BACKGROUND IMAGE: iSTOCK/GETTY IMAGES
As organizations embrace service-oriented architecture (SOA), they are also realizing testing application programming interfaces (APIs) is critical for success. During his QUEST 2014 session, Service/API Testing 101: A Guide for Manual and Automated Testing, Zenergy Technologies' Vice President of Automation Solutions David Dang will discuss various levels of API testing and when it makes sense for an organization to move toward SOA.
Pros and cons of SOA
SOA generated a lot of buzz when it was introduced, but many organizations are still prospering because of the method. In fact, Dang said he doesn't know of a company that wouldn't benefit from having SOA in its portfolio. Some of the main perks behind the technique include reusability, increased consistency, and less maintenance.
With SOA, it all boils down to simplicity. "SOA is basically, 'Why are we writing the same thing three times?'" Dang said. "'Why don't we write it one time and somehow be able to access the service or API of that?'" In an age where technology is moving lightning-fast and seemingly everyone is using an API, being able to share assets with ease is paramount.
Despite the perks, just like with most methods, SOA isn't the perfect choice for every situation an organization faces. "You've got to be a lot more careful when you are moving to SOA," Dang cautioned.
It's important to keep in mind that when information is shared freely through an API, an organization can spread both good and bad data. If a developer, for example, introduces a defect to an API, those who consume that service can also be affected. Thus, potentially thousands of people could be exposed to a bug or other nuisance.
Potentially introducing a defect isn't the only drawback to using SOA. The technique may involve a bit more planning, too. "You have to make sure you have a tested strategy, both manual and automated, to account for the impact when a service doesn't work," Dang said.
API testing stages
QA teams can mitigate risks by rolling up their sleeves and conducting thorough tests, which includes looking at both the positive and negative. "Typically in testing we concentrate a lot more on the positive rather than the negative," Dang said. "In API testing, it's almost 50/50."
While there are many assessment stages, there are there main levels of API testing:
- Unit testing -- Examine the function within the code
- Service functionality -- Look at data variations for positive and negative results
- Service integration with application -- Ensure the application can access the service and utilize the service in the application
Dang recommends a QA team commence with unit testing and then proceed to conduct extensive testing on the service itself. "You have to test a lot of data combinations because you don't know the consumer of that service, what kind of data they are going to tap into," he said.
More on API testing
API best practices and advice
Ensuring security in enterprise APIs
API testing at the integration level is where the application consuming the service is examined. Various scenarios should be investigated to ensure caching or interpretation issues, for example, don't arise.
While manual testing is encouraged, Dan said it's not always a viable method for service and API testing, particularly at the service function level. "A service is something more than a way to process information," Dang said. "A way to process that information is always by some kind of data going in and some sort of response coming back."
While the aforementioned can be tested manually, Dang said the method makes it difficult to cover variations. Instead, he suggests performing a "high-level" sampling in manual testing. Then, automation should be relied upon for covering a range of data variations.
Maxine Giza is the associate site editor for SearchSOA and can be reached at firstname.lastname@example.org.
How to create a RESTful API testing program