How to Test API Endpoints
The Application Programming Interface also known as API helps to communicate between two applications. API helps to integrate new applications into software systems without rewriting code from scratch. This increases the development and delivery speed.
As API-driven development is widely used across organizations, testing the API endpoint is required. Unlike the functionality, testing the API endpoints is more important because the same API will be used by many applications.
Table Of Contents
- 1 What is an API?
- 2 What are API Endpoints?
- 3 Why Test API Endpoints?
- 4 How to Test API Endpoint?
- 5 Some common bugs found during testing API Endpoints
- 6 Best Practices for testing API endpoints
- 7 Tools for automating the API Endpoint tests
- 8 Frequently Asked Questions
What is an API?
API is a protocol for creating and integrating applications that allow systems to communicate with each other. It is a contract between two applications. The contract defines how two systems communicate with each other using requests and responses. The API documentation contains how to structure those requests and responses.
There are different types of APIs
- SOAP API: It is known as Simple Object Access Protocol, This mostly relies on XML for communication.
- REST API: It is known as REpresentational State Transfer, this API is more straightforward to implement. It can use JSON, Text, or customized format to exchange the data. It uses HTTP commands such as PUT, DELETE, GET, and POST to communicate.
- RPC API: These APIs are called Remote Procedure Calls. The client completes a function on the server, and the server sends the response back to the client. The RPC is a legacy-style API.
- Websocket API: The Websocket API uses JSON structure for communication. The WebSocket APIs are used for communications between client and server, such as Chatbots. It is more efficient than the REST API.
What are API Endpoints?
The API endpoints are simple URLs that represent the collection of objects or a single object. The resources are found usually in the server, the API endpoints are used to send the request to resources. Each endpoint is a URL designed to perform a single function by accessing the required resources.
Why Test API Endpoints?
Each API is designed to perform a set of tasks, the application functionality relies on the API transactions to get the response. The simple transaction might call many APIs internally, if any of these APIs fails it can cause failure to the whole system and break the system functionality. Furthermore, the same API can be used by many applications so if an API fails it can cause damage to many applications. Testing API endpoints helps to mitigate issues before client encounters them.
Let’s take an example of Google’s single sign-in API, the SSO API is used by thousands of applications. Just imagine if the SSO API fails for some reason how many applications get affected? As a cascade effect, many businesses incur losses as customers will not be able to log in. So, testing API is critical and most important.
How to Test API Endpoint?
As mentioned earlier, API testing is critical, there are different ways to test APIs. API testing has its advantages. Before we jump into API testing let’s look at the benefits of API testing.
- API testing doesn’t require any browser to test. API testing is browser-independent
- API tests are much faster compared to functional or end-to-end tests
- It helps to perform the integration testing, both database and functional logic without a user interface
- It can be automated and incorporated into DevOps pipelines
- The modern REST APIs are accessible using the browser
- API testing is easy to write and execute
- As mocking is supported by API testing tools, it can very well fit into the TDD approach.
The above points clarify that API testing is more powerful and friendly compared to functional testing. The API endpoint testing can be done using a manual or automated approach. However, due to the simplicity and high accuracy of the API testing results, it can be used as the quality gate in your pipeline. To use the API testing as a quality gate you need to rely on API automation.
Manual API testing
The API testing can be carried out manually by sending the request to the API endpoint and recording the response.
Steps to test API endpoints manually
- Gather the API endpoint, required data to send, and expected result.
- Choose the API testing tool that supports manual API testing
- Based on the API implementation you might have to fetch and supply the authentication data.
- Send the request with the expected payload (body) and wait for the response
- Once you receive the response analyze the response data
- The response should be analyzed against the following
- The status code should be expected (such as 200, 201, etc.)
- The response data should match the expected result
- Optionally, header values can be verified.
- Optionally, you can test the contact pattern, type, expected number of objects, etc.
The manual API testing is time-consuming, and it doesn’t fit well into Agile and DevOps. The API automation is easier compared to functional testing. As there are many modern codeless automation tools like Testsigma, you can perform the API automation with a few clicks.
API Testing Automation
API automation not only helps the organization, it also simplifies the tester’s life. Before the arrival of Testsigma, there was a good amount of learning involved to automate the testing so manual testers are hesitant to jump into API automation. Testsigma made tester life much simpler by providing the codeless technique to automate the API.
Testsigma is an AI-powered automation testing tool. It supports different types of testing such as end-to-end, API, responsive testing, compatibility testing, Visual testing, etc. Interestingly all these can be done without writing a single line of code.
Let’s understand step by step how to automate API tests using the Testsigma
Step 1: Log in to the Testsigma account
Step 2: Once you land on the Home page, Hover on the + symbol from the left menu item and Click on Testcase.
Step 3: In the Create Test Case page, Enter the name for the Test Case and click on “Write Test Manually”
Step 4: You will land on to Test step creation page, Hover on the default first step and Choose the Rest API
Step 5: Enter the API Details in the API Request tab
Enter the API endpoint URL as shown in the above image, Click on “Send” to verify if the endpoint is working fine. Once done click on “Verifications Tab”
Step 6: Enter the details to Verify
For simplicity, I have taken status code verification.
In the verification tab Click on “Add Verification”
Choose the Response code and enter the 200 in the expected value
Click on Create
Step 7: Execute the API Test
From the Testcase page click on Run, and let it finish the execution
Step 8: You will see the result after execution is complete
This way you can easily automate the API endpoints testing using the Testsigma. Later you can create a test suite, integrate it with the DevOps pipeline, and configure the automatic sharing of results with stakeholders.
Some common bugs found during testing API Endpoints
As mentioned earlier the API testing doesn’t require a browser, which means there will not be any user interface. The bugs found in the API testing are non-UI bugs. API testing requires a lot of attention to detail as you are required to analyze and compare the data to make the test case pass or fail. Some of the common bugs are listed below
- You are performing the create action with a valid body, and you received a status code other than 2XX
- The API response body doesn’t contain the valid JSON format
- The API is supposed to be accessed only for authorized use with a valid token however it is accessible to the public without any authentication
- An API is a public API that doesn’t require any authentication, however, it returns the 4XX or Unauthorized when you access
- API response body doesn’t contain all the required JSON keys
- A valid API endpoint request returning the 5XX code or server error
- You are expecting a JSON response however, the server responded with text
- The API response is null
- The request is not honored with valid parameters.
Best Practices for testing API endpoints
Though API testing is simple, when you try it for the first time, it may be confusing. If you are from a manual testing background and your expertise is with functional testing you might find difficulty in testing an API. The reason is there will be no visual elements. When it comes to UI testing most of the time features are self-explanatory, For example, if you are testing search functionality it’s obvious that you need to get the matching results on top but when it comes to API testing it is not straightforward. We have listed some of the best practices and guidelines to test the API endpoint that may help you.
- Understand the purpose of API
The API endpoints may not be self-explanatory, you need to go through API documents and thoroughly understand the purpose of API. Every API is designed to perform specific tasks. Some APIs need to verify the response data against the database, Some may need to verify against another API, and some require to apply the logic manually.
- Understand the workflow of API
Unlike functional, API may or may not throw valid error messages, but it does throw valid error codes. For example, if you are trying to access the user detail before creating one, you might get the response “404 User not found”. This is not a bug rather you have not followed the workflow. The user needs to be created first using a POST request, upon successful creation of the user you will be able to get the user details. If the user exists in the database but still gets the 404 not found message, then it may be considered as a bug.
- Understand the API status
Each API must return a status code. Understanding the status code is important while performing API testing. The exact API code may vary slightly from project to project.
Some of the API status codes
- 1xx (Informational): The request is received and continues to be processed
- 2xx (Success): The request received and accepted
- 3xx (Redirection): Further action needed to complete the request
- 4xx (Client Error): The request contains the wrong syntax or cannot be fulfilled
- 5xx (Server Error): The server fails to fulfill the request, it might be a valid request
- Focus on smaller APIs
If you are a beginner API tester, don’t jump into testing the API endpoints where it returns a complex JSON object. Start with something smaller like health check API, GET API requests, etc. This way, you get the confidence to test APIs.
- Organize API endpoints
Organize the API endpoints based on the nature of the task, category, or some relevance. This way you will test in an organized way and you will rarely miss any bugs. Furthermore, as a tester, you can maintain a separate document for API testing to note the pointers that need to be taken care of while testing the APIs.
- Automate API testing as much as possible
The APIs are easy to automate and most reliable so leverage API automation tools such as Postman, Testsigma, etc. automate them. It will reduce the manual effort and save you time.
- Test both negative and positive scenarios
Just like in functional testing, you need to focus on both negative and positive use cases. Negative use cases can be tested by providing the invalid query parameter, body data, an expired token, etc. The API should be capable of handling both negative and positive use cases.
- Know what to test
Some API endpoints may require testing the headers, some may require just a status code, some require response data and some may require testing everything. You should know what to test before performing the API testing. As mentioned earlier you cannot go with assumptions when you perform API testing, and you need a lot of attention to detail.
Tools for automating the API Endpoint tests
There are many tools for API testing. Some support only automation, some support only manual testing, and some support both. One of the key features you need to look into while evaluating the API testing is if the tool supports both functional and API tests, the maintenance will be easier. However, it depends on the need and organization standards.
List of Best API Testing Tools for Automation
Note: The list is not ranked and ordered randomly.
Testsigma is one of the most popular test automation tool. It supports different types of testing such as Functional Testing, API Testing, Regression Testing, Compatibility Testing, Responsive Testing, Visual Testing etc. The tool is much easier and doesn’t require any technical knowledge as it is a No-Code automation tool. The tool supports a lot of third-party integrations such as Jenkins, Jira, Azure DevOps, etc.
The REST Assured is a Java-based API automation tool. The REST Assured is provided as a package so if you are using the Java-based framework for your functional tests you can easily hook into that. The REST Assured requires good technical knowledge. It is an open-source tool.
Jmeter was initially built for performance testing but it also supports API Testing. It comes with a rich UI. You can easily drag and drop the required elements to create the API Testing. Jmeter is an open-source tool shipped with an Apache license. It allows both scripting and drag-and-drop features to create the automation tests.
API-driven development is used by most organizations because of its simplicity and flexibility. Testing API is more critical than functional testing as the same API can be referenced in different applications, failing any API can cause multiple application failures. Manual API testing is time-consuming and not recommended. API test automation is easier in comparison to End to End testing however, most of the API automation tools demand technical knowledge.
Testsigma is a No-Code API automation that provides the feature to write API tests without having any technical knowledge. API Automation helps to align with DevOps and Agile in turn, it helps to deliver the application faster.
Frequently Asked Questions
How to test the API endpoint online?
A REST API can be tested using the browser. If your project is integrated with Swagger you can just get the API endpoint and play with it. However, if you are looking to automate the API endpoint testing online, you can use a SaaS-based tool like Testsigma.