Have you ever wondered what lies beneath the surface of your favorite apps and websites, orchestrating the seamless flow of data and functionality? It’s safe to say that in the captivating world of API testing, you’ll leave no endpoint unexplored and no bug unexposed.
So, let’s delve into the world of API testing, and find out how Moolya’s weekly Tech-Tuesday sessions for March, delivered by our Lead ET, Prateek Shrivastava, ensured everyone is on board with providing seamless communication, robust functionality, and exceptional software quality!
WHAT IS API TESTING?
Before we set out on our exploration, let’s pack our bags with the essentials.
Let’s explore the types of API!
Public APIs:
- Accessible to the general public, no authentication needed.
- Designed for widespread use by external developers.
- E.g. Twitter API for accessing public tweets and user profiles.
Private APIs:
- For internal use within an organization.
- Enable communication between internal systems.
- E.g. Internal CRM system API for secure exchange of customer data within an organization.
Partner APIs:
- Designed for trusted partners.
- Require specific credentials for access.
- Google Maps API for integrating mapping and location services into partner applications.
But how does this data exchange happen? Well, It’s just like any other exchange; Request and response!
WHY IS API TESTING REQUIRED?
- Data consistency: API testing ensures accurate and consistent data exchange between software components.
- UI-independent testing: API testing allows functionality testing without relying on the user interface.
- Time efficiency: Testing APIs saves time compared to testing each platform separately.
- Security: API testing helps identify vulnerabilities and protect against unauthorized access or data breaches.
- Reliability: Testing ensures that APIs function reliably and meet the expected requirements.
- Compatibility: API testing ensures compatibility with external services and integrations.
HTTP METHODS AND HTTP STATUS CODES
METHODS
- GET: Used to retrieve data from a server. It is typically used to read or fetch information without making any changes to the server or resource.
- POST: Used to submit or send data to the server to create a new resource. It is commonly used for operations that involve creating or adding new data to the server.
- PUT: Used to update or replace an existing resource on the server with the provided data. It requires sending the complete representation of the resource to be updated.
- PATCH: Similar to PUT, but it is used to perform a partial update on an existing resource. Only the specified fields or properties that need to be modified are sent in the request.
- DELETE: Used to remove or delete a specified resource from the server.
STATUS CODES
- 200 OK: Indicates that the request was successful and the server has returned the requested data.
- 201 Created: Indicates that the request was successful and a new resource has been created on the server.
- 204 No Content: Indicates that the request was successful, but there is no content to send back.
- 400 Bad Request: Indicates that the server could not understand the request due to invalid syntax or missing parameters.
- 401 Unauthorized: Indicates that the request requires authentication or the provided credentials are invalid.
- 403 Forbidden: Indicates that the server understands the request, but refuses to authorize it.
- 404 Not Found: Indicates that the requested resource could not be found on the server.
- 500 Internal Server Error: This indicates that the server encountered an unexpected error while processing the request.
PARTS OF AN API
Let’s break down API into different parts to gain a deeper understanding.
API Request:
- HTTP Methods: GET, POST, PUT, DELETE, etc.
- Base URL: Location where the API is hosted.
- Path Parameters: Parameters in the URL path that define specific endpoints or resources.
- Query Parameters: Parameters appended to the URL to modify or filter data.
- Request Body: Data sent to the server in JSON format.
API Response:
- Response Body: Data returned by the server in JSON format.
- HTTP Status Codes: Codes indicating the status of the API request.
Other Components:
- Data Structures: JSON (key-value pairs, arrays, objects) commonly used in API communication.
- Environments: Configurations or setups in tools like Postman for managing different API endpoints, variables, or settings.
THE REQUEST-RESPONSE CYCLE
Did you know that the request-response cycle is like a conversation between two friends?
Client: “Hey API, can I have some data?”
API: “Sure thing, here you go!”
So, APIs serve as intermediaries that allow different software applications to communicate and interact with each other. They define rules and protocols for exchanging data and performing specific actions.
It is a fundamental concept in API communication, where one application sends a request to an API, and the API responds with the requested data or performs a specific action. This cycle enables applications to exchange information and functionality seamlessly.
Let’s take a look at the process!
- The client sends a request to the API.
- API processes the request and performs the necessary actions.
- API generates a response with the requested data or action result.
- The response is sent back to the client.
- The client processes the response and takes appropriate action.
- The conversation between the client and API continues with additional requests and responses.
So how does this detect hidden bugs? Think no more! Say hello to Postman!
MEET POSTMAN! YOUR ULTIMATE TOOL FOR API TESTING!
Strap on your API testing goggles and get ready to dive into the world of Postman – where APIs meet their match and bugs meet their demise!
Let’s get to know Postman.
Postman has emerged as one of the most popular tools for API testing in recent years. It offers a user-friendly interface and a wide range of features that make it an indispensable tool for developers, testers, and API consumers.
Let’s take a look at why and how it is helpful for testers!
It helps in early bug detection by:
- Providing a user-friendly interface for sending requests and receiving responses from API.
- Supporting various HTTP methods, allowing testers to interact with APIs effectively.
- Allowing testers to set request headers, add query parameters, and define request bodies to simulate different scenarios during testing.
- Providing a comprehensive environment for managing API endpoints, allowing testers to organize and categorize their requests.
- Supporting the creation of collections to group-related requests, making it easier to manage and execute test cases.
- Allowing for the automation of API tests through the use of JAVA scripts, making it easier to validate responses and detect bugs.
- Facilitating collaboration for effective team communication and sharing of API test cases and collections among testers, developers, project managers, and other stakeholders involved in the API testing and development process.
Postman installation and set-up
Let’s go step-wise on how to install and set up Postman on your devices.
To install Postman:
- Visit the official Postman website.
- Download the version of Postman for your operating system.
- Run the installer.
- Follow the installation prompts.
- Postman will be installed on your system.
To set up Postman:
- Open Postman after the installation.
- Sign in with your Postman account or create a new account.
- Once signed in, you can start using Postman to send API requests and manage your collections.
- Optionally, you can create additional workspaces for different projects or collaborations.
- Explore the features and functionality of Postman to optimize your API testing and management tasks.
Environment in Postman
Let’s explore the ins and outs of the Postman environment feature.
Purpose of creating environments:
- Environments are created to accommodate different testing needs in API testing.
- They allow for flexible usage of APIs based on specific requirements.
Selecting and using existing environments:
- Within Postman, existing environments can be selected from the available options.
- Environments can be chosen based on the desired testing environment, such as QA or staging.
Creating a new environment:
- A new environment can be created in Postman by clicking on the “New” button.
- Users can provide a name for the environment, such as “staging” or any other relevant name.
- The environment can be saved and will appear as an option for selection.
Adding variables to the environment:
- Variables can be added to the environment, such as a base URL variable.
- The value of the variable can be assigned, such as “yourwebsite-qa.com” for the QA environment or “yourwebsite-staging.com” for the staging environment.
Variable assignment and replacement:
- Variables within the environment can be used in API requests by enclosing them within double curly braces.
- This allows for easy replacement of the variable value based on the selected environment.
Benefits of using environments:
- Environments simplify testing across different environments by managing variables centrally.
- Manual modification of URLs for each environment is avoided, as variables handle the dynamic switching.
- It is considered a good practice to have separate environments for different APIs.
Collection and documentation
Collections and documentation are two very important features of Postman. Let’s understand why.
COLLECTION:
Postman collections are used for organizing and managing requests, examples, and workflows within a workspace. They promote collaboration by enabling easy sharing and collective work on APIs.
Collections can also generate comprehensive API documentation, providing detailed information about endpoints, request formats, and response structures. Additionally, they support automation through the creation of test scripts and workflows.
DOCUMENTATION:
API documentation is essential for understanding an API’s functionality, authorization requirements, endpoints, and data formats. It provides guidance for creating test cases and facilitates collaboration among team members.
Overall, API documentation plays a vital role in promoting understanding, consistency, and cooperation when working with APIs, ensuring smooth integration and efficient testing processes.
Let’s see how they work together!
- API documentation clarifies the functionality of each endpoint, which informs the structure and content of collections.
- Documentation outlines the organization of API endpoints, guiding the creation of collections.
- Examples provided in documentation can be incorporated into collections, showcasing practical API usage.
- Documentation and collections should be kept in sync to ensure accuracy and consistency.
- User feedback on documentation and collections helps identify areas for improvement and enhances the user experience.
They influence each other to provide a comprehensive and user-friendly API experience.
Authorization of Requests & Types of Authorization
Authorization in APIs is crucial for securing applications and determining user access. In Postman, you can pass authorization information through headers when connecting to APIs. The authorization tab in Postman allows you to specify the required authorization type for the API.
Postman offers various authorization options tailored to API and project requirements. The specific type of authorization used depends on the API’s implementation and the authentication approach adopted by the project.
For e.g., for APIs that do not require authorization, you can select “No Auth” in Postman and proceed with the request.
However, if an API requires authorization, you need to provide the necessary authorization method, such as an API key or token.
Proper authorization is vital for accessing protected APIs securely and ensures that the API provider can authenticate and authorize the requests and get desired response.
Basic test result checks automation via Postman
Test result checks automation in Postman refers to the ability to automate the validation of API responses. This helps ensure the reliability and correctness of your API responses.
In Postman, you can validate API responses using the test area. It allows you to write and execute tests to verify the expected behavior. Postman provides pre-defined code snippets in JavaScript that can be used for common test scenarios. These snippets make it easier to write tests even if you don’t have advanced knowledge of JavaScript.
You can perform status code checks using the pm.test function and the pm.response object. This allows you to verify if the status code returned by the server matches the expected value.
To test specific values in the response body, you can use the pm.test function along with appropriate comparison operators. This enables you to check if a particular string or value exists in the response.
Postman executes the tests and provides the results as pass or fail based on the test conditions. If all tests pass, it indicates that the API is functioning as expected. If any test fails, it helps identify issues or discrepancies in the API response.
Automating test result checks in Postman streamlines the validation process and ensures the accuracy of API responses. It provides a systematic approach to verify the expected behavior and identify any deviations or errors.
Workspaces in Postman
There are different types of workspaces available:
- Private Workspace: Used for personal projects or individual work.
- Team Workspace: Enables collaboration within a team.
- Partner Workspace: Facilitates collaboration with external partners.
- Public Workspace: Allows collaboration with the broader community.
- Benefits of Workspaces: Workspaces provide a dedicated environment to manage and organize your APIs and collections. They help keep your APIs and related resources together, making navigating and working on specific projects easier.
Depending on the workspace visibility, you can collaborate with team members or external partners by inviting them to the workspace. Collaboration allows multiple team members to work together on API development, testing, and documentation.
Export and import in Postman
The export and import functionality in Postman simplifies the process of sharing and collaborating on API collections, enhancing efficiency and productivity in API development and testing workflows. Let’s dive a little deeper.
Exporting: In Postman, you can export a collection by going to the collection level and selecting the export option. This allows you to save the collection as a JSON file, which can be shared online or offline through various communication channels like email or Slack.
Importing: To import a collection, you can click on the import button in Postman. You have the option to import from sources like GitHub, GitLab, or local files. By selecting the collection file and opening it, you can import the collection into Postman.
The ability to export and import collections is essential for collaboration in projects. It allows team members to share collections with each other for testing or other purposes in a convenient way.
Sample Open APIs for practice
These are just a few examples of resources available for practicing with APIs
Postman Bootcamp: Postman provides a boot camp session that spans from day zero to day 30, where you can learn and practice with a variety of APIs. These sessions are designed to enhance your testing skills.
Public Template API Collections: By searching for “public template API collections” on Google, you can find numerous collections available for testing. These collections can be imported into Postman and used to practice working with different APIs.
GitHub Public API: This API provides access to various GitHub functionalities, such as retrieving user information, managing repositories, and interacting with issues and pull requests. It can be used to explore and learn how to interact with GitHub’s API endpoints.
Wondering “How can API testing elevate my projects?”. It’s a realm of endless possibilities for improving your software’s performance and reliability. Take action now and explore our testing solutions or get in touch with our team today and embark on this exciting journey.
USE API TESTING TO YOUR ADVANTAGE
So what valuable discoveries did you make during your exploration of the API? Well, it’s safe to say that all of these discoveries uncover the ultimate treasure; The advantage that API testing has in store for you!
- It provides broader test coverage, verifying the functionality of all system components, including units, databases, and servers.
- It is faster to run and more isolated than UI tests, enabling quicker bug identification and resolution.
- They are approximately 35 times faster than UI tests, according to data from Andersen Lab.
- It allows testing of core functionality before the user interface is ready, enabling early identification of errors or weaknesses.
- Avoids costly fixes and delays in product release by identifying errors or weaknesses early in the development process.
- Facilitates collaboration between different teams, such as developer operations, quality assurance, and development, in testing application functionality.
CONCLUSION
API testing is like a playful magician’s wand, waving behind the scenes to bring harmony and data wizardry to your favorite apps and websites!
It is crucial to ensure seamless communication, robust functionality, and exceptional software quality in today’s app and website development. With the help of tools like Postman, professionals can dive into the world of APIs and uncover hidden bugs efficiently.
15