API testing is a type of software testing, typically included in integration testing, which tests the application program interface (API) of an application to verify expected functionality, performance and reliability. An API is code which allows two software programs to communicate to one another and specifies the way a developer requests services from the operating system or other applications.
API testing allows for a way to catch bugs before an application is deployed. Common bugs found in APIs include multi-threaded, performance, security and reliability issues, along with duplicate and missing functionalities or incorrect messaging. Conducting API tests will help find these issues for developers to fix.
Benefits of API testing
Although APIs are sandwiched between the user interface (UI) and the data layer -- APIs function in the middle layer of an application, called the service or business logic layer -- they can be tested directly. API testing is quicker than testing the UI or the end-to-end connection between software applications. That helps to isolate programming bugs and also allows programmers to work on other aspects of the application -- including the UI -- separately. Moreover, APIs change less frequently than UIs, so the test results remain valid longer.
How API testing works
API testing focuses on testing data responses, security and business logic. An API should be able to return a correct response to a request.
APIs do not have a GUI, so API testing is performed at the message layer. APIs should also be tested isolated from one another so that they can be tested directly.
An API test is generally performed by making requests to one or more API endpoints and comparing the response with expected results. Multiple endpoints can be tested such as web services, databases or web UIs. API tests should be performed on APIs the development teams make, as well as any third-party APIs that the application in development uses.
Tests should also be constructed to ensure end-users can’t impact the application in unexpected ways, that the API can handle the expected user load and the API can work across multiple browsers and devices. The tests should be automated wherever possible; however, API usability tests should continue to be manually tested.
Testers should watch out for failures or unexpected inputs. Response time should be within an acceptable agreed-upon limit, and the API should be secure against potential attacks.
Types of API testing
The types of API testing typically indicate which kinds of tests API testing can be used in. API tests are most commonly used in integration testing, but can also be used in:
- Unit testing- where tests are performed at one endpoint, testing one operation.
- End-to-End Testing- which validates the dataflow between different API connections.
- Load testing- which tests the performance of API functionalities under specific loads.
- Reliability testing- which focuses on the consistency of connection to an API, and tests for consistent results.
API testing tools
There is a large variety of API testing tools, ranging from paid subscription tools to open-sourced. API testing tools include:
- SoapUI- which focuses on testing API functionality in SOAP and REST APIs and web services.
- Jmeter- which is an open-source tool for load and functional API testing.
- Apigee- which is a cloud API testing tool made to focus on testing API performance.
- Postman- which is a plugin for Google Chrome that can test HTTP clients web services for APIs.
- API Fortress- which is made to both test and monitor REST and SOAP APIs.