Software development is a process that involves not only programmers and designers but also business professionals willing to invest their time and resources to create functional solutions. If you are a stakeholder willing to spend money in the most effective way or software engineer willing to save some of your nerves, you should definitely include API test into your project roadmap. Here’s why.
Imagine a high-school student that fails the most important exams of the semester and is forced to repeat all of the material to retake their exams. Usually, it would be too late to learn everything in one or two days, so our not-so-busy bee might be in serious trouble. By starting to study earlier they would have avoided this problem. This careless attitude at the beginning applies not only to teenagers but also programmers working on software development projects.
Quality Assurance and agile methodologies
The iterative characteristics of agile methodologies encouraged software developers and QA specialists to perform tests even in the early stages of their projects. Nowadays, weekly or bi-weekly iterations (usually named sprints) involve a variety of tests. Among good practices is, for instance, early testing during the release of the new pieces of software. In waterfall projects, however, tests are performed during the late stages, which consequences in a long time spent on bug fixing.
Doing tests on every piece of software secures not only a higher quality of each delivery but also of the whole project. It seems like the additional effort might be time-consuming, but the statistics clearly show that the extra mile run by experienced QA specialist in each sprint significantly limits the involvement of the software developers and allows them to focus on the new features.
Business aspects of API testing
API testing is making a step further. It’s like opening the door to the application and inviting the QA specialist inside to look around. Graphics User Interface tests (GUI) will always be a necessity, but sometimes it is hard to discover the reason for an issue. However, even if many bugs can be eared or even avoided during API tests, QA specialists don’t have access to the application’s internal structure. Luckily, skilled testers know which API calls they can test and that they can indicate what kind of input will work best.
If you are not a programmer or tester, think of an API like a menu in a restaurant. The menu provides a list of dishes you can order, along with a description of each dish. When you specify what menu items you want, the restaurant’s kitchen does the work and brings them to your table. You don’t know exactly how the restaurant prepared that food, but you don’t really need to.
API tests are an extra effort, which seems to be a painful and unnecessary cost for some of the software development projects. Additional hours on the spreadsheet named API testing (that’s right next to the bug fixing and QA test sheets) at first glance may seem to be too much. However, this effort will speed all other processes and make them more effective as many issues will be discovered (and solved!) instantly.
Performing the tests
Nowadays the voices saying that the GUI king is dead, long live the API king is getting louder. The reason for that is that building an app using API is (thankfully) getting more and more common. In this article, we will focus on REST API testing.
But before we answer the question of “What is API testing?”, you should get to know more about API and REST. API (Application Programming Interface) is a set of definitions, protocols, etc. that are used by an individual program to communicate with one another and use each other's functions to get the required information. It focuses on the business logic, not the GUI level.
And what is REST? REST (Representational State Transfer) is an architectural style used when developing apps that are using such web services as, for example, monolithic Django service. A RESTful API testing takes advantage of HTTP methodologies and uses them for CRUD (create/read/update/delete) operations. You can use the GET method to retrieve a resource; POST to create new resources; PUT to create a new entity or update an existing resource and DELETE method to delete resources.
Agile for QA
In the world of agile methodologies, GUI testing is not enough. A couple of years ago, when developers finished their work, testers started checking both frontend and backend development. Nowadays we are working in the age of agile and continuous testing, thus our testing approach needed to change too. Due to that GUI testing started to not be sufficient enough - the app needs to be checked at the lower, API level.
After all, QA specialists also work in the agile and they can’t wait for the whole app to be ready for tests. API tests are introduced at the early stage of checking staging and dev environments. It’s important to start them as soon as possible to ensure that both endpoints and the values they return are displayed properly.
When it comes to API testing, the crucial thing is to have good communication between developers, testers, and customers. Developers should ensure that testers can easily validate APIs endpoints. To do that developers and testers use such API tools as Swagger API documentation tool, which can be easily integrated with Django REST Framework.
API testing with Postman
With REST API well-documented, testers can start testing APIs endpoints. Before the testers start API testing, they need to gather some requirements and answer such questions as when the API is being used or which endpoints are being used really often. They should understand the customer’s needs and try to assure the best quality.
To create an API test you need the right tool. In our tutorial, you will use Numbers API with Postman tool. Steps for Testing REST API are as follows:
- Step 1. Download, install, and launch the Postman app. After that, the Postman GUI mode should appear.
Postman GUI mode
- Step 2. It is time to send the first request. This API request will contact a server with API endpoints. Enter http://numbersapi.com/random/math into the URL field.
Send the first request
- Step 3. To perform an action on API endpoint you should use HTTP methods that were mentioned above. In this case, you will use the GET method to retrieve a resource.
Retrieving a resource with the GET method
- Step 4. Click the Send button to see the request.
Sending a request
- Step 5. Take a look at the 200 OK status code. It means that the request was successfully received and the response contains an entity corresponding to the requested resource.
200 OK status code
Why API testing is important?
Comparing to GUI functional tests, QA specialists can start API testing earlier in the development process. And the sooner a problem is detected, the faster, cheaper, and easier it is to fix it. And fixing bugs isn’t cheap - it cost the US economy approximately $59.5 billion (Software) in 2002. In 2016, this number had increased to $1.1 trillion!
The main purpose of the User Interface testing is to check the graphical interface part of the application. This includes testing things we can see, such as menu, input, sidebar, or fonts - in other words, the look and feel of the app. The main idea of the API testing is to ensure that the communication between web services works fine and that the testers focus on the business logic of the app. API lacks a GUI so it never concentrates on the look of the application.
What are the best practices when API testing?
During our API tests planning there should occur some questions. The main one should be about the priorities. Are the most common issues and conditions identified? What are the most common situations in which API calls are used and should those conditions be double checked? We should always remember about negative test scenarios for example if we are testing the text field we should check the validation on special characters, exceeding 10 characters or having numerical inputs. The app can’t crash during those tests.
The next thing is the right API endpoint management. In the REST API can be hundreds of endpoints so we should group them somehow. We can’t miss any endpoints, all of them must be checked.