This content is part of the Essential Guide: QUEST 2014: News from the conference
Evaluate Weigh the pros and cons of technologies, products and projects you are considering.

API testing ensures smooth sailing for SOA enterprises

Zenergy Technologies' David Dang discusses the various types of API testing, SOA and his QUEST 2014 presentation.

As organizations embrace service-oriented architecture (SOA), they are also realizing testing application programming interfaces (APIs) is critical for success. During his QUEST 2014 session, Service/API Testing 101: A Guide for Manual and Automated Testing, Zenergy Technologies' Vice President of Automation Solutions David Dang will discuss various levels of API testing and when it makes sense for an organization to move toward SOA.

David DangDavid Dang

Pros and cons of SOA

SOA generated a lot of buzz when it was introduced, but many organizations are still prospering because of the method. In fact, Dang said he doesn't know of a company that wouldn't benefit from having SOA in its portfolio. Some of the main perks behind the technique include reusability, increased consistency, and less maintenance.

With SOA, it all boils down to simplicity. "SOA is basically, 'Why are we writing the same thing three times?'" Dang said. "'Why don't we write it one time and somehow be able to access the service or API of that?'" In an age where technology is moving lightning-fast and seemingly everyone is using an API, being able to share assets with ease is paramount.

Despite the perks, just like with most methods, SOA isn't the perfect choice for every situation an organization faces. "You've got to be a lot more careful when you are moving to SOA," Dang cautioned.

It's important to keep in mind that when information is shared freely through an API, an organization can spread both good and bad data. If a developer, for example, introduces a defect to an API, those who consume that service can also be affected. Thus, potentially thousands of people could be exposed to a bug or other nuisance.

Potentially introducing a defect isn't the only drawback to using SOA. The technique may involve a bit more planning, too. "You have to make sure you have a tested strategy, both manual and automated, to account for the impact when a service doesn't work," Dang said.

API testing stages

QA teams can mitigate risks by rolling up their sleeves and conducting thorough tests, which includes looking at both the positive and negative. "Typically in testing we concentrate a lot more on the positive rather than the negative," Dang said. "In API testing, it's almost 50/50."

While there are many assessment stages, there are there main levels of API testing:

  • Unit testing -- Examine the function within the code
  • Service functionality -- Look at data variations for positive and negative results
  • Service integration with application -- Ensure the application can access the service and utilize the service in the application

Dang recommends a QA team commence with unit testing and then proceed to conduct extensive testing on the service itself. "You have to test a lot of data combinations because you don't know the consumer of that service, what kind of data they are going to tap into," he said.

More on API testing
and development

API best practices and advice

Ensuring security in enterprise APIs

Top benefits of API management

API testing at the integration level is where the application consuming the service is examined. Various scenarios should be investigated to ensure caching or interpretation issues, for example, don't arise.

While manual testing is encouraged, Dan said it's not always a viable method for service and API testing, particularly at the service function level. "A service is something more than a way to process information," Dang said. "A way to process that information is always by some kind of data going in and some sort of response coming back."

While the aforementioned can be tested manually, Dang said the method makes it difficult to cover variations. Instead, he suggests performing a "high-level" sampling in manual testing. Then, automation should be relied upon for covering a range of data variations.

Maxine Giza is the associate site editor for SearchSOA and can be reached at

Follow us on Twitter @SearchSOA and like us on Facebook.

Next Steps

How to create a RESTful API testing program

Dig Deeper on API testing

Join the conversation


Send me notifications when other members comment.

Please create a username to comment.

Which form of testing do you prefer?
I find it interesting that they don't describe efforts to test to ensure that contracts relating to how an API is published are kept.  Yes negative and positive cases are going to be important, but its so easy for a contract that third parties rely upon to be changed ever the slightest and then find themselves trying to figure out how to fix it.
More than positive or negative, I think it's also critical to see what measures there are to keep the data from being used inappropriately or outside of the scope the API is meant to allow for. More than just positive or negative, does the workflow actually represent what is needed, and what happens when the needs change?
Michael and Veretax, you bring up good points!