I like this particular definition of API testing because it covers both functional and nonefunctional aspects of the API testing.
“API testing involves testing the application programming interfaces (APIs) directly and as part of integration testing to determine if they meet expectations for functionality, reliability, performance, and security.” - retrieved from here
Here is an article talk about some best practices in API testing
- Test first for the typical or ordinary results, for what happens consistently and what doesn’t.
- Add stress to the system through a series of API load tests.
- Test for failure. Keep working and working until you get a Fail output, making sure the API fails consistently and gracefully.
- Group test cases by test category.
- Parameters selection should be explicitly mentioned in the test case itself.
- Prioritize API function calls so that it will be easy for testers to test in a timely fashion.
- Limit the tests from as many variables as possible by keeping it as isolated as possible.
- Automate API documentation creation with a standard like Swagger, but then run through the tests, making sure the documentation makes sense for all levels of user experience.
- Throw anything you can at the API to test for how it handles unforeseen problems and loads.
- Perform well-planned call sequencing.
- Later on, get creative! For complete test coverage, create test cases for all possible API input combinations.
- Reuse your tests to monitor your APIs in Production.
- Automate whatever you can.
- But trust your instincts if something seems off!
Here is alist of API Testing Tools List