Published 15 October 2014 | Updated 17 October 2023 | Anastasia Kholod
In our blog series about API technologies, we’ve been trying to figure out all main principles that are covered under the term Application Programming Interface. Today, I want to present you one more essential topic, concerning API testing.
Application Programming Interface isn’t just created to satisfy various technical requirements. It’s designed to meet specific business aims and every API developer has to ensure these aims drive the whole development process. That is why testing at the target user-interface level takes one of the major roles.
Discover this compelling article, written by Michael Churchman at Udemy and dip out a lot of useful information on API testing.
Testing an API
API testing is in many respects like testing software at the user-interface level, only instead of testing by means of standard user inputs and outputs, you use software to send calls to the API, get output, and log the system’s response. Depending on the testing environment, you may use a suite of prepared test applications, but very often, you will wind up writing code specifically to test the API. Regardless of the actual testing conditions, it is important to know what API test code should do.
Test Code: What it Should Do
Needless to say, API test code should send a specific call to the API, then output and log the expected and actual results. It should also log timing and any other relevant metrics (unless they are more easily captured by system debugging tools), along with the line of test code that was running when an API error occurred. If the test code sets a memory buffer that is larger than that required by the API, you can then look at the contents of the buffer for improper overwriting on the part of the API. The test code should capture all API outputs produced during the course of the test, using a variable which is initially set to distinctive values that would not be produced by the API itself; this makes it easier to recognize the API outputs as you look at the variable values.
What to Test For: Look for the Ordinary
Much of your testing should reflect ordinary, expected use of the API — making an API call as it would be typically be done, in a standard environment that does not put extreme or unusual stresses on the system. This does two things:
1. Most obviously, it tests for the problem arising during everyday use. If a typical use of an API call produces an error under ordinary conditions, that tells you that there’s a serious problem somewhere. Ordinary-use testing allows you to catch many of the worst bugs, as well as most of those which are likely to arise during practical use. The best and most basic testing is generally that which puts the system through its everyday paces.
2. Everyday-use testing also sets a baseline for testing under less typical, higher-stress conditions, and for more aggressive, try-to-break-it testing. If you test under unusual or high-stress conditions first, without understanding the API’s behavior under everyday-use conditions, you can waste time trying to track down something that appears to be an exotic bug, when it actually reflects a problem with basic functionality. If you start with ordinary-use testing, you can isolate the problem more easily, because you minimize the number of potential sources of error, and of unusual environmental conditions which you need to take into account.
One of the most important items that you should be testing for is how the API handles problems when they do come up. First of all, does it crash, or does it actually handle the problem? And if it does crash, how bad is the crash? Needless to say, under ordinary circumstances, you should never ship anything that’s capable of blue-screening the operating system — but it does happen. As with any other kind of software, if an API fails, it should fail gracefully, shutting itself down, displaying the appropriate system messages, and letting go of any processes. It shouldn’t just disappear without a warning, and it shouldn’t hang any applications, let alone part of the system.
What Should it Be Doing?
If you know that the API is supposed to perform a particular action (trigger an event, update data, make a change to the registry, or set a flag), the tests should check the results of that action. Does it happen when it’s supposed to happen? What about when it’s not supposed to happen? And are the results what you would expect them to be? API testing is typically black-box testing, but to the degree that you have access to the results of the API’s actions, they should be checked.
Documentation: The API
Like any other kind of software, APIs need to be documented, and the documentation needs to be accurate, complete, and usable. In the case of an API, the target audience for the documentation consists of developers, and the documentation must allow them to make full use of the API; it should be tested as part of the API. Does the documentation allow programmers with access to no other sources of information about the API to make calls to it? Does it cover all features, all inputs, and outputs? Does it include the range, type, and format of allowable input data, and the limits of the output data? Does it describe the function of the API, and of each API call? Does it list all error codes sent by the API, with their meanings?
Hope that you’ve found this article useful and interesting. API2Cart does its best to provide both developers and target clients with an excellent experience. Our Dev Team and QAs perform API testing on a regular basis to meet all the business needs and demands. In case if you have some questions about API2Cart and how it can be useful in strengthening your online business model, schedule a FREE Call with our expert.
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.