API testing is a type of

software testing Software testing is the act of examining the artifacts and the behavior of the software under test by validation and verification. Software testing can also provide an objective, independent view of the software to allow the business to apprecia ...

that involves testing

application programming interface An application programming interface (API) is a way for two or more computer programs to communicate with each other. It is a type of software interface, offering a service to other pieces of software. A document or standard that describes how t ...

s (APIs) directly and as part of

integration testing Integration testing (sometimes called integration and testing, abbreviated I&T) is the phase in software testing in which individual software modules are combined and tested as a group. Integration testing is conducted to evaluate the complianc ...

to determine if they meet expectations for functionality, reliability, performance, and security.Testing APIs protects applications and reputations
by Amy Reichert, SearchSoftwareQuality March 2015 Since APIs lack a

GUI The GUI ( "UI" by itself is still usually pronounced . or ), graphical user interface, is a form of user interface that allows users to interact with electronic devices through graphical icons and audio indicator such as primary notation, inste ...

, API testing is performed at the message layer.All About API Testing: An Interview with Jonathan Cooper
by Cameron Philipp-Edmonds, Stickyminds August 19, 2014 API testing is now considered critical for automating testing because APIs now serve as the primary interface to

application logic In computer software, business logic or domain logic is the part of the program that encodes the real-world business rules that determine how data can be created, stored, and changed. It is contrasted with the remainder of the software that might ...

and because GUI tests are difficult to maintain with the short release cycles and frequent changes commonly used with

Agile software development In software development, agile (sometimes written Agile) practices include requirements discovery and solutions improvement through the collaborative effort of self-organizing and cross-functional teams with their customer(s)/ end user(s), ad ...

and

DevOps DevOps is a set of practices that combines software development (''Dev'') and IT operations (''Ops''). It aims to shorten the systems development life cycle and provide continuous delivery with high software quality. DevOps is complementary to a ...

.The Forrester Wave Evaluation Of Functional Test Automation (FTA) Is Out And It's All About Going Beyond GUI Testing
, by Diego Lo Giudice, Forrester April 23, 2015Produce Better Software by Using a Layered Testing Strategy
by SEAN Kenefick,

Gartner Gartner, Inc is a technological research and consulting firm based in Stamford, Connecticut that conducts research on technology and shares this research both through private consulting as well as executive programs and conferences. Its clients ...

January 7, 2014

API testing overview

API testing involves testing APIs directly (in isolation) and as part of the end-to-end transactions exercised during integration testing. Beyond RESTful APIs, these transactions include multiple types of endpoints such as web services, ESBs,

database In computing, a database is an organized collection of data stored and accessed electronically. Small databases can be stored on a file system, while large databases are hosted on computer clusters or cloud storage. The design of databases sp ...

mainframes A mainframe computer, informally called a mainframe or big iron, is a computer used primarily by large organizations for critical applications like bulk data processing for tasks such as censuses, industry and consumer statistics, enterprise ...

, web UIs, and

ERPs Ethernet Ring Protection Switching, or ERPS, is an effort at ITU-T under G.8032 Recommendation to provide sub-50ms protection and recovery switching for Ethernet traffic in a ring topology and at the same time ensuring that there are no loops form ...

. API testing is performed on APIs that the development team produces as well as APIs that the team consumes within their application (including third-party APIs).Onus for third-party APIs is on enterprise developers
by Amy Reichert, SearchSoftwareQuality July 2014 API testing is used to determine whether APIs return the correct response (in the expected format) for a broad range of feasible requests, react properly to edge cases such as failures and unexpected/extreme inputs, deliver responses in an acceptable amount of time, and respond securely to potential security attacks.

Service virtualization Service may refer to: Activities * Administrative service, a required part of the workload of university faculty * Civil service, the body of employees of a government * Community service, volunteer service for the benefit of a community or a pu ...

is used in conjunction with API testing to isolate the services under test as well as expand test environment access by simulating APIs/services that are not accessible for testing.Accelerate Development with Automated Testing
by Nathan Wilson,

December 30, 2013 API testing commonly includes testing

REST Rest or REST may refer to: Relief from activity * Sleep ** Bed rest * Kneeling * Lying (position) * Sitting * Squatting position Structural support * Structural support ** Rest (cue sports) ** Armrest ** Headrest ** Footrest Arts and entert ...

APIs or

SOAP Soap is a salt of a fatty acid used in a variety of cleansing and lubricating products. In a domestic setting, soaps are surfactants usually used for washing, bathing, and other types of housekeeping. In industrial settings, soaps are use ...

web services with

JSON JSON (JavaScript Object Notation, pronounced ; also ) is an open standard file format and data interchange format that uses human-readable text to store and transmit data objects consisting of attribute–value pairs and arrays (or other ser ...

XML Extensible Markup Language (XML) is a markup language and file format for storing, transmitting, and reconstructing arbitrary data. It defines a set of rules for encoding documents in a format that is both human-readable and machine-readable. T ...

message payloads being sent over

HTTP The Hypertext Transfer Protocol (HTTP) is an application layer protocol in the Internet protocol suite model for distributed, collaborative, hypermedia information systems. HTTP is the foundation of data communication for the World Wide Web, ...

HTTPS Hypertext Transfer Protocol Secure (HTTPS) is an extension of the Hypertext Transfer Protocol (HTTP). It is used for secure communication over a computer network, and is widely used on the Internet. In HTTPS, the communication protocol is enc ...

, JMS, and MQ.A Guidance Framework for Designing a Great Web API
by Eric Knipp and Gary Olliffe ,

August 20, 2014 It can also include message formats such as

SWIFT Swift or SWIFT most commonly refers to: * SWIFT, an international organization facilitating transactions between banks ** SWIFT code * Swift (programming language) * Swift (bird), a family of birds It may also refer to: Organizations * SWIFT, ...

, FIX, EDI and similar fixed-length formats, CSV,

ISO 8583 ISO 8583 is an international standard for ''financial transaction card originated'' interchange messaging. It is the International Organization for Standardization standard for systems that exchange electronic transactions initiated by cardholde ...

and

Protocol Buffers Protocol Buffers (Protobuf) is a free and open-source cross-platform data format used to serialize structured data. It is useful in developing programs to communicate with each other over a network or for storing data. The method involves an int ...

being sent over transports/protocols such as

TCP/IP The Internet protocol suite, commonly known as TCP/IP, is a framework for organizing the set of communication protocols used in the Internet and similar computer networks according to functional criteria. The foundational protocols in the suit ...

MQTT MQTT (originally an initialism of MQ Telemetry Transport) is a lightweight, publish-subscribe, machine to machine network protocol for Message queue/Message queuing service. It is designed for connections with remote locations that have devices ...

, FIX, RMI,

SMTP The Simple Mail Transfer Protocol (SMTP) is an Internet standard communication protocol for electronic mail transmission. Mail servers and other message transfer agents use SMTP to send and receive mail messages. User-level email clients typical ...

TIBCO Rendezvous TIBCO Rendezvous is a software product that provides a message bus for enterprise application integration (EAI). Details TIBCO provides messaging APIs in C, C++, Java, Visual Basic, Perl and .NET to provide messaging between two or more servi ...

, and FIX.How Do We Learn Composite App Testing-Speak?
by Adrian Bridgwater,

Dr. Dobb's Journal ''Dr. Dobb's Journal'' (''DDJ'') was a monthly magazine published in the United States by UBM Technology Group, part of UBM plc, UBM. It covered topics aimed at computer programmers. When launched in 1976, DDJ was the first regular periodical focu ...

February 14, 2012

API testing, GUI testing, and test automation

API Testing is recognised as being more suitable for

test automation In software testing, test automation is the use of software separate from the software being tested to control the execution of tests and the comparison of actual outcomes with predicted outcomes. Test automation can automate some repetitive bu ...

and

continuous testing Continuous testing is the process of executing automated tests as part of the software delivery pipeline to obtain immediate feedback on the business risks associated with a software release candidate.

(especially the automation used with

and

) than GUI testing. Reasons cited include: * System complexity: GUI tests can't sufficiently verify functional paths and back-end APIs/services associated with multitier architectures. APIs are considered the most stable interface to the system under test. * Short release cycles with fast feedback loops: Agile and DevOps teams working with short iterations and fast feedback loops find that GUI tests require considerable rework to keep pace with frequent change. Tests at the API layer are less brittle and easier to maintain. For these reasons, it is recommended that teams increase their level of API testing while decreasing their reliance on GUI testing. API testing is recommended for the vast majority of test automation efforts and as much edge testing as possible. GUI testing is then reserved for validating typical use cases at the system level, mobile testing, and usability testing.

Types of API testing

API testing typically involves the following practices: *

Unit testing In computer programming, unit testing is a software testing method by which individual units of source code—sets of one or more computer program modules together with associated control data, usage procedures, and operating procedures&md ...

- Testing the functionality of individual operations. *

Functional testing Functional testing is a quality assurance (QA) processPrasad, Dr. K.V.K.K. (2008) ''ISTQB Certification Study Guide'', Wiley, , p. vi and a type of black-box testing that bases its test cases on the specifications of the software component unde ...

- Testing the functionality of broader scenarios, often using unit tests as building blocks for end-to-end tests. Includes test case definition, execution, validation, and

regression testing Regression testing (rarely, ''non-regression testing'') is re-running functional and non-functional tests to ensure that previously developed and tested software still performs as expected after a change. If not, that would be called a '' regre ...

. *

Load testing Load testing is the process of putting demand on a structure or system and measuring its response. Software load testing The term ''load testing'' is used in different ways in the professional software testing community. ''Load testing'' gene ...

- Validating functionality and performance under load, often by reusing functional test cases. *

Runtime error detection Runtime error detection is a software verification method that analyzes a software application as it executes and reports defects that are detected during that execution. It can be applied during unit testing, component testing, integration tes ...

- Monitoring an application the execution of automated or manual tests to expose problems such as race conditions, exceptions, and resource leaks. *

Security testing Security testing is a process intended to reveal flaws in the security mechanisms of an information system that protect data and maintain functionality as intended. Due to the logical limitations of security testing, passing the security testing ...

- Includes

penetration testing A penetration test, colloquially known as a pen test or ethical hacking, is an authorized simulated cyberattack on a computer system, performed to evaluate the security of the system; this is not to be confused with a vulnerability assessment. T ...

and

fuzz testing Fuzz may refer to: * Fuzz (film), ''Fuzz'' (film), a 1972 American comedy * ''Fuzz: When Nature Breaks the Law'', a nonfiction book by Mary Roach * The fuzz, a List of slang terms for police officers, slang term for police officers Music * Fuzz ...

as well as validating authentication, encryption, and access control. * Web UI testing - Performed as part of end-to-end integration tests that also cover APIs, enables teams to validate GUI items in the context of the larger transaction. * Interoperability testing - (SOAP only) Checking conformance to

Web Services Interoperability The Web Services Interoperability Organization (WS-I) was an industry consortium created in 2002 and chartered to promote interoperability amongst the stack of web services specifications. WS-I did not define standards for web services; rather, it ...

profiles. *

WS-* There are a variety of specifications associated with web services. These specifications are in varying degrees of maturity and are maintained or supported by various standards bodies and entities. These specifications are the basic web services ...

compliance testing - (SOAP only) Checking compliance to WS-* standards such as WS-Addressing, WS-Discovery, WS-Federation, WS-Policy, WS-Security, and WS-Trust. *

Penetration testing A penetration test, colloquially known as a pen test or ethical hacking, is an authorized simulated cyberattack on a computer system, performed to evaluate the security of the system; this is not to be confused with a vulnerability assessment. T ...

- testing a computer system, network or Web application to find vulnerabilities that an attacker could exploit. * Fuzz-testing - massive amounts of purely random data, sometimes referred to as "noise" or "fuzz", is forcibly input into the system in order to attempt a forced crash, overflow, or other negative behavior. This is done to test the API at its absolute limits, and serves somewhat as a "worst case scenario".

Software

References

{{Software testing Software testing

API testing overview

API testing, GUI testing, and test automation

Types of API testing

Software

See also

References