Overview of REST API Testing
Para acceder a post original click aquí
When we are told to test a complete application, the first things that come to our mind are its specifications, requirements and how the different functionalities need to re-tested.
We also create a test plan side by side so that ample emphasis is provided to all testing vertices. But when a project has short release cycle and the application is prone to change, we must think of a better approach.
In Agile projects, dealing with large and complex applications, we must resort to a testing methodology that tests the application core and verifies responses for specified requests. And this is why API testing is considered the best approach in such circumstances.
In this article, we would look at what one form of API testing, i.e. REST API testing and also mention the different tools and practices recommended for such testing.
API Testing at a Glance
Before we start talking about REST API testing, let’s find out what can be achieved out of API testing.
- Most applications use different APIs (Application Programming Interfaces) to provide distinct features. These APIs can be independently created by the development team, along with other third-party APIs.
- APIs enables communication or exchange of information between different software systems. As they are mostly driven by the business logic, such interfaces lack any GUI.Due
the absence of GUI, API testing completely relies on the verification of user inputs and corresponding API responses.
- API testing doesn’t take the application’s look and feel into consideration and only checks API’s calls and system responses.
- Testers provide a wide range of requests to the API and checks whether the API returns valid responses. Edge cases like extreme or out-of-bound inputs, time-outs and security related tests are also performed to validate negative test scenarios.
- In order to test any API, testers need:
► A testing tool to communicate with the API
► Custom code to test the API.
Need of API Testing over GUI Testing
To better understand the need of API testing, let us elaborate the advantage provided by API testing over simple GUI testing.
- Most applications can be segregated in 3 distinct layers.
► Presentation layer
► Business layer
► Database layer
- GUI testing and test automation are performed in the presentation layer. This, in turn, communicates with the business and database layers to validate the correctness of a test.
- API testing directly targets the business layer of the application and instead of standard inputs, makes use of software to send calls to different APIs. The responses from these calls are used to validate test scenario.
- As GUI is not involved, API testing is considered to be much more suitable for continuous testing and for projects which follow Agile Software Development.
- For projects with short release cycles and prone to frequent changes, testing GUI would require a lot of rework and can be hard to maintain. Such projects should opt for API testing.
- Test scenarios with a large number of edge cases can be easily executed with API testing than GUI testing.
SOAP vs REST API
Now that we are well aware of the capabilities of an API and how important API testing is, let’s discuss in brief the different types of APIs.
SOAP(Simple Object Access Protocol) API
- It is a standard and follows rigid messaging patterns.
- Uses XML to provide messaging service.
- It is language and platform independent.
- Easy to use in distributed enterprises
- Supports built-in error handling
REST(Representational State Transfer) API
- Doesn’t require expensive tools to interact with the Web Service.
- A light-weight alternative to SOAP.
- Responses can be generated in a number of different formats, namely CSV, JSON or RSS.
- Easy to learn
- Responses are relatively fast
- Mimics Web technologies and relies on HTTP protocol
REST API Testing Fundamentals
To successfully test a REST API, coding knowledge is required. Using a tool we communicate with the API, while using a custom code we validate the API.
- To test the basic features of the REST API, we must know the following keywords.
- POST – This keyword is used to create new resources.
- GET – It is used to read existing resources.
- PUT – This keyword is used to update existing resources.
- DELETE – Used to delete resources.
- Using the GET command with the right URL and authentication data we can validate the response of the API.
- To create entries we can use PUT command and in return check the response.
- If the response is returned with the added data, we can confirm that data is correctly getting archived by the API.
- Thus different edge scenarios and boundary value conditions can be easily verified with REST API testing.
- Also, we automate the API calls and validate the responses using different automation tools.
- Some widely used REST API testing tools are
► HP QTP
► HTTP Master
Challenges of REST API Testing
Some of the challenges faced during REST API testing are:
- Coding knowledge is must for testers who are involved in API testing,
- Exception handling is taken care of for SOAP web services, but for REST, if there are any issue with the request, response won’t be generated at all. Finding the root cause of such blank responses can be a really tough job.
- As there is no user interface involved, the edge scenarios must be identified before testing.
- As REST API testing directly addresses the core business layer of an application, it is extremely useful for testing applications which are prone to changes.
- To test the APIs thoroughly, all edge scenarios must be identified.
- API testing can also be integrated with automation test suits which can validate API responses without manual intervention.