APIs are becoming very important in our modern world and as technology rises, so will our reliance on APIs. Everything that communicates on the internet these days is talking to an API (Application Programming Interface) and as we implement them in our technologies we also need to take API testing into account. As with everything, our API's need to be tested properly and thoroughly on many different quality characteristics because if we think about it. Not only should we pay close attention to the functional requirements but we should also pay the appropriate amount of attention to non-functional requirements.
API testing entails various different aspects and goes much further than simply executing a few test cases. Testing needs to start at the earliest possible stage and continue on until the production release. To highlight these stages, we will be following a fictional feature throughout its software development lifecycle.
We need to start our API tests at the source which would be the requirements. These need to be reviewed very well and from the perspective of a tester. Testers often try to look for edge cases and they will attempt to find ways to break a system. This should be taken into account when reviewing the requirements.
After our requirements have been approved by all stakeholders, test case development can begin. In this stage the testers will start designing their test cases which they will combine into test suites. They also have to make sure to adept their sanity checks to include this new functionality if that is required by the risk and priority of that new feature.
Next we need to determine the test specification which is a document that describes what the expected results are for all the test cases and what the test conditions are under which we can both enter and exit our test, in other words when a test is ready to go and complete. These are also known as our entry and exit criteria.
Copy of Entry and exit criteria example
When all of the documents have been delivered and the software is ready to be test, the test execution and reporting phase starts. Reports are created based on the test management tools and they will usually include a full report on the tests that have been run for a feature, including the results and any blocking issues encountered which might have halted testing.
Along all of these tests, it is also a good idea to implement a solid test automation strategy which will cut costs drastically if done right and can be achieved using open source tools such as SoapUI, JMeter, Selenium, postman or any of the other tools out there.
Now you might be wondering why API is so important and that is understandable. After all it costs a lot money and is not something you will always see the direct return of investment in. If you neglect to do this correctly however, you may find that the costs of the defects racks up much higher than the cost of the testing ever could.
Since APIs sit at such a central location, they also have most of the traffic to process and if they fail in unexpected ways, the consequences might be dire. A failure of any API could lead to services not being available, processes not working as expected and even allow access to objects and data that should not be accessible.
Another often overlooked aspect of APIs is the fact that it's not just the user facing functionality that needs to be tested, but often our APIs also integrate with other services or 3rd party providers. These all rely on our APIs passing expected and sane data.
