I was inspired by Maciej Wyrodek once again. This time to gather all of my activities during #30daysoftesting in one article as he did last week on his blog.
Let’s summarize my activities in the event in one sentence. I’ve done 14 of 30 points of API testing. It might be not so many at a glance however I’m proud that I’ve decided to accept the challage and I haven’t gave up.
#apitesting, #testcharter, #exploratorytesting, #modelbasedtesting, #fidler, #postman, #mocks, #stubs, #httprespone, #kolblearningcycle
Challenge #1 – Define what API testing is
Looking at Wikipedia API testing is „a type of software testing that involves testing application programming interfaces (APIs) directly and as part of integration testing to determine if they meet expectations for functionality, reliability, performance, and security. Since APIs lack a GUI, API testing is performed at the message layer. API testing is now considered critical for automating testing because APIs now serve as the primary interface to application logic and because GUI tests are difficult to maintain with the short release cycles and frequent changes commonly used with Agile software development and DevOps”
Smartbear defines it as „testing that APIs and the integrations they enable work in the most optimal manner. This form of testing concentrates on using software to make API calls in order to receive an output before observing and logging the system’s response. Most importantly, this tests that the API returns a correct response or output under varying conditions.”
Guru99 describes Api Testing as „entirely different from GUI Testing and mainly concentrates on the business logic layer of the software architecture. This testing won’t concentrate on the look and feel of an application. Instead of using standard user inputs (keyboard) and outputs, in Api Testing, you use software to send calls to the API, get output, and note down the system’s response.”
Challenge #2 – How would you approach API Exploratory Testing
First of all let’s explain what exploratory testing is.
I’ve found good description of this type of testing on ToolsQA page. Below you can find only small part of that. Please go to the page for more details.
„As its name implies, Exploratory Testing is about exploring, finding out about the software, what it does, what it doesn’t do, what works and what doesn’t work. This is more over depend on the experience of the tester and that is why it falls under the Experience Based Testing category. The tester is constantly making decisions about what to test next and where to spend the (limited) time. This is an approach that is most useful when there are no or poor specifications and when time is severely limited.”
From previous post it should be clear what API testing is about. Let’s use what we know already to start API exploratory testing.
I’d suggest applying Test Charters as described below for playing with API.
Challenge #3 – API testing related books
The 3rd challenge is about reading API testing related books and sharing some knowledge. This time I’d share list of books about API testing I’ve found. Please note that I’ve read none of them.
- Automating and Testing a REST API: A Case Study in API testing using: Java, REST Assured, Postman, Tracks, cURL and HTTP Proxies, author: Alan Richardson
- How To Thrive As A Web Tester, author: Rob Lambert – one of the chapter is about API testing
- Api Testing: A Reference for the Rest of Us, author: Gerardus Blokdyk
- API Layer Testing A Complete Guide, author: Gerardus Blokdyk
- Api Testing Recipes in Ruby: The Problem Solving Guide to Api Testing: Volume 7 (Test Recipes), author: Zhimin Zhan
- API Web Service Testing a Clear and Concise Reference, author: Gerardus Blokdyk
- Testing Java Microservices, authors: Alex Soto Bueno, Jason Porter, Andy Gumbrecht
- Testing Microservices with Mountebank, author: Brandon Byars
Challenge #4 – Share a resource on HTTP and how it works
Challenge #5 – Contribute to the list of publicly available APIs over on The Club, that we can utilise to proactive API testing
Challenge #6 – Read and share an interesting blog post on API testing
Challenge #7 – Complete exercise one over at The Club using popular API testing tools such Postman, SoapUI, and APIFortress
Challenge #8 – Explore the API thread on The Club and contribute to the conversation
Challenge #9 – Share some tools we can use to discover what API calls our application are making
I’d like to share only two of them however there are many more.
1. developers tools in browser – you can check API calls using Network tab
2. Fidler – tool that allows you to monitor, manipulate, and reuse HTTP requests
Challenge #10 – Share your favourite API testing tools and why
My favourite API testing tool is Postman. I think it is easy to start with API testing and I would recommend it for people who just want to start with API testing. You can use it easly for manual tests. Below you can find more advantages.
For automated tests I would suggest using Rest Assured.
Challenge #11 – Learn about different types of API’s, share your findings
Challenge #12 – Share what skills a team needs to succeed with API testing
Challenge #13 – Contribute to the list of API automation tools over The Club and share your experiences with using them
Challenge #14 – Compare and contrast mocking, stubbing and faking
Challenge #15 – Find, use and share your thoughts on a new API testing tool
Unfortunatelly I’m not able to try any tool because of lack of time at the moment. Instead of that I’d like to share list of the tools I’ve found. It was prepared by Guru99.
Challenge #16 – Complare exercise two over at The Club using a framework in your prefered language, or a tool with automation capabilities
Challenge #17 – Find 5 API testing experts to follow on Twiter
Challenge #18 – Share an HTTP Header and explain its purpose
Challenge #19 – Find and share a useful video about API testing
Challenge #20 – Share all the tools, frameworks, and libraries currently used in your API testing along with why
Challenge #21 – Complete exercise three over at The Club using your preferred tools
Challenge #22 – Share your biggest frustration with API testing
Challenge #23 – Status codes are often misused, share your favourite resources for understanding status codes
Challenge #24 – Share the best API bug you’ve found
It was security issue when user could see data which he shouldn’t be allowed to see. The data were correctly displayed on UI but not cut properly on API level.
Challenge #25 – Security is important in APIs, how are you security testing your APIs?
Challenge #26 – Demo some of your API testing to other members of your team
Challenge #27 – What advice would you give to someone looking to get started with API testing?
Totaly agree with Maciej Wyrodek. It is not important what you’d like to learn but how you do it. You should always do it in the way which is good for you and works for you.
Kolb Learning Cycle might be helpful. I’ve already mentioned about it in my first article.
Challenge #28 – Performance is key to a good API, how are you performance testing your APIs?
Challenge #29 – Browser developer tools have lots of API testing features, explore them and share your findings
I use mostly Network tab where you can check API calls and responses.
Challenge #30 – Complete exercise three over at The Club using your preferred tool, it’s all about data iteration