API is the short form of Application Programming Interface which determines how one component interacts with the other. API testing on the other hand "*involves testing application programming interfaces (APIs) directly and as part of integration testing to determine if they meet expectations for functionality, reliability, performance, and security.* "Since GUI is rarely involved in API testing, it is quite different from other testing forms. Initially API’s were only used for integration between systems but now it has gained wider audience. Mobile phones and tablets are the biggest driving force for API testing.
During API testing, the following things are taken into consideration:
The usability factor: Is it easy to use or not?
Functionality: Does it function according to the requirements?
Reliability: Is it reliable enough to be used again and again?
Since API is to be interpreted by the computer, in-depth knowledge of the entire system is absolutely necessary. API testing includes the white-box testing approach since it looks at the internal workings of the application rather than just focusing on the overall performance of the applications as in black box testing. One of the most important issue that API needs to look into is how it handles trouble whenever it crops up. It should not crash just like that. Instead of failing, it should recognize, filter and reject the problem. If API is supposed to perform a particular action than the tests should be able to identify if it’s performing accordingly or not.
How is API different from other testing forms?
Documentation
API’s like any other software need to be documented. Since the developers are going to look into it they need to be accurate and precise and usable. The tests too need to be documented. The test results should cover all the inputs, outputs and the effects since someone else might need to perform the tests or reuse it at some point. Proper documentation helps testers design the tests accurately and speedily.
A thorough understanding
A complete know how of the internal workings of the system are essential for testing API's since they have to interact with other API's, OS kernel or software to offer their functionality.
Sufficient programming skills
Testers should have knowledge of the programming language(s) that are targeted by API since API tests are in form of programs. This helps the tester in reviewing and analyzing interface that is under test.
Involving testers early on
If the testers are not well trained then it takes a lot of time for them to know the workings of the interface. It is best to involve the testers at the initial stage of the development so that they have knowledge of the interface beforehand and they do not have to explore it while testing.
Access to code
Having access to the source code can help testers find and detect any vulnerabilities that cause errors. It helps them in looking at the mechanism that can be used against these errors.
Strategies to test the API
API testing requires a specific kind of environment to work. So the tester should be able to understand all the conditions of the environment in which he is to perform the test. Secondly, the entry points of the interface need to be identified which will be the input parameters in this case. Identifying individual parameters as well as combination of parameters should be taken into consideration for boundary wall analysis. Last but not the least, different call sequences need to be explored to exhibit the functionality of the API.
API testing tools:
The top Six API testing tools are as follows (so far i observed and interacted):
1- SoapUI
2- HP QTP(UFT)
3- HttpMaster
4- Parasoft
5- vREST
6- Postman
