The global API testing market size is expected to grow from USD 384.3 Million in 2016 to USD 1,099.1 Million by 2022, at a Compound Annual Growth Rate (CAGR) of 19.69% from 2017 to 2022. The base year considered for the study is 2016 and the forecast period is 2017–2022. (Source: MarketsandMarkets).
But before getting into what API testing is, why it would make a best career option, let’s understand the basics.
Application Programming Interface aka API is an integral part in software systems. APIs act as an intermediate entity that helps in the communication between two software systems. Anything and everything we do online, has some sort of API, that enables communication and gets our job done. Ticket booking, table reservations, any sort of ticket reservations, even going to your browser in mobile phone to check something has an underlying API that fulfils the communication between sender and receiver.
In layman terms, you can think of an API as a messenger who sends your request to an application or system and receives the response to give back what you requested in the first place.
APIs have become an integral part of programming. Nowadays, it is very common to write APIs to communicate with the database or to another module of application programming.
Most APIs take the business logic and direct database access to the application.
Any software system can be split in three layers – Presentation layer, Business layer and Database layer.
Let’s consider a small example of booking a hotel room through a site which shows you various hotels available and you can choose the best option for you.
Here the presentation layer is the screen of the booking site which the end user can view. Now you input your needs like, city, type of room, days of stay etc. Upon searching you will get the list of room options. But how do you get all the information like availability of the rooms? That’s where APIs come into picture. APIs gather information from various hotel’s databases and give back the data to the end user.
This is applicable for all the systems, applications and services. With the help of APIs relevant and most importantly, most updated information is given to the end user.
But it is not all what an API does! API gives an additional layer of security for the data. With APIs only a small part of data (whatever that is required) is communicated, rather exposing the whole underlying data.
We have seen enough about APIs and their importance, which leads us to our topic API testing!
API Testing, as the name implies it is the testing that is carried on APIs i.e. business layer! All the APIs are tested if their functionality requirement is met, how secure they are, how fast their response is and how reliable the APIs are.
In simple terms, API testing helps us to estimate if the API is performing their intended operation or if it has some bugs/defects.
User-interface independent: API testing can be carried out irrespective of the GUI. API testing can be done even without a user interface.
Language independent: The data passed is always xml or Json, so API testing automation can be done in any programming language, and it is independent of the programming language which is used for application development.
Test coverage: There is an improved test coverage with API Testing and almost all the test cases can be automated in API Testing.
Faster Builds: The time taken to fix bugs while in GUI testing is more when compared to API testing, thus API testing eliminates minor bugs even before GUI is done.
There are five major steps involved in API testing. They are API Specification Review, Test Specification Preparation, Test Environment Development, Test Case Development, Test Execution & Reporting.
API Specification Review: The very first step is to analyze the API. What is the purpose of this API and who is the target customer it is intended for? What is the workflow logic behind this API? What are the features of this API? What are all the integrations this API supports and how it works in each of them. This will help in planning the tests.
Test Specification Preparation: In this step the scope of the testing is documented, what are the problems that are expected, what are the features we are testing for. We also define the desired outcome of the testing in this step and with that, we will determine whether the test case has passed or failed.
Test Environment Development: Once the scope of the API Testing is confirmed, the desired testing environment is configured, mostly by the devops team. They configure all the software, servers, database and every system that API interacts under the scope of it.
Test Case Development: We will combine the application data along with testing scenarios and develop test cases in this step. We will also finalize on the types of tests that are to be conducted in this step.
Test Execution & Reporting: Considering the end user point of view, various test scenarios are tested and the status whether they have passed the test or not is reported & documented in this step.
As you can see from the above one of the important steps in API testing is the various types that are to be done.
Let’s see the various API testing types that are available.
To check if the API is carrying out what it has to do. There are two types of functionality testing. They are positive testing & negative testing.Positive testing is where we give all right data and check if they are working well. Negative testing is the one where we give all sorts of wrong data/input and check how the API is responding to wrong input.
These are used to assess the performance capability of the APIs, whether they can handle more load or not. Some of the performance testing are soak test- running for longer duration than intended, stress test- increase the users to check when error is thrown or when API cannot handle the request, load test – to measure the maximum load that API can handle and to measure the response time, spike test – testing with sudden spike of users and checking the API stability, peak test – similar to soak test but in smaller time frame and scalability test – to check how API handles the load changes.
There are three tests – security, penetration and fuzz tests are done to ensure the security of the API. Security testing is to ensure if all the security requirements are met by the API and how well the data is encrypted. Penetration testing is done by attacking the API from outside and check how security requirements are met. Fuzz testing is done by giving a large amount of random data and checking the stability of the API.
We know what API testing is, how API testing works, what are the API testing types in this blog. Next blog will have information about API testing tools, challenges in API testing and how API testing is automated. Stay tuned!
If you want to have in-depth learning of API testing, our new batches are starting soon, contact us to enroll!