API stands for Application Programming Interface. Typically API is used to facilitate the interaction between two different applications by using any means of communication. When APIs are used over web networks, we term them as ‘Web Services’. In recent times APIs have become the backbone of programming. As in an application, writing APIs to communicate with database, or with another module has become a common practice now and that is why as a tester we must test the APIs to for maximum test coverage.
As a part of integration testing, API automation can help to accelerate the testing and increase efficiency. As most of the companies are using RESTful microservices/APIs at business layer, API testing has become critical component of test plan for any release.
In simplest terms, API is a service which helps two different applications to communicate with each other. Mostly APIs are used to abstract the business logic and direct database access to any application.
Logically we can segregate the entire system into three layers-
In other words the API is the brain of our connected world. It is the set of tools, protocols, standards and code that glues our digital world together. Because of their dynamic nature and capabilities they provide, APIs allow companies to become more agile, things to go mobile, and everything to work together in a streamlined, integrated way.Therefore, API testing is testing APIs at service level and the at the integration level.
While testing APIs, tester should concentrate on using software to make API calls in order to receive an output before observing and logging the system’s response. Most importantly, tests that the API returns a correct response or output under varying conditions. This output is typically one of these three:
However there also could be no output at all or something completely unpredicted occurs. This makes the tester’s role crucial to the application development process.And because APIs are the central hub of data for many applications, data-driven testing for APIs can help increase test coverage and accuracy.
In testing the API directly, specifying pass/fail scenarios is slightly more challenging. However in comparing the API data in the response or in comparing the behavior after the API call in another API would help you setup definitive validation scenarios.
API testing is one of the most challenging parts of the whole chain of software testing and QA testing because it works to assure that our digital lives run in an increasingly seamless and efficient manner. While developers tend to test only the functionalities they are working on, testers are in charge of testing both individual functionalities and a series or chain of functionalities, discovering how they work together from end to end.
First identify what type of tests you need to perform on API. Like testers do different type of testing for features of their product, same goes with APIs. Commonly testing of APIs include-
Unit Testing– To test the functionality of individual operation. For eg- Google provides geocoding API, to get the longitude and latitude of any location. This usually takes address as input and returns lat longs. Now for unit testing of this API, tester may pass different location and verify result.
Functional Testing- This type of testing mainly focuses on functionality of API. This would include test cases to verify HTTP response codes, validation of response, error codes in case API return any error etc.
Load Testing- This type of test is necessary in cases where API is dealing with huge data and chances of application to be used by no.of users at the same time. This increases the API hits at the same time and it may crash and not able to take that load.
Security Testing- Security testing is particularly critical as API are used to create a link between two different applications. The core purpose of using an API is to abstract or hide the application’s database from other. This may include the testcases like authorization checks, session management etc.
Interoperability Testing- This is to test that API is accessible to the applications where it should be. This applies to SOAP APIs.
WS compliance Testing- API is tested to ensure standards such as WS-Addressing, WS-Discovery, WS-Federation, WS-Policy, WS-Security, and WS-Trust are properly implemented and utilized
Penetration Testing- This is to find the vulnerability of API from external sources.
If we talk about web services there are mainly two type of services or we can say protocols-
REST – REST stands for REpresentational State Transfer which is new on the block as compared to SOAP which means it must overcome all the problems with SOAP. REST is a lightweight protocol which uses URL for all the needed information. It uses four HTTP methods to perform task-
REST is more used now a days due to its simple and light-weight architecture.
SOAP API- Stands for Simple Object Access Protocol. It uses XML for message exchanging. All the information which is required to perform this task is given in its WSDL which is Web Service Description Language. SOAP is heavy weight due to its extensive used standards and XML. The main advantages of SOAP over Rest is that it has built in error handling and it can be used with other protocols like SMTP.
There are several tools to test the APIs. When a tester get to test API, they must ask for its document, whether it is a REST or SOAP API or its not-web based API there should always be a document where the details should be written. To approach API testing-
We often need to automate the testcases which are repeatedly executed. For eg- Regression cases. Similarly in case of API testing, there might be some cases which we need to execute before every release and those cases can be automated.
There are many tools for API automation which are quite popular-
SOUP UI- It’s very popular tool for API testing.You can do functional, load, security and compliance tests on your API using SoapUI.
Katalon Studio- Built on the top of Selenium and Appium, Katalon Studio is a free and powerful automated testing tool for Web testing, API testing, and Mobile testing.
Postman- Postman is free and helps you be more efficient while working with APIs. It has all the capabilities to develop and test APIs.
Jmeter- Though Jmeter is mostly used for performance and load testing, it can also be used for API functional testing to a good extent.
RestAssured- Rest-Assured is a Java based library that is used to test RESTful Web Services.The library can be included in the existing framework and call its methods directly for fetching response in json format and then perform required actions.
I am taking an example to explain the steps followed for basic API functional testing, here I am using TruAPI tool provided by CloudQA which is new and gaining popularity-
Step1-To run API request you need to first select the Method Type and paste URL of the API. Press Send button to send the request to API or press Add API Test button to save the request-
Try this sample Method Type and API URL
Step2-Information for API request:
Step3-Sending an API request with authentication:
Adding Assertions:
Variables:
View or execute a saved API request:
This is a single API execution and automation. For real world scenarios, we often need to create API suit consisting all the regression test cases and run this as a part of regression testing. In agile, it’s crucial to have a suit ready so that it can be integrated with CI and CD.
CloudQA comes with a very rich documentation about the tool, all the tools provided by CloudQA are aligned with the idea of “Codeless automation” and very easy to use for manual testers.
Link for documentation- https://doc.cloudqa.io/TruAPI.html
Having success with continuous delivery will require you to put an emphasis on testing throughout the development process. Failing to test every piece of a new program before it is deployed can lead to serious problems in the long run. By testing throughout the development process, you can provide users with a higher quality product.
If you are a tester, then you must have had a discussion around automated or manual testing. This is nothing new, and lots of techies have different views around this. Whether you are a big team and already established an automation framework or you are a small team, new to automation, it is always necessary to keep this balance right in order to get maximum efficiency.
User monitoring is crucial for every web application. But which one is better for you? Synthetic monitoring or Real User Monitoring (RUM)? CloudQA experts explain the difference.
API stands for Application Programming Interface. Typically API is used to facilitate the interaction between two different applications by using any means of communication.
PWAs or Progressive Web Applications is quite a buzz in tech media. The increased number of mobile users and the App-like experience which it provides contributed a lot to its popularity.
But what is PWA and how is it different from native mobile apps? How PWA’s are developed and what are key points which a tester should keep in mind while testing it?
Automated Regression Testing ascertains code changes and functionality issues. In other words, it is a quality measurement check to discover if new code complies with the old code so that the remaining unmodified code stays unaffected.
As a product based firm CloudQA often in its demo sessions is hit by a query – How do you assure quality to the digital audience each time? Our answer is simple – We value user experience more than the code. Our testing approach is user-centric, and if research shows users are deviating from the traditional approach, we improvise and align our testing strategy with them. Our Review and Fixtures models make sure to explore the product development Lifecycle, fix the testing approach and rearrange the components. How?
Read on to know How We do it…
The users are “SUPERPOWERFUL” they can push a product to its High and could even let it shatter on the ground. Many of the Founders put in their efforts to research if the idea is worth to be converted into business, but most of them forget the packaging of the idea. Does that serve the purpose? Many firms try to get users to try their beta version before rolling out it to the users, but is it not too late to put your product under stress? What if it fails?
Would you like to go for a desktop version or a mobile app as well? Would that be available only for Android or even iOS? Would open source tools be the right choice? Could these be integrated seamlessly with other third-party tools? These all questions may have a different answer when approached via the budget and timeline the firm has. But think about it from user perspective – Are the technology used safe and secured for the users? Would users be more inclined to a web version or an app would be good-to-go? Could constant monitoring be more helpful in predicting disaster before it happens?
The timeline is another crucial aspect of recognizing the change. Users need things at a super-fast speed. They are not willing to wait for your monthly release; they need to be updated software version on a daily basis [at least].
Users no longer wish to provide Name, Age, email address type data set again and again. The software should be smart and intelligent enough to pick it up and allow users to log in and showcase personalized dashboard/preferences.
With these known transformations, the traditional product development Lifecycle needs to straighten out. Currently, the three categories of Product Development Cycle that are floating are –
Now we know “the transformation” and the “product development category” so now putting up a test plan be an easy job? Not Really! Albert Einstein said
Hence each application needs to move at a different level to be tested.
If you already have a Test Automation suite we run a “Quick Review” to know why is it breaking. Based on our experience and research here are some of the common reasons for why test automation is breaking –
Once we have identified the “problems areas” we apply Fixtures –
@CloudQA we try to provide a remedial solution to patch up the Test Automation Suite to enable in offering a quality product. Here they are –
Have you ever thought how a knee replacement device could be tested? As a tester, would you cut your leg and then test it? Well, not really but the feel of the user is of utmost important for a tester designing the test cases. And these scenarios cannot be achieved by just following a High-level requirement document; you need to think and act like him.
Testing is not restricted to functional document, based on usability, performance and even security are the key aspects that need to be covered in the scope of work. In fact, our recent article on why testers need to be ethical hackers gives you top reasons to cover security aspects for sure.
While a single sign in is a user preferred choice, make sure to apply it to automation process as well. Single click should result in test case execution, review test results and analyzing the root cause. So go beyond test execution…..go for automation of all processes.
As a user, how/what would you rate a functionality of an app? Would the user have enough information to know about the fields? Does the UI looks scatter? Try to challenge yourself as a user, and you could surely give the best experience they ever had.
I remember my 8th-grade economics lesson – democracy is
For the people
By the people
Of the people.
And trust me that’s the same about your product. Believe in the power of users!
Cyber threats and data security are one of the first concern of any firm. As an organization, what do you do to save yourselves from cyber threat? Firewalls? Anti-virus? Or Setting up processes and educating employees? Hiring a security firm to audit your processes and conduct penetration testing? What else could be done to prevent Black Hat Hackers?
Have you ever thought of asking your QA team to explore the vulnerabilities of your system in an ethical manner?
We @CloudQA give you top five reasons to do so –
When an in-house team is available to extend their roles, which would be more cost-effective than hiring a security agency to perform the same function.
Once the internal QA team is equipped with the checklist, the checks or penetration testing could be scheduled at regular intervals making it a continuous process, thereby enhancing the quality of the product.
The data, servers, infrastructure would only be accessed by the in-house team making it leak-proof. In the case of any data theft or damage, the person could be tracked easily as who caused it.
Being in the same environment like yours, one would understand the criticality of a product. Hence he/she may devote much time and energy to discover the loopholes.
An organization backed up with a skilled team set is a solid foundation for stakeholders. Just imagine a technical breach, and with the in-house team, you could get it resolved faster then, looking for outside help.
While manual testers are going through the tough time saving their job, it’s time for them to add some new skill set to their profile. Test Automation is on top of the list amongst the skillset, how about adding ethical hacking? With Ethical hacking added onto your resume, who knows if you could trace down one of the biggest loopholes in a system.
Technologies like Artificial Intelligence, Blockchain, IoTs are knocking the doors of every firm, making it more complicated for a layman but much easier for a Black or Grey Hat hacker to get in. You can keep guards and surveillance to watch for, but do you know the big hole inside your house that could let thieves in? So, get your QA team ready and let them explore the house as Ethical Hackers performing penetration testing and stop the threats like WannaCry, RedOctober, Wiper,Shamoon.
GET IN TOUCH
T (754) 202 0570
Email: info@cloudqa.io
CloudQA
20807 Biscayne Blvd, Suite 100, Aventura, FL 33180
