To learn API Testing, first we need to understand the meaning of API. What is API? API stands for Application Programming Interface, by the word “interface” you could take it that they act as the affiliate for the app.
Let’s try visualizing it another way, you could imagine yourself buying food at the restaurant and there’s someone attending your orders. That same person delivers the food, but was it them who cooked? No, of course not. The one who cooks is the chef. For your order to be received by the chef securely and for your food to be sent to your tables, the waiter is needed. You act as the application while the waiter is the API.
Now, we advance to our topic. How do we test the API? There are steps to make: functionality, negative case, load testing, and security. First, we need to test the functionality of the API, does it work as it hoped? After checking the functionality thoroughly, we move on to the negative case. Negative case is usually not done by developer, it’s the checking out of the flow. What happened when you don’t do as the flow? Some people may think it’s a fad, but it is a must. It is how to keep the flow intact and not interrupted. In load testing, we focus on how the API reacts when there are a lot of requests. The effects on API’s performance and time. Last but not least, there’s security. Security testing is very vital and broad. From the basic as in restrict the data to be required and must suit the properties defined to the advanced like penetration test in which you test the API prone to hack or not.
There are three layers of testing: Presentation Layer is testing by what’s present or visual, Business Layer is where the API is located, Database Layer is testing from the data storage. After understanding the layers, you need to move to the process for API testing. First, record and define the API information for the team presentation. After collecting the requirements of API next we parsing and filter or Recording API data and then extract. That process means filtering from database response data to show in presentation. Following the previous steps, we then reconstruct which means realizing stimulation for the data. Lastly, we do the validation test.
To the tools we march on! Here are some tools that are used to test APIs, Postman, FRISBY.JS, REST-assured, and Apache JMeter. The most basic or common used tool is Postman, it’s very easy to use.
There are manual and automation testing. There are times where both of them can be most beneficial. Like in manual, it’s most effective when used for exploration or education purposes and when the API is very prone to changes. Different from manual, automation is for when the test created can be used repeatedly, mandatory or testing that can be simplified, need to be used for a long term, regression in which full test using previous automation, and sanity testing like regressing with the difference it’s only partial not a full test.
About B.D.D.
To create, you need to have the same vision for the apps, this is why B.D.D. or Behaviour Driven Development is created and used. Frankly speaking, it’s for all the members so they can understand and not only the developers. You may have heard this tool from agile methodology before. It creates the scenario and configures the steps along with validation. Writing scenario uses this methods, given(), when(), then(). The method given() is used for initializing the variable, when() is the event handler, and then() is for the validation. In B.D.D., the method must be written the same as the story. B.D.D is also supported by Rest-assured which is the tool we mentioned before that is very recommended for automation tool. It supports not only B.D.D., but also HTTP methods, Hamcrest validation, and Gpath.
JSON SCHEMA
There’s also JSON Schema, it’s for validation in response data. Restricting the type and required data. For example, the data is “token”, it needs to be varchar 18 characters long and not empty. Which means required and additionalProperties is used.
You could also use Serenity as reporting for the bugs that you find. That’s all! Any fixes or additions inside these topics are very welcome!!
