API testing or the functionality of the application. Using API testing you are also validating the data responses, as well as ensuring whether your APIs are performant and secure. focuses on testing the business logic So you are testing the core functionality of the application or worrying about the look and feel of the application. With API testing you can either test a single request or the integration between multiple requests and validate the response that's being returned by the server. without touching the UI : Validate an API response Let's say you are testing the 'users' API: . https://jsonplaceholder.typicode.com/users You'll see a response similar to this on a GET call: { : , : , : , : ,
  ...
}, id 1 name "Leanne Graham" username "Bret" email "Sincere@april.biz" You can validate the following scenarios: Ensure the value of the required properties are not empty such as username or email Verify email is in the right format The name should take 'x' number of max characters Similarly, you can create and verify many such scenarios per your business requirement. : Types of API Testing - Testing the business logic of the application. For example, if I make an API call to the signup route, I expect it to create a new user for me and provide the details of that new user in the response. Functionality Testing : Basically, making sure if our APIs can handle the application load. For example, if 1000 users are hitting the API at the same time, our APIs should be able to handle that load meaning it should not break or take lots of time to return the response Load Testing : Checking if the APIs are secure. For example, we don't want someone to be able to access the application data without going through the proper authentication process and having the correct token. Another example would be, we don’t want one user to be able to access the data of other users, etc.. Security Testing : Basically going one level deeper and making sure hackers or attackers cannot break your application or access your company's sensitive data Penetration Testing : Ensuring that the APIs are able to handle wrong or invalid input. For example - users should not be able to enter an invalid email format, or register without entering email or password, etc. Negative Testing : Advantages of API Testing : In most cases, your APIs will get created first and then UI will integrate with the API. This way u have early access to the application functionality and you can validate if the business logic is working as expected. Also, you'll be able to catch bugs earlier in the development process instead of waiting for all the way until the end when UI will be ready Early app access : API testing can be performed a lot quicker than browser testing. Specifically, when you get to automation, API tests run a lot faster than browser tests as you are skipping the entire UI layer and jumping directly to the API layer. At the same time, you are also increasing your test coverage by testing your APIs Test speed and coverage : API testing is language independent as the data is exchanged via JSON or XML, so you can use pretty much any language for test automation that can handle JSON or XML data Language independent : API tests are much easier to maintain as they are less flaky and more reliable since you don’t typically change your business logic or APIs as often compared to the UI Easier to maintain : Check out the video below to see how to perform API Testing using a REST API console Follow on Twitter for latest updates @automationbro Subscribe to my to see more content like this YouTube channel Previously published at https://dev.to/automationbro/what-is-api-testing-522n

Twitter

YouTube

Check out my YouTube channel

Read My Stories

Too Long; Didn't Read

Get free API security automated scan in minutes

Getting started with API Testing

Too Long; Didn't Read

Companies Mentioned

@automation-bro

RELATED STORIES