It’s article day again once again and this time we have an article exploring different types of API tools and their benefits:
I thought we could continue the conversation about API tools by sharing what are our favourite API testing tools. I imagine a lot of us would give a shout out to Postman, but I wonder if there are any others out there that people like using?
I imagine this too! So… my choices are: Postman or Burpsuite!
Postman is just so nice due to the quick and easy UI to do exploratory testing on APIs.
Most of the time I start on a project, developers are already using Postman, so it’s not only easy to use for them but easy to collab between developers & testers.
I use Burpsuite more often to easily alter/add headers, run wordlists, the intruder and test for race conditions. They also offer a lot of plugins that can be used in testing APIs, so depending on what I’m testing, my choices go between Postman or Burpsuite.
Nice insight. Indeed Postman’s UI makes life easy.
I like Postman when it’s just me and my personal collection of endpoints and I can make a big mess in a lot of tabs. Postman gets a little fragile when I have to share collections with my teammates. The version control story is not great. If someone across the office makes a change in a shared collection and saves it, it could easily overwrite work, with no chance for review. So I avoid it in team settings. For those cases, I tend to encode my API tests in JS, using axios for the actual API calls and Jest for assertions. Jest snapshots make validating API responses a breeze.
I really like to use Karate for API stuff. I really prefer that tests are under proper source control. Tests written in text and code are so much easier to do that with. And it’s really easy to be explicit in what you are doing and sending in Karate.
Postman seems to have evolved into a online dependent tool that wants to “own” your tests. That can really limit your use of it, as well as introduce additional costs. I agree that it is more “user friendly.” I just don’t enjoy the things I feel like you lose or the costs you pay in the process.
Postman(Now available as an Extension in VsCode), ThunderClient - VsCode extension are my picks
Then once the test cases or scenario is defined, convert the API to a scripting language (python or PowerShell)
I started writing my own API test tool - it displays JSON requests and responses as a tree view and writes tests in RestAssured
I used Postman as main tool but now I have to try alternative like Insomnia
Due to recently they deprecated scratchpad and there security concern about new version upload the API collection/info/keys to their cloud
Nice, but why if I can ask?
Necessity is the mother of invention.
I was hiring a team of testers for a new project, and as part of the hiring process the candidates had to submit a tech test. After reviewing several, I produced a model answer and then womdered if there was any way to speed up the generation of the tests, and identify which parts of a response should be asserted on easier.
From there, I started to look at rendering the response graphically, and then reused some code from my other test tool (that writes Selenium tests).
It was a fun project to work on to develop my skills, and it’s quite useful for manually exploring API endpoints