30 Days of API Testing - Day 1: Define API testing

(Luke) #1

I like this particular definition of API testing because it covers both functional and nonefunctional aspects of the API testing.

“API testing involves testing the application programming interfaces (APIs) directly and as part of integration testing to determine if they meet expectations for functionality, reliability, performance, and security.” - retrieved from here

Here is an article talk about some best practices in API testing

  • Test first for the typical or ordinary results, for what happens consistently and what doesn’t.
  • Add stress to the system through a series of API load tests.
  • Test for failure. Keep working and working until you get a Fail output, making sure the API fails consistently and gracefully.
  • Group test cases by test category.
  • Parameters selection should be explicitly mentioned in the test case itself.
  • Prioritize API function calls so that it will be easy for testers to test in a timely fashion.
  • Limit the tests from as many variables as possible by keeping it as isolated as possible.
  • Automate API documentation creation with a standard like Swagger, but then run through the tests, making sure the documentation makes sense for all levels of user experience.
  • Throw anything you can at the API to test for how it handles unforeseen problems and loads.
  • Perform well-planned call sequencing.
  • Later on, get creative! For complete test coverage, create test cases for all possible API input combinations.
  • Reuse your tests to monitor your APIs in Production.
  • Automate whatever you can.
  • But trust your instincts if something seems off!

Here is alist of API Testing Tools List

30 Days of API Testing Wrap-Up
(Will) #2

This part is so important. If you have a spec that says particular call does X, but it doesn’t feel like it makes sense for it to function like that, then question it with whoever wrote the spec. Question it with developers too. It may be that the spec is in error, or it may be that your understanding of the API is off. Either way, asking questions like this will never be wasted time.

(Lucas) #3

nailed it! Good definitions and resources!

(Lucas) #4

API testing is intended to reveal bugs: inconsistencies or deviations from the expected behavior, just as any kind of test. Nevertheless, I think this is harder then UI test, once your depency of tools is stronger and the need to automation also.

The evaluation or Inspection hundreds of JSON or XML lines it is not such an easy task for human eyes, even to Ninja Testers.

Specifically to API, other than behaviour, contracts must be tested, once it is what is exposed to de consumer use.

(srinivas) #5

(Luke) #7

Yes, I think it is the most valuable part which differentiate human testing from machine testing

(Ilya Lychkou) #10

I’m a newcomer to API testing. So my answer is not from my experience. It is about how I understand the API testing definition from the Web resources.

API testing is a type of software testing that involves testing application programming interfaces (APIs) directly and as part of integration testing to determine if they meet expectations for functionality, reliability, performance, and security.
API Testing is performed at the most critical layer, the Business Layer, where business logic processing is carried out, and all transactions between User Interface and Database happen.

(Amr) #11

I’m taking part in the 30 Days of API testing to enhance my knowledge about API and API testing. So, here what I got


  • API stands for Application Programming Interface.
  • API is the part of the server that handles requests and responses.
  • API sends and receives data, not presentational code.
  • API most likely handles requests and responses in JSON format.


  • When a company offers an API to their customers, it just means that they’ve built a set of dedicated URLs that return pure data responses — meaning the responses won’t contain the kind of presentational overhead that you would expect in a graphical user interface like a website.
  • If you decided to use API in your application/ website, users will be able to complete the action without leaving the app/ website.


and for API testing, I’d refer to the first post in this thread.

(Will) #12

API Testing is applying the practices and techniques of software testing to the API. Within that there are a series of goals about the functionality that are not as apparent with a frontend or UI, as the intended user of an API is another machine of sorts, rather than directly used by a human. So in this instance things such as performance, stress, security and standardisation take greater precendence than functionality of secondary features.

Obviously it should be added that although API and UI are two different approaches to a thing they are still both interfaces and have the same nuanced problems that can occur within the SDLC…

(Sandra) #13

API (Application Programming Interface) testing is a type of software testing that aims to determine whether the APIs that are developed meet expectations when it comes to functionality, performance, reliability and security for an application.

API (Application Programming Interface) is a set of procedures and functions that allow interaction between two components of a software application. It accesses the features and data of an operating system, application, or other services. In that sense, an API is essentially a tool for developers to communicate or fetch data with a certain application. API testing is done to check whether the output that comes from the first application/database is correct and well-structured and useful to another application. API testing is used to determine the return value (response). Behaviour of data should be based on input (request) parameter, how much time the API is taking to retrieve the value, what type of authentication is required and whether the sensitive data is transmitted securely over the network.


(Felipe) #14

API Testing: a method for testing an application on a service level. API Testing implements strategies and tools to investigate whether the system is working as expected in terms of data input and output, if business rules are being enforced beyond the UI, how the application responds to increasing loads of requests, and what are the effects of erroneous or malicious data being passed to the system.

(João Farias) #15

Paraphrasing somebody who most of you know, API Testing is general term to activities that aim to evaluate an… API through learning and experimentation.

In particular, since API clients are software programs, the question-exploration-information loop has to put in perspective the necessity of software.

(Steve Watson) #16

For testers who are not currently using API’s, does anyone know of a ‘test’ API that can be used to try out tools on? I know there are various websites that people have created for testers to do exploratory testing on, so thought there may be some API equivalents.

(Will) #17

Wrote a brief blog post about this yesterday: What is API Testing?

(Jan) #18

I’d say testing an API should be targeting foremost to unveil that it does not do what it should not do when it is not expected. So to say, regardless of the SUT, the API is most likely always tested with positive use cases/scenarios by the developer (it should be) and reviewed by the stakeholder. What is crucial is to find the breaking points and how erroneous situations are handled.
The other day I was reading about a bug in PS4 chat system that crashed the whole console when invisible ASCII characters were entered in. That’s the kind of things that should be tested. Luckily, there’s a lot of resources and tools available for that :smiley:

(Ian) #19

I am a relative beginner to API testing. API is short for Application Programming Interface. This suggests to me that the interface is not designed to be accessed directly by a user, but more more likely to be accessed by some other software system (e.g. browser, another web system, front-end GUI).
API testing allows business logic to be tested directly. Using a tool, requests can be constructed and sent to the service with the API. Responses received can also be examined. This approach to testing can help isolate issues, and reduce the complexity of the test environment. Tools can also be used to automate execution of the tests.

(Easwari) #20

I am yet to get the opportunity to do API Testing. I believe that this 30 days of API testing would be help me to have a good understanding of that.

API according to me is, a frequently done task coded as a separate function or a set of similar kind of functions put together which can be then shared. To execute this function, we need a Stub or a Driver. These should be able to interact with our function. This is what would be called as a Protocol.

I would appreciate any correction to my thoughts regarding API. Best way to learn!

Thank you.

(Terri) #21

A simple definition is that API (Application Program Interface) testing is the testing of web service calls between software applications using a testing tool rather than a GUI (Graphic User Interface).

(Magda) #22

An API, Application Programming Interface, has two sides - the provider and the consumer. Depending in which role you approach the API, the scope of testing will be different.

As a consumer, you are interested in the claims regarding the API. The most important ones would be the API structure, message formats (including error messages) and data formats (which could be summarized under contract, or the definition of the API that is published for consumers to work against).
There is also the actual functionality, not just is the data in the right format but is it also what you as consumer need and can you really execute your business flow without gaps using the individual calls. Then, in case of an updated version, backwards compatibility is extremely important. Finally, there are the questions of security and performance.

As a provider, you often get to deal with all of the above plus the implementation behind it. There will possibly be other services that yours depends on, in which case you act as their consumer. But there is all the processing of incoming and outgoing data, any internal mappings and error handling. Also, logging and monitoring capabilities. If you provide an API and a GUI access to your business logic, be sure to enforce all rules in this layer and not rely on the GUI for validation and access control.

Also if you participate in the design of an API, you can contribute a lot in advance of development by helping ensure consistency, testability and extensibility.

(Lada) #23

API testing is testing of parts of the system without using the graphical interface. API is a layer of an application which is used for communication between different backend parts of the system, such as REST or SOAP interface. API testing aims to get the information about the system quicker than GUI testing.