Click to edit Master title style

API Testing

1
Click to edit Master title style

Introduction
A P I & A P I Te s t i n g

2 2
Click to edit Master
Introduction - API title style

• An API is a set of rules and protocols that allows different software

applications to communicate and interact with each other.
• API (Application Programming Interface) is a computing interface which
enables communication and data exchange between two separate software
systems.
• API TESTING is a software testing type that validates Application
Programming Interfaces (APIs). The purpose of API Testing is to check the
functionality, reliability, performance, and security of the programming
interfaces.
• In software application (app) development, API is the middle layer between
the presentation (UI) and the database layer. APIs enable communication and
data exchange from one software system to another.

3 3
Click to edit Master title style

How APIs Work

4 4
Click to edit
Working Master title style
of API

• APIs work on the principle of request-response mechanism.

• A client application sends a request to the API, and the API processes the
request and returns a response.
• APIs can use different data formats for communication, such as JSON, XML,
or even HTML.

5 5
Click to edit Master title style

Types of APIs

6 6
ClickTypes
API to edit Master title style

1. Web APIs: These are APIs that are accessed over the internet through HTTP
protocols. They enable communication between web servers and clients.
2. RESTful APIs: Representational State Transfer (REST) APIs adhere to
specific architectural principles and are widely used in web services.
3. SOAP APIs: Simple Object Access Protocol (SOAP) APIs use XML
messaging and are primarily used in enterprise-level applications.
4. Library-based APIs: These APIs are provided by libraries and are meant to
be used within the same programming language.
5. Hardware APIs: Enable interaction with hardware devices and components.

7 7
Click to edit Master title style

Components of an API

8 8
 ClickRequest
API to edit Components
Master title style
Any REST request includes four essential parts: an HTTP method, an endpoint, headers, and a
body.
• An HTTP method describes what is to be done with a resource. There are four basic methods
also named CRUD operations:
POST to Create a resource,
GET to Retrieve a resource,
PUT to Update a resource,
DELETE to Delete a resource.
• Headers store information relevant to both the client and server. Mainly, headers provide
authentication data — such as an API key, the name or IP address of the computer where the
server is installed, and the information about the response format.
• A body is used to convey additional information to the server. For instance, it may be a piece
of data you want to add or replace.
• An endpoint contains a Uniform Resource Identifier (URI) indicating where and how to find
the resource on the Internet. The most common type of URI is a Unique Resource
Location (URL), serving as a complete web address.

9 9
 ClickResponse
API to edit Master title style
Components
• Any REST Response includes three essential parts: status code, Response Header, and
Response Body
• Status code informs the client if the action was performed correctly or not on the requested
resource. It's a number with three digits (between 100 and 599) with a name, like 200 Success,
or 404 Not Found. There are many status codes grouped into five main categories:
informational responses (1xx), successes (2xx), redirections (3xx), client errors (4xx), and
server errors (5xx).
• The Response Header contains the information about the content that is being returned in
response together with data about the Server that sent it.
• The response body contains the requested information in the format specified by the Accept
field in the request header. For JSON, the body is typically an object or an array of objects.

1010
Click to edit Master title style

HTTP Methods and

status codes for REST
API

1111
 Click to
HTTP edit Master
methods titlecodes
& Status style

Method Description No Status Code Description

1xx (100 –
GET Retrieves the information at a particular URL. 1 The response is informational.
199)

Updates the previous resource if it exists or creates 2xx (200 –

PUT 2 Assures successful response.
new information at a particular URL. 299)

You are required to take

3xx (300 –
Used to send information to the server like 3 further action to fulfil the
POST 399)
uploading data and to develop a new entity. request.
4xx (400 – There’s a bad syntax and the
Deletes all current representations at a specific 4
DELETE 499) request cannot be completed.
URL.
5xx (500 – The server entirely fails to
5
PATCH This is used for partial updates of resources. 599) complete the request.

1212
Click to edit Master title style

Benefits of API

1313
 ClickBenefits
API to edit Master title style
1. Interoperability: APIs enable different applications to work together, even if they are built
using different technologies or languages.
2. Modularity: APIs allow developers to build complex systems by integrating smaller,
specialized components.
3. Rapid Development: Using pre-built APIs saves time and effort in creating functionalities
from scratch.
4. Scalability: APIs facilitate the scaling of applications by decoupling different modules.
5. Third-Party Integration: APIs enable easy integration with third-party services, expanding
the functionality of applications.

1414
Click to edit Master title style

Real world use cases

1515
 ClickCases
Use to edit Master title style
1. Social Media Integration: APIs are used to integrate social media platforms into applications,
allowing users to log in or share content seamlessly.
2. Payment Gateways: APIs enable secure and quick payment processing within applications.
3. Maps and Geolocation: APIs like Google Maps API allow integration of maps and
geolocation services into apps.
4. Weather Data: Applications can access weather data from various providers using APIs to
display real-time forecasts.
5. E-commerce Integrations: APIs facilitate interactions between e-commerce platforms and
inventory management systems.

1616
Click to edit Master title style

Testing Scenarios
Examples
API testing scenarios for https://reqres.in/

1717
 Click to edit Master title style
Examples
User Registration:
• Test the user registration endpoint (POST /api/register) with valid user data to ensure it returns a successful
response (HTTP 200) and provides the user with an authentication token.
• Verify that the API returns appropriate error responses (e.g., HTTP 400 Bad Request) when invalid or
incomplete user data is provided.

User Login:
• Test the user login endpoint (POST /api/login) with valid credentials to ensure it returns a successful
response (HTTP 200) and provides the user with an authentication token.
• Verify that the API returns appropriate error responses (e.g., HTTP 401 Unauthorized) when invalid
credentials are provided.

Retrieve Single User:

• Test the endpoint to retrieve a single user (GET /api/users/{id}) with a valid user ID to ensure it returns the
correct user information (HTTP 200).
• Verify that the API returns a 404 Not Found response for non-existent user IDs.
1818
List Users:
Click to edit Master title style
• Test the endpoint to retrieve a list of users (GET /api/users) to ensure it returns a list of users (HTTP 200) with
the correct pagination and total count.

Update User Details:

• Test the endpoint to update user details (PUT /api/users/{id}) with valid data to ensure it returns a successful
response (HTTP 200) and updates the user's information.
• Verify that the API returns appropriate error responses (e.g., HTTP 404 Not Found) for invalid user IDs.

Create Resource:
• Test the endpoint to create a resource (POST /api/resource) with valid data to ensure it returns a successful
response (HTTP 201 Created) and creates the resource.
• Verify that the API returns appropriate error responses (e.g., HTTP 400 Bad Request) for invalid resource data.

Update Resource:
• Test the endpoint to update a resource (PUT /api/resource/{id}) with valid data to ensure it returns a successful
response (HTTP 200) and updates the resource.
• Verify that the API returns appropriate error responses (e.g., HTTP 404 Not Found) for invalid resource IDs. 1919
Delete Resource:
Click to edit Master title style
• Test the endpoint to delete a resource (DELETE /api/resource/{id}) with a valid resource ID to ensure it returns
a successful response (HTTP 204 No Content) and deletes the resource.
• Verify that the API returns a 404 Not Found response for non-existent resource IDs.

Pagination:
• Test endpoints that support pagination (e.g., /api/users?page=2&per_page=3) to ensure they return the correct
number of results per page and handle page navigation correctly.

Authentication and Authorization:

• Test API endpoints that require authentication and verify that they reject unauthenticated requests (e.g.,
/api/users).
• Test endpoints that require specific user roles or permissions to ensure they are properly enforced.

Error Handling:
• Test the API with invalid routes to verify that it returns appropriate error responses (e.g., HTTP 404 Not
Found).
• Verify that the API returns detailed error messages without exposing sensitive information. 2020