What is API Testing?

What is API Testing?

APIs are computer programs, and just like any other computer program, they may have bugs. When a mobile app crashes due to a bug, it’s just one user that is affected by that bug, but when an API crashes, it has an impact on many users; in other words, it cascades,, so it’s essential for software teams of any size to leverage API testing and API monitoring as a way to verify the correctness of the code and catch bugs early enough and before causes issues for your customers.

Table of Contents

Looking for an API testing tool?

Testfully offers multi-step tests, local & deployed API testing, team collaboration, historical test results and many more features. Import from Postman supported!

What is API Testing?

API testing is a subset of automated software testing, a practice for software teams to automatically verify their code’s correctness. As we mentioned in the What is API article, APIs are software programs without GUI. Lack of GUI makes testing APIs more practical than standard software programs with GUI. Software teams exercise API testing to verify functionality, performance, and security of their APIs. Before we jump on details of API testing, let’s review the benefits of this practice.


Benefits of API testing

From catching bugs early to increase the confidence of your team for releases, automated API testing offers a lot of benefits, including:

  • Verify correctness of APIs in the shortest possible time
  • Catch bugs early and while building APIs
  • It helps new members with less experience with the codebase contribute to the projects without being afraid of breaking features or introducing bugs to the software.
  • Automated testing improves the delivery time of software teams as your team needs less time for testing changes and new features.

Software programs, including APIs, may have different types of bugs. It’s important to know what kind of bugs within your API can be caught using API testing:


Catch bugs

When it comes to catching bugs, automated API testing can find the following kinds of bugs in your API code:

  • Bugs in business logic, for example, calculation of rent for a real estate rental ledger API
  • Bugs in data storage and retrieval, for example, not being able to store names with special non-ASCII characters
  • Inconsistent behavior. For example, API does not respond from time to time, or it’s slow.
  • Error codes. For example, API does not return the expected error code when a product does not exist in the system.
  • Not being able to handle unhappy scenarios. For example, API crashes when developers pass an invalid product id to the inventory API


Challenges of API testing

Automated software testing in general and API testing specifically is a new topic in software development. As a result, there are challenges ahead of teams who want to exercise API testing in their projects, including:

  • To write practical tests, your code should be testable. A testable code is written with testability in mind to allow easy testing.
  • API testing requires special skills. For example, developers need to make themselves familiar with the frameworks and libraries to use for testing.
  • API testing can slow down teams initially as they need to write code for testing APIs, but overall improve the delivery time


Types of API testing

Like any other programming concept, API testing comes in different variations to cover different use cases and needs. Below is a list of three popular types of API testing that you can leverage today, which works with different types of API:

  • Unit Testing APIs
  • API integration testing
  • API performance testing

Let’s go through each of these categories and explore their benefits.


Unit Testing

Unit testing is a popular method of testing code, including APIs. In unit testing, the smallest units of code (usually, functions) in software are tested independently and in isolation. Software developers typically practice unit testing while writing code by writing test cases and running them against the code, known as Test-driven Development (TDD).

For example, we can break down the code for an API endpoint that returns information about an author into the following units of code:

  • One unit of code to fetch author information
  • One unit of code to fetch books for the requested author
  • One unit of code to:
    • Handle edge cases when the author does not exist
    • Generate a response based on author and bokos and returns it to the user.

The below diagram shows how a developer would use unit tests for testing this API:

diagram of units of code for unit testing


Unit testing pros

  • It’s relatively easy to write unit tests for code
  • Unit tests run fast; developers get feedback very quickly
  • Almost all programming languages have libraries and frameworks to facilitate unit testing


Unit testing cons

  • The process of writing unit tests can be time-consuming and slow teams down
  • Maintaining unit tests can also be time-consuming
  • It doesn’t catch all kinds of bugs

Looking for an API testing tool?

Testfully offers multi-step tests, local & deployed API testing, team collaboration, historical test results and many more features. Import from Postman supported!

How to practice unit testing

To write unit tests for your API, start with writing testable code. You will have a hard time writing unit tests for a code that is not testable, and even if you manage to write tests, they won’t be very effective and fail regularly and require a lot of maintenance. The good news is that writing testable code is not that difficult. You need to follow a couple of best practices that are common between different programming languages, including:

  • Break down big units of code into smaller units of code
  • Make sure units of code have a single responsibility
  • Some code units depend on other units to function; try to use abstractions like interfaces or dependency injection to provide the dependencies. Replaceable dependencies make testing easier and code testable in general.

With a testable code in place, you can follow the below steps to write unit tests for your code.

  • Pick a framework or library as the test runner. Test runners are in charge of running test cases for your application. A good test runner is a test runner with the following features:
    • Allows you to group tests into relevant categories. It should also support sub-grouping as well.
    • Allows you to define easy to read and understand descriptions for each test
    • Provides a way to run all tests in one go
    • Provides a way to run a selection of tests instead of all tests
    • Provides hooks for running code before and after tests are executed
    • Integrates easily with assertion libraries
  • Assertions are a big part of test automation, so you need to pick an assertion library or framework that offers the following features:
    • Capable of comparing values with each other
    • Provides a way to define custom error messages for failed assertions
    • Works well with your test runner of choice
    • Prints readable error messages when test assertions fail
  • Create a file for your test cases and start writing test descriptions for one of your units of code
  • Invoke one unit of code in one of the tests, capture the returned value and make sure it matches the expected value
  • Run the test and make sure it passes
  • Repeat step 3, 4, and 5 as much as needed

The below getSlug() function (unit of code) is written in Javascript to return the slug version of the provided input:

Example Javascript code to generate slug values

Below are some example unit tests for the getSlug function:

Example unit tests in Javascript for slug function

Running the tests would print something like this:

Example test result for Mocha library


API Integration Testing

Integration testing (also known as Synthetic API testing) is another popular method of testing APIs. Integration tests verify the correctness of APIs end to end. It’s not uncommon to see endpoints in REST APIs or queries in GraphQL APIs are tested end to end using this approach.

Continuing with our API endpoint that returns information of an author and the authored books example, we would test the entire logic as one unit of code rather than breaking it down into smaller code units. The diagram below shows how the code is seen as one unit and tested altogether.

Example diagram for integration testing a simply Restful API endpoint


Integration testing pros

  • They can catch almost any kind of bugs that is related to APIs
  • Nearly all programming languages have libraries and frameworks to facilitate integration testing


Integration testing cons

  • It’s not as straightforward as unit tests to write
  • Running integration tests can be slower than unit tests
  • Writing integration tests can be time-consuming
  • Maintaining integration tests can be time-consuming.


How to practice integration testing

Software teams start the integration testing process after they finish the development of a feature. It can be simpler than unit testing due to the black-box nature of integration testing. If you’re going to write integration tests yourself, you need to pick a test runner for your test cases, an assertion library, and some other libraries to send requests to your API.

The below simple API is in Javascript. Users can get a slug version of input by sending a POST request to the /api/slug endpoint:

example Restful API code written in Javascript using Node and Expressjs library

Let’s write some integration tests using Supertest, a known Javascript library for testing APIs.

example integration tests in Javascript for Restful API using Supertest

Running the tests would print something like this:

screenshot of test results for integration testing in Javascript using Mocha and Supertest


API Performance Testing

API performance testing is concerned with the correctness of APIs under heavy pressure as software behaves differently under heavy usage pressure. Software teams practice API performance testing to verify the behavior of their APIs under heavy traffic loads.


Performance testing pros

  • Performance testing identifies API & infrastructure issues under the heavy load, prepares API for heavy traffic and usage.
  • API performance testing catches edge cases easier than any other type of API testing


Performance testing cons

  • Performance testing is relatively time-consuming to exercise performance testing.
  • API performance testing requires special software and infrastructure to run tests; usually, it’s an expensive practice to exercise


API testing best practices

Following API testing best practices help you to have high-quality tests that are easy to write, extend, maintain and run.

  • A good test case fails with an easy-to-understand error message to help software teams understand the failure reason.
  • Good test cases run independent of each other and do not require specific execution orders to pass.
  • A good test case has three separated sections: Arrange, Act, and Assertion, known as AAA of automated testing.
  • Group relevant test cases together for better management
  • Test both happy and unhappy paths when testing APIs
  • Tests should run both on dev computers and CIs
  • Write test case descriptions first and then implement them as you go
  • Test code is not tested, so keep your test code as simple as possible
  • Test descriptions should declare the purpose of the test clearly
  • Good test cases don’t have side effects on each other


API Integration testing or unit testing

Integration testing or unit testing? Which one is better, and which one should we practice?” is a question I have frequently asked, so let’s go through the answer together.

Ideally, your automated testing strategy should include both unit testing and integration testing as they complete each other.

With that being said, if you have a shortage of time, we highly recommend you focus on integration testing instead of unit testing as you get more value out of your time investment. The table below compares the two methods of API testing:

Unit Testing Integration
Developers write unit tests Developers/software testers write/setup integration tests
Developers break code into small units and test each unit separately Functionality is tested end to end
Fast to run & get feedback Sometimes slow to run & get feedback
Unit tests are limited in what they can test A broad range of topics to test
Unit tests focus on code correctness validation Focused on the end to end business logic correctness validation
Unit tests require coding To do integration testing, software teams can use 3rd-party tools as well as writing code themselves.
Treats code as a white box Treats code as a black box
Requires refactoring when code changes It does not require a lot of refactoring


3rd-party Integration testing tools

When it comes to unit testing, your dev team should write the unit tests. Apart from open source testing libraries, there is not much tooling to help developers with unit testing. On the other hand, integration testing has seen many innovations, and multiple companies offer products that help teams facilitate their API integration testings. Using a 3rd party tool for integration testing has its benefits, including:

  • Development teams save time by using 3rd-party tools over bespoke integration testing solutions for API integration testing.
  • It’s easier for new members of the team to work with 3rd-party integration testing tools.
  • Your team does not need to main test code and can focus on building new features.

To give you a better picture of using 3rd party testing tools, we will implement the same test cases using Testfully.

The below screenshot shows how you would define your test cases in Testfully. In our example, we try to validate the correctness of slug API by providing a valid input to it first.

Example integration test for a Restful API endpoint using Testfully service

To validate the correctness of API, we set expectations through UI; in our example, we expect 200 OK as the Response Status and a field in response called “slug” with “hello-world” as the value.

Example response validation for a Restful API endpoint using Testfully service

We can now go ahead and run the test using Testfully UI and see the result. The below screenshot is how the result screen looks like for our test.

Example test result UI for a Restful API integration test in Testfully

Let' continue and define a test case that provides an invalid input to the API; we need to ensure that our API continues to perform even when a user provides an invalid input. The above scenario is an example of what we can unhappy path.

Example integration test (fuzzing) for a Restful API endpoint using Testfully service

And validate the behavior of the API for both the expected Status Code and Response Body.

Example response error validation for a Restful API endpoint using Testfully service


Conclusion

This article explored API testing in detail and compared unit testing, API integration testing, and API performance testing as three different testing API testing methods. Using Testfully to test & monitor API offers the following benefits:

  • You don’t spend days of your development team time on writing, maintaining, and refactoring tests
  • Testfully offers a powerful UI to run tests & see results
  • Your entire team can contribute to testing, and not only your developers

Join us today for free and start testing your APIs using Testfully.

comments powered by Disqus

Recent Articles

blog-image
7 HTTP methods and how to use them

HTTP protocol works by clients sending requests to the servers and servers responding to the requests. We do CRUD operations (Create, Read, Update, Delete) by sending HTTP requests with different HTTP methods, sometimes called HTTP verbs.



blog-image
Introduction to API Blueprint

API blueprint is a powerful high-level API design language for web APIs. In this article, we want to dive deeper into it and learn more about how it works, the differences between API blueprint and Swagger, and what makes it unique that leads to its extensive use. But before we dig into API Blueprint, we must ensure a solid base of information about the “API first approach” concepts.

blog-image
False positive & false negative in software testing

Exports in automated software testing have borrowed false positive and false negative terms from the medical examination field. In the medical field, the purpose of a test is to determine whether the patient has a particular medical condition or not. As far as software testing is concerned, a false positive indicates a bug when there is none. Conversely, a false negative indicates no bug when there is one.