Understanding the basics of HTTP for API testing.
This article will provide high-level information about APIs and HTTP which will aid your API testing.
What is an API?
API stands for Application Programming Interface. It is a software interface which allows two applications to communicate with each other without any user interruption. It is a collection of software functions and procedures. API is a type of code that helps two different software to communicate and exchange data.
Specifically for this article, we talk about APIs in the context of REST APIs which allow communication with a software program using the standard HTTP protocol. REST stands for Representational State Transfer and essentially means representing entities/resources and the interaction with those entities via the HTTP protocol. REST is a whole topic by itself so I will leave you the reader to do some separate reading up on that if you want more details!
How a REST API works?
APIs sit between an application and a web server, acting as an intermediate layer that processes data transfers between the systems.
- A client application initiates an API call (also known as a request) to fetch information. This request is processed from an app to the web server via API’s uniform resource identifier (URI). This request includes headers and a request body.
- After receiving the request, if it is a valid request then API will make a call to the web server.
- After receiving the request, the web server sends the response to the API with the requested information.
- Once the response is received, the API will transfer the data to the initial requesting application.
The contents of the request and response depend on the specific REST API you are calling, obviously!
CRUD Operations
CRUD stands for Create, Read, Update, and Delete. CRUD is a standard IT industry term for these four common operations on data. Part of the beauty of REST APIs is that they can model standard CRUD operations on the existing HTTP protocol methods:
Create — — — — — — — → POST
Read — — — — — — — — →GET
Update — — — — — — — → PUT/PATCH
Delete — — — — — — — → DELETE
Create -> HTTP POST
A POST request is used to create a resource for the server, for example, create a user, upload files, etc. The POST request contains the body where we need to send the information.
Read -> HTTP GET
The GET method is used to fetch specific data from the server. Requests made through GET can only return/fetch the data, they will not make any changes to the resource.
Update -> HTTP PUT/PATCH
PUT and PATCH are similar in that they both update the record. The key difference between the two is that PUT should be used when you want to update the entire record whereas PATCH should be used when you only want to update certain fields on the record.
Delete -> HTTP DELETE
The DELETE request method is used to delete resources from the server. It will remove the data from the targeted resources.
What are HTTP status codes?
HTTP status codes (also known as response codes) are used to indicate to the requester the status of their request. Each HTTP response includes a response code. There are 5 categories of status codes which can be inferred from the first digit of the response code. For example, 4XX will mean that somehow the request could not reach the page or website, while 2XX means that the request is successful.
1. Informational responses (100–199)
2. Successful responses (200–299)
3. Redirection Messages (300–399)
4. Client error responses (400–499)
5. Server error responses (500–599)
Status codes:
1XX: Informational
- 1XX is an informational status code that means the server has received the request and working on the process.
- 1XX is a temporary status code that is given only when the request is in process.
- 1XX is a temporary status code we get only when the request is getting processed.
2XX: Success
- 2XX is a successful status code which means that the request sent by the user is successful and the browser has received the expected information required for continuing the process.
- As a developer/tester, we need to validate that all requests (GET, PUT, POST, delete, etc.) should return a 2XX status code.
- 2XX helps the tester/developer to make sure that the request is communicating with the browsers and the website, and the End user can use this page without any interruption.
3XX: Redirection
- 3XX status code means that you have been redirected and need further action to complete the request.
- A redirection means the request is received successfully, but the resource is unavailable at the given path.
- If the address of a webpage is changed, and you try to access it through the old address, CMS will redirect the user to the new address.
- In general, 2XX means success, but before sending a 2XX response, it will go through redirection i.e., 3XX.
4XX: Client Error
- A 4XX client error status code means that the website or the web page could not find, the page is not available, or the request contains some bad syntax.
- This error means the user is unable to find the page they are looking for.
- The root cause of client error status is either the page is no longer found, temporarily gone, or not accessible.
5XX: Server Error
- A 5XX server error status code means that the request sent by the user is valid, but the server could not complete the request.
- We need to immediately look at the server and debug it if we are getting a server error.
Conclusion:
In this article, I tried to give a high-level introduction to REST APIs and the HTTP methods and status codes we get while testing/developing the APIs. I hope this will provide a basic understanding so that in future you can learn to interact with REST APIS, and interpret the HTTP error status codes and the cause of that error which will help the developer to debug the issue with a correct approach.
About the Author:
Shubham Pandey is a Test Engineer here at Version 1.
