Ask Me Anything: API Testing

🗓️ Events
,
2

Resources mentioned in the AMA

If you want to join or create API testing discussions here on The Club, head to the API testing category

Hilary’s TestBash talk that Vernon mentioned
https://www.ministryoftesting.com/dojo/lessons/spying-on-your-application-how-to-be-a-super-sleuth-tester-hilary-weaver-robb?s_id=202407

Pop a unicode snowman into your API and see what happens http://unicodesnowmanforyou.com/

https://www.postman.com/

How to choose API testing tools Search results for 'api testing tools' - The Club

Restful booker from @mwinteringham https://restful-booker.herokuapp.com/

some exercises for getting started with pytest and the requests library in Python: GitHub - j19sch/building-an-api-testing-framework: Learn to build an API testing framework in Python

Danny Daintons Postman guide GitHub - DannyDainton/All-Things-Postman: A selection of examples using Postman REST Client

@ezagroba shared in case you haven’t memorized http status codes https://httpstatuses.com/

Questions we didn’t get to

  1. Is it wrong to make my suite’s tests dependent on each other?
  2. what is the best way to structure api endpoint tests with ~300 endpoints in your repository? many of the calls are divided in get, post, patch, delete calls and there are also different endpoints for lists and single objects? Each should be tested against JSON Schema and data param-values for ex. thank you
  3. The automation pyramid is made up of the unit layer, api layer and the UI layer. I know the difference between each of these layers - how do you decide what tests scenarios should be covered in the GUI layer and what should be covered in the API layer?
  4. is soap ui used even now or been replaced by postman
  5. Any specific tool to check which APIs are used in app. Also, how to know which APIs are triggered upon app activity (eg: App Launch) and the time taken. I use Charles Proxy.
  6. how different is swagger tool, is it more popular than postman, difference between the two
  7. Have you used any tools that automatically create tests from a Swagger json? How useful have you found them?
  8. How do API tests of different types usually sit within the “software testing pyramid” for you? In particular, testing APIs/services that should integrate to give particular behaviour vs. testing an API/service in isolation.
  9. How to effectively test multiple interactions between different APIs? Which level of test automation does this fit in?
  10. What is the value of doing contract testing (with a tool like PACT) vs. functional testing of API responses?
  11. Hello, I am looking for an API testing framework with the following specifications: - tests are written in some scripting language using an IDE - the same functional tests can be used also for performance testing - extensible (ability to mock other interacting components) I am considering: https://github.com/intuit/karate/tree/master/karate-gatling https://gatling.io/ https://locust.io/ GitHub - naver/ngrinder: enterprise level performance testing solution Any suggestions?
    11.1 John Smith said: we use Karate for GraphQL it is awesome: https://www.codemotion.com/magazine/dev-hub/web-developer/graphql-testing-with-karate/
  12. What are your thoughts on codeless automation platforms such as cloudqa, endtest, etc. ?
  13. How do you decide which test cases should be part of the REST API suite and which should be part of the backend integration test suite? Should the tests (REST API and integration) complement each other or there could be some duplication?
  14. What approach is better to use: - Creating a custom framework for Feature testing through the API. Which will combine test cases into test scenarios and run them as test runs and will be testing all the layers of the app (HTTP, Logic layer, Data layer) OR use the tool and make an end-to-end testing directory and keep it in the same code repo with the project?
  15. what tool should i start with, soap ui or postman as a beginner
  16. Can you suggest any open source tools or library for time travel feature?
  17. When thinking of end to end testing…may include different service types like Kafka, JMS, REST, etc…what tools would help you build and maintain these tests?
  18. Can you add SQL db checks in postman API tests
  19. API testing for Non-technical teams/ beginners My dev team use postman with lot collections per project. I am from QA team where most of members are not that much technical. What you suggest how we can pick API testing in most efficient way? because developer always suggest their own way, which are most of the time too complex for test team
  20. When the develops a new endpoint, he creates an hardcoded endpoint in NGINX for other teams to develop against. Is there a better way? How to make a more multipurpose mock?
  21. there are new tables being populated for a change request in my project. can we use api testing for the same, is it not additional efforts since once the testing completes those apis are not going to be used anymore
  22. We as a team adopting API testing with a use of mocha and Mountebank. I’m beginner API tester, what would be the best approach to tackle this. What are the pros and cons of such framework? What tool would you recommend for contract testing?
  23. We are moving from REST APIs to gRPC APIs. Is there a suggested best tool for testing gRPC?
  24. Hi (though I know it’s more commonly used as a performance testing tool) is jmeter a good tool to use for api testing compared to something like soapui?
  25. Any tips about mocking proto message?
  26. Is there a specific methodology you follow?
  27. Hi, which is the best tool to test APIs that are in sequence, Ex, API 1 out is the input of API 2 and API 3. It is better to include each API test into a pipeline by CI or there is a tool that could perform it all alone?
  28. What do you think of checking that a json (or xml) schema received is valid? Is it a good strategy to start with?
  29. Do you test REST specific post/get/delete/put for some uri?
  30. Do you check headers in api testing?
  31. Which of these tools do you like for API testing: retrofit2, Apache Http Client, RestAssure, Other?
  32. Can a well defined API-testsuite reduce or remove the need for unit tests in a distributed system with well-defined microservices.
  33. Can we rely 100% on API tests before releasing a backend application? If yes, how can we make sure that nothing will break in the frontend application?
  34. What are your thoughts on GraphQL and related tools e.g. GraphiQL etc? Is this likely to increase in popularity? The POSTMAN support is indeed improving
  35. can we do security or performance tests using API?
  36. Do you check error texts for 400/401/403/etc? And try to avoid 500 answers from the backend.
  37. Why different requests are there? Other than GET and POST.
  38. Do you have a pyramid ( kind of ) for testing API based on your personal experience?
  39. What does containerization mean for API Testing?
  40. What is a soap api?
  41. Beginner’s question: key factors to prioritise when you have 200+ end points?
  42. Do you use a lot of mock data when automating to validate against? When is it good time to mock or not?
  43. Do you have any suggestions on where to go to get API training resources?

Questions Hilary wanted to come back to

  1. Could you please share if you have any “special” API checks which were discovered while testing or after missing a bug? (“special” means-> you did not think about it previously but after discovering the problem or missing the bug you have started to check )

For the person who had a Graph QL query, maybe @jamesespie can help

I have been through several API training courses and they all basically show how to structure API requests. I would like to know how to structure tests for a completed GraphQL API. Do you use user journeys (if so how can I confirm all API endpoints have been covered) OR do you create tests for each query and mutation??