- Oct 13, 2018
- admin
- 0
API testing typically involves the following practices:
- Unit Testing – Testing the functionality of individual operations.
- Functional Testing – Testing the functionality of broader scenarios, often using unit tests as building blocks for end-to-end tests. Includes test case definition, execution, validation, and regression testing.
- Load testing – Validating functionality and performance under load, often by reusing functional test cases.
- Runtime error detection – Monitoring an application the execution of automated or manual tests to expose problems such as race conditions, exceptions, and resource leaks.
- Security testing – Includes penetration testing and fuzz testing as well as validating authentication, encryption, and access control.
- Web UI testing – Performed as part of end-to-end integration tests that also cover APIs, enables teams to validate GUI items in the context of the larger transaction.
- Interoperability testing – (SOAP only) Checking conformance to Web Services Interoperability profiles.
- WS-* compliance testing – (SOAP only) Checking compliance to WS-* standards such as WS-Addressing, WS-Discovery, WS-Federation, WS-Policy, WS-Security, and WS-Trust.
- Penetration testing – testing a computer system, network or Web application to find vulnerabilities that an attacker could exploit.
- Fuzz-testing – massive amounts of purely random data, sometimes referred to as “noise” or “fuzz,” is forcibly input into the system in order to attempt a forced crash, overflow, or other negative behavior. This is done to test the API at its absolute limits, and serves somewhat as a “worst case scenario.”
Tests will vary but here are common API test examples.
- Verifying API return values based on the input condition.
- Verifying if the API triggers some other event or calls another API.
- Verifying if the API doesn’t return anything at all or the wrong results.
- Verifying if the API is updating any data structures.