Scribd
Upload
2 views

Api testing

API testing is a software testing method that verifies the functionality, reliability, performance, and security of APIs, ensuring they work correctly and integrate well with other systems. It involves various types of testing, including functional, security, and performance testing, and offers benefits such as early issue detection and cost reduction. However, it also has disadvantages like complexity and limited visibility, and it typically follows CRUD operations using different payload types.

Uploaded by

madhankumar.g
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
2 views

Api testing

API testing is a software testing method that verifies the functionality, reliability, performance, and security of APIs, ensuring they work correctly and integrate well with other systems. It involves various types of testing, including functional, security, and performance testing, and offers benefits such as early issue detection and cost reduction. However, it also has disadvantages like complexity and limited visibility, and it typically follows CRUD operations using different payload types.

Uploaded by

madhankumar.g
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 9

API Testing – Software testing


What is API testing?

 API Testing is a type of software testing that focuses on


verifying the functionality, reliability, performance, and security
of an Application Programming Interface (API).
 It ensures that APIs work correctly, return expected responses,
handle errors properly, and integrate well with other systems.
 API testing is performed at the business logic layer, without a
user interface, to validate data exchange between applications.

Why we go for API testing?

API testing is essential for ensuring the smooth communication


between different software applications.

Validates Functionality – Ensures the API returns correct


responses for different inputs.
Enhances Security – Identifies vulnerabilities like unauthorized
access, data leaks, and SQL injection.
Ensures Reliability – Verifies that the API consistently performs its
intended tasks.
Reduces Costs – Detects issues early, preventing expensive fixes
after deployment.
Supports Automation – API tests can be easily automated,
speeding up the testing process.
Platform Independence – APIs work across multiple platforms and
devices, requiring thorough testing.
Types of API testing:

1. Functional testing: Testing the functionality of the API to


ensure it behaves as expected
2. Security testing: Testing the security of the API to ensure it is
protected against common vulnerabilities
3. Performance testing: Testing the performance of the API to
ensure it can handle the expected load
4. Interoperability testing: Testing the compatibility of the API
with other systems
5. Usability testing: Testing the usability of the API for developers
6. Unit testing : Testing the Individual api based on business
needs
7. Integration testing: Checks communication between APIs
Tools Used:

Postman,
SoapUI,
Bruno
Tricentis Tosca

GUI testing & API testing


GUI testing is different from the API testing as GUI testing is present
at Presentation layer where the API testing is present at Business
layer.
If we take an example of a typical app then API is the middle layer in
between UI layer and Data base layer and due to this API
communication and data exchange between the applications occurs.
What exactly we check during API testing :

 Data accuracy.
 Response time.
 Duplicate or missing functionality.
 Authorization checks.
 Multithreaded issues.
 Security and performance issues.
 Error codes if API returns.
 Reliability issues.

Benefits of API Testing :

 Earlier validation of correctness in response and data.


 Earlier test maintenance.
 Better speed and coverage of testing.
 GUI independent testing.
 Reduced testing cost.
 Language independent test.
 Helpful in testing core functionality.
 Improved functionality
 Increased security
 Improved performance
 Better integration
 Reduced risk
 Cost-effective
 Greater flexibility

Disadvantages of API Testing:

API testing can have some disadvantages, including:


 Complexity
 Limited Visibility
 Security
 Limited documentation
 Limited test coverage

Types of Bugs that may occur in API Testing:

 Performance Issues
 Response data may not structure correctly ( JSON or XML )
 Security Issues
 Incorrect handling of valid argument values
 Improper errors/warning
 Missing or Duplicate Functionality
 Reliability Issues : Difficulty in connecting and getting a response
from API
Basic API Operations with Examples

APIs typically follow CRUD operations (Create, Read, Update,


Delete) using HTTP methods:

HTTP Example API


Operation Method Endpoint Purpose
Create POST /users Adds a new user

Read GET /users/{id} Retrieves user details


Update Replaces user
(Full) PUT /users/{id} information
Update
(Partial) PATCH /users/{id} Updates specific fields
Delete DELETE /users/{id} Removes a user
Types of Payload in API Requests

Payload
Description Example
Type
The most common
lightweight data format,
JSON easy to read and process. { "name": "John", "age": 30 }
A structured, tag-based
format often used in
legacy systems and <user><name>John</name>
XML SOAP APIs. <age>30</age></user>
Form Data
(application
/x-www- Used when submitting
form- form data in key-value
urlencoded) pairs. name=John&age=30
Used to send files
Multipart (images, PDFs, etc.) Includes a file and other
Form Data along with text fields. parameters.
Uses a single query to
GraphQL fetch specific fields from { "query": "{ user { name age
Payload an API. } }" }
Sends raw text data
without structured
Plain Text formatting. "This is a plain text payload"
Used to send non-text
data like images, audio, Binary-encoded data
Binary Data or video. (Base64)
Key concepts of API testing:

Endpoint → A specific URL where API requests are sent.

Headers → Carry metadata like authentication and content type.

Payload → The actual data sent in an API request (POST, PUT,


PATCH).

Data → Information transferred via query parameters, headers, or


body.

Authorization Types → API Key, Basic Auth, OAuth, JWT,


Bearer Token, and Session-based.

Response Validation:

Aspect Description Example


Ensures the correct 200 OK (Success), 404 Not
Status Code HTTP status code is Found, 500 Internal Server
Validation returned. Error
Checks if the response
Response Body contains the expected { "name": "John", "age": 30
Validation data. }
Ensures the response
Schema follows the correct
Validation JSON/XML structure. { "id": int, "email": string }
Verifies that data types
Data Type (string, integer, boolean) "price": 199.99 (should be
Validation match expectations. float)
Measures the time taken
Response Time to get a response
Validation (performance check). < 500ms for fast responses
Confirms necessary
Header headers like Content- Content-Type:
Validation Type and Authorization. application/json
Error Checks if API returns
Handling meaningful error { "error": "Invalid
Validation messages. credentials" }

THANK YOU

You might also like