Table of Contents
What is API?
API stands for Application Programming Interface, They are basically a collection of functions and procedures that allows us to communicate two applications or libraries.
For example,
It is like a connector as seen in the picture.
All data connects
to our organization through API.
In one line, API is an interface between
different software programs
or services.
API is the messenger that takes your order(waiter) and tells the system(kitchen) what to do (to prepare
food) and in return gives back the response you asked
for (waiter returns with
the ordered food).
Type of APIs:-
What is API Testing?
When we talk about API Testing,
API testing is testing APIs and their integration with the services.
It is one of the most challenging types of testing, If we miss certain cases in API Testing that can cause a very big problem in production after full integration and it will be hard to debug in the production environment.
In this definite guide,
We are basically discussing the REPI Testing. Where we need to test the REST APIs for validation, error codes, and load testing.
What is REST API?
As REST is an acronym for REpresentational State Transfer, statelessness is key. An API can be REST if it follows the below constraints.
The REST architectural style describes six constraints. These constraints, put on the architecture, were initially communicated by Roy Fielding in his doctoral dissertation and defined the basis of the RESTful style.
1.
Uniform Interface
2.
Stateless
3.
Cacheable
4.
Client-Server
5.
Layered System
6. Code on Demand
Uniform Interface
The uniform interface constraint defines the interface between clients and servers. In other terms,
The first constraint of the REST API states that the Client and server have to communicate and agree to certain rules based on resources(they should communicate with the same resource like JSON, XML, HTML, and Txt) and with proper encoding like UTF-8 extra.
Another point is they should communicate with Self-descriptive Messages e.g. Using the same MIME types.
Stateless
APIs in REST are stateless and the Client and server don’t worry about the state of the request or response.
Cacheable
According to the World Wide Web, clients can cache responses. Responses should therefore, implicitly or explicitly, define themselves as cacheable. It's up to the server when they want the cache to expire etc.
Client-Server
Client and Server are two different entities, It means that servers and clients may also be replaced and developed independently, as long as the interface is not altered.
Layered System.
It means that between client and server, there can be any number of layered systems it does not matter.
Code on Demand
The server can store the Code or logic to itself and transfer it whenever needed rather than client-side logic.
If any API fulfills all the constraints then we can it REST API.
Difference between
REST API vs SOAP API.
We have already discussed REST API, Let's now Learn what is SOAP API.
SOAP (Simple
Object Access Protocol)
is a messaging protocol that allows programs that run on disparate operating systems or services like
frontend or backend to communicate using Hypertext Transfer Protocol (HTTP) and its Extensible Markup Language (XML).
SOAP uses WSDL as an XML format for describing network services as a set of endpoints operating on messages containing either document-oriented or procedure-oriented information.
Enough background let's come to the topic…
What to Test in API Testing?
● Validate the keys with the Min. and Max range of APIs (e.g maximum and minimum length)
● Have a test case to do XML, and JSON
Schema validation.
● Keys verification. If we have JSON and XML APIs we should
verify it's that all the keys are coming.
● Verify how the API's error codes are handled.
Let's understand why API Testing is important…
Why you should perform API Testing?
● Many of the services that we use every day rely on hundreds of different interconnected APIs, if any one of them fails then the service will not work.
● Right now, the Internet uses millions of APIs and they should be tested thoroughly.
● Developers make mistakes and they create buggy APIs.
●Validation of APIs is very important
which are going live to production.
The above image shows the architecture of an application and notices that API Testing
is an important part..
Now…
Let's learn one more concept HTTP Methods
HTTP - Fundamentals
HTTP is an application layer protocol designed within the framework of the Internet protocol suite.
There is a Client which performs
a request resource
which can be HTMLPage, a file extra from Server and the server
perform the response to the client back using
the same protocol known as HTTP.
HTTP is a stateless protocol. In other words, the current request does not know what has been done in the previous requests.
What is a Cookie?
Cookies are usually small text files, given ID tags that are stored on your computer's browser directory or program data subfolders.
Cookie: theme=light; sessionToken=abc123
What is Authentication and its types let's understand it...
What
is Authentication?
Authentication is a process of presenting your credentials like username, password,
or another secret
key to the system, and the system validates your credentials or you.
In API terms Authentication is used to protect the content over the web means only a valid user with valid credentials can access that API endpoint.
These credentials tell the system about who you are. Which enables the system to ensure and confirm a user’s identity. Here system can be anything, it can be a computer, phone, bank, or any physical office premises.
Basic authentication -
String is encoded
with Base64.
curl --header "Authorization: Basic am9objpzZWNyZXQ=" my-website.com
Digest Authentication - Authentication is performed by transmitting the password in an ENCRYPTED form. (With Some Salt etc)
OAuth- Authentication protocol
that allows you to approve
one application interacting with another on your behalf without giving away
your password.
In Client as Browser and Server is DB with the service
running in PHP.
We can create an HTTP request from the browser by typing a URL.
Just for more information, the URLs can be broken down into further chunks like protocol, host, port, and query params. More discussion is out of the scope of the URL
Let's Understand what all HTTP methods
are present
HTTP Methods explained.
HTTP GET Method Explained -
HTTP POST Method Explained
-
HTTP PUT Method Explained -
HTTP PATCH Method Explained -
HTTP DELETE
& OPTIONS Method
Explained -
HTTP HEAD/TRACE Method Explained -
Now we have HTTP Methods knowledge let's understand what are Cookies and authentication.
How
to Test an API ( API Testing)?
Here Keys are
category, icon_url, id, URL, and value and they have corresponding values as String or number. API Testing can be done manually or using a Tool. It is always recommended to certain tools.
Let's learn API Testing using our favorite tools.
Below is the list of API testing tools, You can learn or use whichever tool you feel is great for you, I encourage you to start with Postman it's an awesome API Testing tool that provides lots of feature like the command line, CI/CD and monitoring of APIs with test case support.
API Testing tools
● Runscope.com
● Postman CI/CD
● Katalon using CI/CD
● SoapUI CI/CD
● Rest Assured CI/CD
API Testing using POSTMAN
What is Postman?
First of all, let’s understand what is Postman.
It is an API Testing tool used by developers and Testers to perform API Testing with lots of different features like Global variables, mock requests, Environment, and monitoring of APIs.
You can learn more about a postman in my full Video lecture
series here. Download
and install it.
P.S. – This article assumes that you have some experience with Postman. If not please go through my previous tutorials.
It's available in MacOS, Windows, and Linux as a Native app.
Download Postman - https://www.getpostman.com
Major features of the Postman
