What's your go to API testing tool

It’s article day again once again and this time we have an article exploring different types of API tools and their benefits:

I thought we could continue the conversation about API tools by sharing what are our favourite API testing tools. I imagine a lot of us would give a shout out to Postman, but I wonder if there are any others out there that people like using?

6 Likes

I imagine this too! So… my choices are: Postman or Burpsuite!

Postman is just so nice due to the quick and easy UI to do exploratory testing on APIs.
Most of the time I start on a project, developers are already using Postman, so it’s not only easy to use for them but easy to collab between developers & testers.

I use Burpsuite more often to easily alter/add headers, run wordlists, the intruder and test for race conditions. They also offer a lot of plugins that can be used in testing APIs, so depending on what I’m testing, my choices go between Postman or Burpsuite.

4 Likes

Nice insight. Indeed Postman’s UI makes life easy.

5 Likes

I like Postman when it’s just me and my personal collection of endpoints and I can make a big mess in a lot of tabs. Postman gets a little fragile when I have to share collections with my teammates. The version control story is not great. If someone across the office makes a change in a shared collection and saves it, it could easily overwrite work, with no chance for review. So I avoid it in team settings. For those cases, I tend to encode my API tests in JS, using axios for the actual API calls and Jest for assertions. Jest snapshots make validating API responses a breeze.

4 Likes

I really like to use Karate for API stuff. I really prefer that tests are under proper source control. Tests written in text and code are so much easier to do that with. And it’s really easy to be explicit in what you are doing and sending in Karate.

Postman seems to have evolved into a online dependent tool that wants to “own” your tests. That can really limit your use of it, as well as introduce additional costs. I agree that it is more “user friendly.” I just don’t enjoy the things I feel like you lose or the costs you pay in the process.

3 Likes

Postman(Now available as an Extension in VsCode), ThunderClient - VsCode extension are my picks

3 Likes

Definitely Postman.
Then once the test cases or scenario is defined, convert the API to a scripting language (python or PowerShell)

2 Likes

I started writing my own API test tool - it displays JSON requests and responses as a tree view and writes tests in RestAssured

3 Likes

I used Postman as main tool but now I have to try alternative like Insomnia
Due to recently they deprecated scratchpad and there security concern about new version upload the API collection/info/keys to their cloud

2 Likes

Nice, but why if I can ask?

1 Like

Necessity is the mother of invention.

I was hiring a team of testers for a new project, and as part of the hiring process the candidates had to submit a tech test. After reviewing several, I produced a model answer and then womdered if there was any way to speed up the generation of the tests, and identify which parts of a response should be asserted on easier.

From there, I started to look at rendering the response graphically, and then reused some code from my other test tool (that writes Selenium tests).

It was a fun project to work on to develop my skills, and it’s quite useful for manually exploring API endpoints

2 Likes

Hi,

maybe you have seen, that Insomnia 8 now needs an account for using it :frowning: In regulated environments the usage of public internet accounts is limited and most times under a restricted control (technical responsible etc.).
Any other colleagues here who run now into that issue?

1 Like

I tried to use insomnia a few years ago but they only had full json validators, are there new ways to validate a specific json value now by any chance?

1 Like

Definitely Postman not only it’s easy to use it has various features likes of CLI Newman and monitoring API and integration with datadog, newrelic etc, even you can quickly check the performance of your API as well.

2 Likes

I use the RestAssured library in Java, for any long-term automation. Typically running unsupervised.
And also when I want a bit more sophisticated reading and writing of data and triggering actions as support to my testing.

For a more quick, explorative, interaction with APIs I use the REST Client extension in VS Code. Even with that I can bundle multiple calls together and exchange of data between them.
And everything is also stored in files which I can edit with any text editor.
(Looking at you, Postman and SoapUI)
By the last point it also means I have to type/develop everything, which is my preferred way of setting things up.

For both I do not need an account and/or license.
(I’m still looking at you, Postman)

I do not like gui-heavy tools for API testing. The ones I have experienced (mosty SoapUI years ago) restrict what I can do and/or it is cumbersome to make the things I want (even basic stuff).

Being on code/text level gives me the freedom to do anything I want, structuring the things how I want and adding additional libraries for any need.

1 Like

Another shout for rest-assured for automated tests.

For exploratory and manual efforts, I’ve used postman for a long time, but as similar to the issue @meensmn mentioned, I can’t use it professionally now. I moved to Insomnia and now I can’t use that either, as @jogi points out :smiley:

The latest tool I have heard about is Hoppscotch, which seems very similar to postman… has anyone here have any impressions on that?

1 Like

I think with just a bit effort (e.g. logging, where to write outputs to view it) one could use also Rest Assured for more explorative approaches.

I once added a specific class to my test case execution project called Playground. git-ignored.
I it used to hack fast anything I wanted to try out, constantly changing URLs and other configuration and reading out different data from the responses.
While my project grew, I got more and more bits I can use on that too. e.g. read-to-use API calls where I just have to add the test specific parameters and collections of bundled API calls to execute complex actions with a single click from me.

Sure, I can explore my project from the inside using rest-assured, it’s “natural” even (my background is specifically backend & JVM).

The simplicity of the discrete app is what makes it so valuable as a tool though, especially for the QEs we have from other domains (front end, mobile etc). You can flip between projects and contexts at a click. That’s what we’re trying to replace currently.

2 Likes

Postman, however recently I have been getting sick of it and considering moving to a different tool or framework. It is hard to reuse code elegantly in that environment.

3 Likes

Thanks for this interesting solution!

2 Likes