10 API Testing Tips for Beginners (SOAP & REST) (P2)
6. Choose a suitable automation tool
A further step to leverage the automation capability of API testing is choosing the most suitable tool or a set of suitable tools from hundreds of options in the market. Here are some criteria that you should consider when choosing an API automated testing tool:
Does the tool support testing the API/Web service types that your AUT (Application Under Test) is using? It will not make sense if the selected tool supports testing RESTful services while you AUT is using SOAP services.
Does the tool support the authorization methods that your AUT services require? Here are some authorization methods that your API can use:
No Auth – OAuth 1.0
Bearer Token – OAuth 2.0
Basic auth – Hawk Authentication
Digest Auth – AWS Signature
NTLM Authentication
This is an essential task since you cannot start testing an API without authorization.
Does the tool support importing API/Web service endpoints from WSDL, Swagger, WADL, and other service specification? This is an optional feature. However, it will be time-consuming if you have hundreds of API to test.
Does the tool support data-driven methods? This is also an optional feature. However, your test coverage will increase dramatically if the tool has this function.
Last but not least, besides API testing, do you need to perform other types of testing, such as WebUI or data source? API testing is performed at the business layer between data sources and UI. It is normal that all these layers have to be tested. A tool that supports all testing types would be an ideal choice so that your test objects and test scripts can be shared across all layers.
Learn more: Top 5 Free API Testing Tools
7. Choose suitable verification methods
While the response status code tells the status of the request, the response body content is what an API returns with the given input. An API response content varies from data types to sizes. The responses can be in plain text, a JSON data structure, an XML document, and more. They can be a simple few-word string (even empty), or a hundred-page JSON/XML file. Hence, it is essential to choose a suitable verification method for a given API. Katalon Studio has provided rich libraries to verify different data types using matching, regular expression, JsonPath, and XmlPath.
Generally, there are some basic methods to verify an API response body content:
Compare the whole response body content with the expected information
This method is suitable for a simple response with static contents. Dynamic information such as date time, increasing ID, etc. will cause trouble in the assertion.
Compare each attribute value of the response
For those responses in JSON or XML format, it is easy to get the value of a given key or attribute. Hence, this method is helpful when verifying dynamic content, or individual value rather than the whole content.
Compare matching with regular expression
Together with verifying individual attribute values, this method is used to verify data responses with a specific pattern to handle complex dynamic data.
Each verification method has pros and cons, and there is no one-size-fits-all option. You need to choose the solution that best fits your testing project.
Start API Testing with Katalon
8. Create positive and negative tests
API testing requires both positive and negative tests to ensure that the API is working correctly. Since API testing is considered a type of black-box testing, both types of testings are driven by input and output data. There are a few suggestions for test scenario generation:
Positive test
Verify that the API receives input and returns the expected output as specified in the requirement.
Verify that the response status code is returned as specified in the requirement, whether it returns a 2xx or error code.
Specify input with minimum required fields and with maximum fields.
Negative test
Verify that the API returns an appropriate response when the expected output does not exist.
Perform input validation test.
Verify the API’s behaviors with different levels of authorization.
9. Live testing process
Scheduling API test execution every day while the testing process is live is highly recommended. Since API test execution is fast, stable, and small enough, it is easy to add more tests into the current testing process with minimum risks. This is only possible with automated API testing tools that come with features like:
Test scheduling with built-in test commands
Integration with test management tools and defect tracking tools
Continuous Integration with various leading CI tools
Visual log reports generation
Once the testing process is completed, you can get the result of those tests every day. If failed tests occur, you can check the outputs and validate issues to have proper solutions.
10. Do not underestimate API automation testing
API testing flow is quite simple with three main steps:
Send the request with necessary input data
Get the response having output data
Verify that the response returned as expected in the requirement
The most touch parts of API testing are not either sending request nor receiving the response. They are test data management and verification. It is common that testing a few first APIs such as login, query some resources, etc. is quite simple. The testing task becomes more and more difficult to further APIs. Therefore, API testing task is easy to be underestimated. At some point in time, you would find yourself in the middle of choosing a good approach for test data and verification method. It is because the returned data have similar structures, but not the same in a testing project. It will be difficult to decide if you should verify the JSON/XML data key by key, or using object mapping to leverage the power of programming language.
Considering API automation testing a real development project is highly suggested. It should be structured to be extendable, reusable, and maintainable.
Nguồn: Katalon.com
