Test Cases for API Testing – How to Write & Example

Today, all applications run on API. It connects one microservice to another, clients with servers, and runs the most basic yet essential application services. Clearly, a well-oiled API is imperative to ensure the smooth functioning of every system.

If API breaks down, the complete user experience and application are put at risk. And only proper API testing can secure the system from such downtime possibilities. We bring you this blog to talk about API testing, its components, and sample test cases for API testing. A sample API test case template is also provided to guide you through the complete testing process. Further, the idea is to help you realize why automation might be the right option when it comes to testing APIs.

But let’s get a brief about API testing first.

What is API Testing?

API testing is a type of software testing that undertakes the verification of application programming interfaces (APIs). The process involves checking APIs as individual components of the software and as integrated pieces that fulfill the required functionality in the application.

Other types of testing, such as Integration testing, Security testing, Reliability testing, Performance testing, and Functional testing come under API testing as well. As APIs run the most critical sections of every application, every different stage of testing includes API testing as a segment. It might include writing test cases for API testing to run them manually or automatically to verify the performance, functionality, integration, and security of the software.

Different APIs might require distinct test cases, input/output, and approaches for testing. For instance, REST APIs and SOAP APIs are two different types of APIs, and performing REST API testing might differ from executing SOAP API testing. But for now, we will discuss generic API test cases you can go through before making them highly specific.

Why are API Test Cases Important?

APIs are literally the backbone of any application. They deal with critical aspects of a system to connect the backend with the front end and keep the operations running smoothly. Naturally, creating and executing test cases for API testing is essential to warrant a quality application.

API testing offers numerous benefits to API developers, such as:

• Test cases of API enable developers to test and verify the API’s behavior as per their expectations under various conditions.
• Testing APIs allows developers to assess the error-handling capability of their application and check how the API reacts to invalid inputs and edge cases.
• It even directs developers to check the security and correct authorization access to prevent attacks on the application, especially if the system deals with confidential customer data or monetary transactions.
• Having a set of API tests helps detect bugs early in the development cycle, improve product quality, and simultaneously save time and money.
• When it comes to performance testing, API test cases help developers test the API’s response time, validate resource consumption, and check the ability to handle increased loads.
• You can automate API test cases using the right tools to avoid time consumption and human-borne errors due to manual testing. Additionally, if you use a tool like Testsigma that does not require coding to script test cases, the effort is further reduced to half.
• API documentation with all the necessary information about the test cases, expected results, and errors offers insight into APIs’ expected behavior.

Standard API Test Case Format

A format for presenting test cases of API focuses on the specific manner in which the information is placed and organized for developers to peruse. It deals with a structured template that includes all the important details to perform and validate the test effectively. 

A basic format could look something like the following:

1. Test Case ID: A unique identifier for the test case (e.g., TC_API_001).
2. Test Case Title: A brief and descriptive title of the test case (e.g., Verify the GET /users endpoint returns a 200 status code).
3. Description: A detailed description of what the test case aims to verify (e.g., This test case checks if the GET /users endpoint returns a status code 200 and a list of users).
4. Preconditions: Any preconditions or setup steps that need to be completed before executing the test (e.g., Ensure the API server is running and the database is populated with test data).
5. Test Steps: Step-by-step instructions on how to execute the test case. This should include:
   1. HTTP Method: The HTTP method to be used (e.g., GET, POST, PUT, DELETE).
   2. Endpoint: The API endpoint to be tested (e.g., /users).
   3. Headers: Any necessary headers (e.g., Content-Type: application/json).
   4. Request Body: The request payload, if applicable (for POST/PUT requests).
   5. Parameters: Query parameters or path variables if applicable.
6. Expected Results: The expected outcomes of the test, including:
   1. Status Code: The expected HTTP status code (e.g., 200 OK).
   2. Response Body: The expected structure and content of the response (e.g., JSON array of user objects).
   3. Response Headers: Are any specific headers expected in the response?
7. Actual Results: A section to record the actual results obtained when the test is executed.
8. Pass/Fail Criteria: Criteria to determine if the test has passed or failed based on the comparison of expected and actual results.
9. Notes/Comments: Any additional information or comments about the test case (e.g., specific conditions, dependencies, or observations).

You can create this format in a Word or Excel document.

How to Write Test Cases for API Testing?

Writing effective test cases for API testing involves a methodical approach and adherence to best practices. Below we mention few of the best practices you can follow.

• Start the testing process by thoroughly understanding the API’s functionality, inputs, outputs, and constraints. Look at the API documentation and check if the API sandbox is available for testing.
• Use the right nomenclature or naming convention for test cases.
• Focus on critical functionalities first to thoroughly test the most important aspects of the API.
• Provide detailed documentation for each test case, including preconditions, test steps, and expected results.
• Use parameterization to test different input values and scenarios without duplicating test cases.
• Always check for correct status codes in the API responses to ensure proper handling of requests.
• Verify that the API responses are in the correct format (e.g., JSON, XML) and structure.
• Include tests for boundary values and edge cases to handle APIs gracefully.
• Create test cases that mimic real-world usage to uncover potential issues that users might encounter.
• Leverage API testing tools like Postman, SoapUI, JMeter, or Testsigma to automate test case execution and improve efficiency.
• Write test cases for invalid inputs and error scenarios to check if the API can handle them correctly.
• Include security test cases to check for vulnerabilities like SQL injection, cross-site scripting (XSS), and data exposure.
• Write test cases to measure response times and performance under different load conditions.
• Integrate API tests into the CI/CD pipeline to catch issues early and maintain quality.

Check here – REST API vs SOAP

Generic Test Cases for API Testing

While API test cases will differ based on your requirement and application functionality, there are a few general steps that you will probably find in every test case for API testing. Here is a series of generic test cases for you to understand better.

• Validate the API keys for minimum and maximum range/length
• Verify that these keys are answering the call requests if you are using JSON or XML APIs in your application
• Create a separate test case to validate XML and JSON Schema
• Verify the Parse response to parse out portions of the response data returned from the server
• Check the JSON Schema validation, the Field Type, and the Mandatory Fields
• Validate the Response headers and Negative Testcases response
• Identify and verify the handling of API error codes
• Verify the HTTP response and its code status
• Validate Response payload to determine their format and readability factor
• Test request chaining to identify the working of multiple APIs together
• Verify APIs with input parameters.
• Validate end-to-end CRUD (create, read, update, and delete) flow for application API
• Check database integrity test cases
• Verify file upload test cases

Sample API Testing Test Case Template

Applications and websites use multiple API calls at every stage. One of the prime examples of an API call is performing the login functionality using third-party services, such as Google, Yahoo!, or Facebook. Whenever you choose to sign into an application or a website using your Google details rather than within the app option, you trigger an API request. This implies the online platform has an existing agreement with Google to access the information already supplied and available to them. Such API calls require proper testing and validation before being released to users.

We are taking the same example to write a sample test case for API testing for testing purposes, which is going to test the APIs in the backend.

Sl.No	Test Case Title	Priority	Severity	Steps	Expected Result	Actual Result	Status
1	Checking Google login functionality using valid users	High	High	1. Navigate to the application/website login page 2. Click on the Google icon present on that page for login 3. A prompt will appear. Select ‘Proceed’ or ‘Confirm’ the Google username for signing in 4. The application should allow the process and take you to the dashboard/homepage	Log in process successful	Fill based on observation	Pass/Fail
2	Checking Google login functionality using invalid users	High	High	1. Navigate to the application/website login page 2. Click on the Google icon present on that page for login 3. A prompt will appear. Select ‘Add a New Account’ to add another Google account to sign in 4. Add a Google account with the existing username but wrong password 5. A prompt will appear. Select ‘Proceed’ or ‘Confirm’ the Google username for signing in	The application should not allow you to process the request and must ask you to sign up using the same Google account before logging in	Fill based on observation	Pass/Fail
3	Checking Google login functionality for new users	High	High	1. Navigate to the application/website login page 2. Click on the Google icon present on that page for login 3. A prompt will appear. Select ‘Add a New Account’ to add another Google account to sign in 4. Add a new Google account 5. Go to the sign up page of the application and sign up using the new Google account details 6. A prompt will appear. Select ‘Proceed’ or ‘Confirm’ the Google username for signing in	The application should allow you to process the request and direct you to the dashboard/homepage	Fill based on observation	Pass/Fail

Let’s take another example of validating the Response headers, which is mentioned in the above section. The header part consists of ‘metadata,’ including the Content-Type attribute that makes us understand how to interpret the data of the response body. Thus, if the response body consists of JSON data, the content-type attribute in the header will be application/json. And, if there is XML data in the body is XML, the content-type header will be application/xml. You can run the API URL on an automation tool or a framework to execute the test cases and receive the response.

Read here – Test Case Template

Test Cases For API Testing For Each Category

There are multiple testing categories to consider when creating API testing test cases. We will focus on the primary four types that every business/tester should focus on.

Test Cases for API Functional Testing

• Status Code Verification: Ensure the API returns the correct status codes (e.g., 200 for success, 404 for not found).
• Response Payload Validation: Check if the API response includes all necessary data fields and values.
• Error Handling: Verify that the API functional testing includes handling errors gracefully and provides meaningful error messages for invalid inputs.
• Data Accuracy: Ensure the API returns accurate and expected data.
• CRUD Operations: Test the Create, Read, Update, and Delete functionalities to ensure they work as expected.

Test Cases for API Security Testing

• Authentication: Verify that the API requires proper authentication and handles invalid credentials correctly.
• Authorization: Ensure users can only access resources they can view or modify.
• Data Encryption: Check if sensitive data is encrypted during transmission.
• Input Validation: Test for vulnerabilities like SQL injection and ensure the API properly validates all inputs.
• Rate Limiting: Verify the API enforces rate limiting to prevent abuse and denial-of-service attacks.

Test Cases for API Performance Testing

• Response Time: Measure the API’s response time under normal and peak loads.
• Throughput: Check the number of requests the API can handle per second.
• Scalability: Test how the API scales with increasing load and concurrent users.
• Stress Testing: Evaluate the API’s performance under extreme conditions to identify breaking points.
• Load Testing: Simulate high user traffic to see how the API performs under heavy load.

Check here – API Performance Testing

Test Cases for API Regression Testing

• Baseline Comparison: Compare current API responses with previous versions to ensure consistency.
• Backward Compatibility: Verify that new updates do not break existing functionalities.
• Re-run Functional Tests: Execute all functional test cases to ensure no new bugs are introduced.
• Integration Testing: Test the API’s interactions with other services and systems to ensure they work seamlessly.
• Automated Regression Suite: Maintain and run an automated test suite to quickly identify any issues introduced by new changes.

Apart from these critical testing categories for API testing, you can also consider API test case examples under Usability and Compliance testing.

Test Cases for API Usability Testing

• Documentation Accuracy: Verify that the API documentation is clear, accurate, and up-to-date.
• Ease of Use: Ensure the API is easy to use and integrates well.
• Consistent Naming Conventions: Check that the API uses consistent naming conventions for endpoints and parameters.

Test Cases for API Compliance Testing

• Regulatory Compliance: Test that the API complies with relevant regulations and standards, such as GDPR and HIPAA.
• Data Privacy: Verify that the API handles personal data in compliance with privacy laws.
• Industry Standards: Ensure the API adheres to industry standards and best practices.

Check here – Automating your API Testing

Up until now, we were primarily discussing manual API testing, and the template also contains test cases to execute the steps. But there are ways to automate your API testing test cases to save a considerable amount of time and money. Not only that, but automating test cases for API testing will also decrease accuracy issues by a huge percentage and direct your employees’ manual labor toward other productive business elements. One primary aspect to be mindful of is: when to make the transition from manual to automation testing. It is advised to switch when your test cases are frequently executed and take too much of time in manually executing.

There are numerous API testing tools that support verifying the APIs and collecting relevant output information to extend your QA efforts without giving it much time.

Benefits of Automating API Testing

There are multiple benefits of automating API testing test cases besides saving time, money, and energy:

• Automation offers better test coverage
• Allows for faster bug fixes
• Offers quick response time

Check here – API Contract Testing

How Testsigma Simplifies Automation of API Testing?

Automating API testing takes a lot less time than when it is done manually. But writing test scripts might still require an understanding of programming languages and time. Not to mention the coding would need extended attention if any syntax issue arises. Enter Testsigma, a no-code test automation platform with its intuitive user interface and API testing support. Here are all the ways Testsigma simplifies automating API testing:

• Testsigma tests all API methods and runs parameterized REST API verification on autopilot
• It validates API responses and stores the response data for future reuse
• It offers a no-code API testing option through many NLPs that you can use to request API calls and check their functioning
• The tool’s end-to-end testing capability brings functional UI and API testing together
• Not only APIs, you can also automate your tests for web, mobile, and desktop with Testsigma

Check here – API Testing Checklist

Creating Test Scenarios for APIs with Testsigma

Let’s look at some simple test scenarios for APIs using Testsigma. 

Step 1. Start with creating an API test for REST API testing.

Step 2.Click on the All Requests drop-down to select the API request to verify. Let’s test the expected response status code for the GET request.

For this, choose the API request and the URL. Click on Send to check if the API is responding as expected.

Step 3.Check the status code. It should return 200.

Step 4. You can create it as one of the steps of your test case and continue the testing process in the same manner for different API requests.

You can review the documentation on automating REST APIs with Testsigma to better understand various API requests.

Once you understand Testsigma and can run basic API tests, you can create complex tests to verify your software’s API.

Conclusion

APIs are integral to every modern application, and their testing is far more essential than realized before. This blog explores the widespread possibility of performing API testing. And provides sample test cases for API testing that you can use as a template for your own use. Simply copy the sheet into your system and add API test cases that correspond to your testing requirement. The next phase of the blog talks about automating these test cases using tools. Most of them are code-based and provide huge support in saving time and money. And we further dive into our tool, Testsigma, which also offers API testing without any coding requirement. From integrating it with other third-party tools to executing end-to-end testing incorporating API verification, Testsigma does everything using NLP statements.

Frequently Asked Questions (FAQs)

What is the best way to test API?

You can test APIs manually or automatically. Automating your APIs makes sense if you run your API tests frequently and you see an ROI post automation.Go for automation tools that offer extended capabilities. You can follow the steps as specified in the tools you are using, or you can develop a general series of steps to perform api testing: Understand the API >> Create a test suite >> Analyze the results >> Integrate with DevOps as per your need