First identify what type of tests you need to perform on API. Like testers do different type of testing for features of their product, same goes with APIs. Commonly testing of APIs include-
Unit Testing– To test the functionality of individual operation. For eg- Google provides geocoding API, to get the longitude and latitude of any location. This usually takes address as input and returns lat longs. Now for unit testing of this API, tester may pass different location and verify result.
Functional Testing- This type of testing mainly focuses on functionality of API. This would include test cases to verify HTTP response codes, validation of response, error codes in case API return any error etc.
Load Testing- This type of test is necessary in cases where API is dealing with huge data and chances of application to be used by no.of users at the same time. This increases the API hits at the same time and it may crash and not able to take that load.
Security Testing- Security testing is particularly critical as API are used to create a link between two different applications. The core purpose of using an API is to abstract or hide the application’s database from other. This may include the testcases like authorization checks, session management etc.
Interoperability Testing- This is to test that API is accessible to the applications where it should be. This applies to SOAP APIs.
WS compliance Testing- API is tested to ensure standards such as WS-Addressing, WS-Discovery, WS-Federation, WS-Policy, WS-Security, and WS-Trust are properly implemented and utilized
Penetration Testing- This is to find the vulnerability of API from external sources.