What is API Testing ? How does DevAssure simplify API Testing ?
API or Application programming interface is a set of rules that enables software programs or modules to communicate with each other. API testing is a type of software testing involving the testing of such rules. These rules serve as integration points between different modules within an application and also with 3rd party applications. In order to ensure the application functions seamlessly it is important to test the functionality, reliability, performance and security of the APIs.
In API testing, the focus is on testing if the output of an API is well structured and consumable or useful to another application or module. API testing comprises of checking the response on the basis of the request parameters, validating the response status, response time and authorization.
How are APIs structured?
An api typically consists of the following components -
API Endpoint
These are specific URLs or paths that help associate with a particular functionality or resource offered by the API. In the above example, https://sampledomain.com/api/users is the API endpoint.
Http method
APIs use different http methods like GET, POST, PUT, DELETE etc to perform different functionalities for different use cases. Here are more details on the same -
GET Method
The GET method is used to retrieve data or a collection of data from the server. A typical example would be to get details of a user based on an ID or get details of all users within an organisation.
POST Method
The POST method is used to send and store a new data-set at the server. A typical example would be to create a user. Generally APIs with POST methods will have a response body that contains the details for new entries to be created at the server side.
PUT Method
The PUT method is used to send the data to update any specific data-set on the server. A typical example would be to update the email address of a user.
PATCH Method
This is similar to PUT, where an existing data set is updated. The difference between PUT and PATCH is that PUT rewrites the complete data-set whereas PATCH does partial modifications.
DELETE Method
The DELETE method is used to delete a single dataset or multiple data sets from the server. An example of this would be to delete a user based on id or delete all users within an organisation.
HTTP methods such as GET, POST, PUT, PATCH, and DELETE are used in API development to specify the type of action being performed on a resource.
Request Parameters
Request parameters are used to provide additional information that needs to be sent along with API requests. Request parameters also provide a way to filter API requests.
Here are a few parameter types
Query String
These are key value pairs added to the API endpoint. Example would be getting a list of active users /users?status=active
Path
This is data added to the end of the API endpoint. Example would be get user details based on an id /users/$id
Request Headers
Headers are added to the request to provide additional context and functionality to the APIs, so that the server can tailor the response. Headers make it easy to pass metadata for an API request without having to add it to the API endpoint or request body.
In addition to standard headers like Content-Type, APIs can also accept custom headers like auth tokens that help authenticate users accessing the APIs. Auth tokens can also contain details like rate limiting and expiry.
Common methods of authentication include API keys OAuth Basic Auth
Request Body
For POST and PUT API requests, additional data that needs to be sent to the server can be sent using the request body. The request body can be formatted in JSON, XML, text, files etc.
API response
The response depicts the output of the request sent to the server. It can contain data like ids or the information that was requested for in some cases an indication of success or failure along with the error messages. API responses can contain headers, body and status codes.
Status codes are the first indicators for the outcome of the API request made. Some examples of status codes include 200 OK, 404 Not found, 500 Internal Server Error, 400 Bad Request etc. In general all 2xx codes indicate success, 4xx codes indicate client side issues, and 500 indicates a server side issue.
What is API Automation?
API automation is using test automation to validate the functionalities of the APIs. APIs serve as integration points between various modules, so it's important to test APIs. Testing them manually can be time consuming and prone to errors related to missing use cases. With API automation, the APIs can be tested at a faster rate, there will be increased test coverage, and bugs can be detected early in the development cycle.
What are the key challenges with API automation ?
- Complex test environment set up
- Using mocked data
- Testing chaining of APIs
- Validating huge API responses with or without pagination
- Authentication and authorization complexities
- Handling dynamic data in requests
How can DevAssure be used for API automation?
DevAssure is a no code test automation platform that simplifies automated testing for APIs. DevAssure’s test case generation and test automation capabilities make it one of the most preferred tools for automated testing.
Creating and automating API test cases with DevAssure
DevAssure's AI engine converts the swagger doc into test cases that can be later converted into automation.
Before proceeding further, here are a few resources that can help you get started with DevAssure
Generate Test cases from Swagger docs using DevAssure
DevAssure's test case generation capabilities will be explained using this example https://petstore.swagger.io/v2/swagger.json
The contents of the swagger.json should be uploaded to the tool. DevAssure then starts generating the API test cases for the different API endpoints.
The AI engine is capable of generating
- Feature and Regression Test cases
- Positive and negative API test cases
- Test cases for the different status codes
- Test cases for the different data types in the API request
- Authentication and authorization test cases
- Test cases for different types of responses
Additionally, DevAssure provides an interactive interface where the AI bot starts asking questions around specific scenarios. This prevents hallucination and any assumptions on the AI part. The test cases generated will be very specific to the application or API under test.
Here are some of the questions the AI bot asked -
Here are few samples of the test cases generated for https://petstore.swagger.io/v2/swagger.json
DevAssure is a test case management tool. So these test cases generated by AI can be saved as files in DevAssure. The interface for the test cases contain 3 tabs - Test details, Test data and Automation.
DevAssure is also a Low code Intelligent Test Automation platform that supports API automation testing. DevAssure has a predefined set of built in libraries and commands in NLP that allow APIs to be defined and automated with no code written.
Some of the key advantages of DevAssure's API automation platform are
- No code automation tool
- Test data integration where data can be retrieved from multiple sources like static tables, CSV files, Databases like POstgreSQL or MySQL.
- Before and after test hooks to help with data prep before and after test executions
- Libraries for File operations
- Ability to chain APIs
- Separate interfaces for API definitions and API automation implementation
- Comprehensive reports and analysis
- CI/CD integration with any CI system
Learn more about creating and automating API test cases.
Create API definitions with DevAssure
The image below shows how the API definitions can be added in DevAssure. DevAssure also provides the ability to test the API definitions added before starting to write the scripts for API test automation.
Automate API tests cases with DevAssure
The image shows a sample script for API automation using DevAssure to test API defined above.
Key pointers about the above test
- Test data is used to store the data
- Another API is used to validate if the API post call has been successful
- DevAssure also supports Database Validations
Reporting and Analysis
Here's how the sample report would look like, containing the details of the request, response and failures in case the test fails.
To experience how DevAssure can leverage API testing, please click the below button to sign up for the free trial.
Furthermore, to have a personalized demo on how the DevAssure test automation platform can leverage your Organization's testing capabilities, please click the button to request a demo session with our team of experts.