSON or XML message payloads being sent over HTTP, HTTPS, JMS, and MQ. It can also include message formats such as SWIFT, FIX, EDI, and similar fixed-length formats, CSV, ISO 8583 and Protocol Buffers being sent over transports/protocols such as TCP/IP, ISO 8583, MQTT, FIX, SMTP, etc.

Importance of API testing

Most testing teams were focusing on GUI tests alone in the past. But this attitude has changed in recent times. UI tests alone cannot comprehensively test your application. For instance, a UI test may validate the UI layer- its look and feel and functionalities, but not necessarily the system’s internals in a targeted way. That means GUI tests are not enough to verify functional paths and back-end APIs/Services associated with the multitier architectures. We know that the majority of the business logic resides in API. But since a UI flow doesn’t have a one to one mapping to every API, there are chances that many things can be missed.
With continuous integration/continuous delivery (CI/CD) practices gaining a lot of hype in the software industry, API testing has become more critical than ever. In the DevOps world, organizations adopt a micro-services way of creating software which allowed them to have small, independent services be independently deployable and testable. This modern approach has made organizations realize API testing is one of the apt ways for testing such applications and enable fast shipping. In API testing, we can start testing the core functionalities even when the UI is not ready. API is automation ready- they are easier to automate and often ready before the UI that consumes them is ready. Moreover, API tests are less fragile to change compared to the UI which changes very often. This makes it much easier to maintain API automation tests. API tests also make good candidates to reuse with performance. Testing teams should understand these benefits and focus on more API testing by increasing their level of API testing while decreasing their reliance on just GUI testing.

Types of API testing

There are different types of testing that need to be done to an API. Some of the different kinds of API testing carried out are:

  • Functionality testing which tests if the API is technically working.
  • Usability testing which tests if the API is easy to work with.
  • Reliability testing which tests if the API can be consistently connected to and lead to consistent results.
  • Load testing which tests if the API can handle a large number of calls.
  • Security testing which tests if the API has defined all security requirements including authentication, permissions and access controls.
  • Penetration testing to find vulnerabilities of application from attackers.
  • Interoperability and WS compliance testing that applies to SOAP APIs which tests for interoperability between SOAP APIs by ensuring conformance to the Web Services Interoperability Profiles.

Tools for API testing

There are many tools available for API testing. Here is a list of the most popular tools:

  1. SoapUI
  2. Postman
  3. Katalon Studio
  4. Rest-Assured
  5. Parasoft SOA test

Getting started with API testing

Now that we have seen what API testing is all about and some of the popular tools for API testing, here are a few links that would help you get started with API testing.

Tutorials:

Online courses from Udemy:

Hope you liked the article and would be helpful to you to get started with API testing!Happy Testing!