Application programming interface(API) Testing
Application Programming Interface (API)
API stands for Application programming Interface. API testing is that software testing which involves the interface directly as well as part of integration testing. It makes sure that the interface is properly functioning, reliable, performs well and remains secure while working.
API testing is considered critical for automating testing because APIs serve as the primary interface to application logics and because Graphical User Interface Testing or GUI Testing are difficult to maintain with the short release cycles and frequent changes commonly used with Agile and DevOps.
API testing involves testing APIs directly and as part of the end-to-end transactions exercised during integration testing. These transactions include multiple types of endpoints. API testing is performed on:
- APIs that the development team produces
- APIs that the team consumes within their application including third-party APIs.
API testing determines whether APIs return the correct response in the expected format and acceptable time for a broad range of feasible requests, react properly to failures and unexpected/extreme inputs and remains secure during any virus or any other cyber attack.
The API Testing:
As a normal practice in software industry, API testing involves the following practices:
- Unit Testing: It tests the functionality of individual operations.
- Load Testing: It validates functionality and performance under load.
- Functional Testing: It checks the functionality by using unit tests as building blocks for end-to-end tests including test case definition, execution, validation, and regression testing.
- Security Testing: Includes validating authentication, encryption, and access control.
- Web UI Testing: It is performed as part of end-to-end integration tests.
- Interoperability Testing: It checks conformance to Web Service Interoperability profiles.
- WS*-compliance Testing: It checks compliance to WS-* standards such as WS-Addressing, WS-Policy, WS-Discovery, WS-Security, WS-Federation and WS-Trust.
- Penetration Testing: It tests a computer system, network or Web application to find vulnerability.
- Runtime Error Detection: It is monitoring of an application, its execution during automated or manual tests.
- Fuzz Testing: This is done by forcibly introducing massive amounts of purely random data, called “noise” or “fuzz” into the system in order to attempt a forced crash, overflow, or other negative behavior. It tests the API at its absolute limits and serves as a “worst case scenario.”