API testing -

A set of functions and procedures that allow the creation of applications which access the features or data of an operating system, application, or other service.

What is an API ?

API is an acronym for Application Programming Interface.
It enables communication and data exchange between two separate software systems. A software system implementing an API contains functions/sub-routines which can be executed by another software system.

What is an API testing ?

The API Testing is performed for the system, which has a collection of API that ought to be tested. During Testing, a test of following things is looked at -

  • Exploring boundary conditions and ensuring that the test harness varies parameters of the API calls in ways that verify functionality and expose failures.
  • Generating more value added parameter combinations to verify the calls with two or more parameters.
  • Verifying the behaviour of the API which is considering the external environment conditions such as files, peripheral devices, and so forth.
  • Verifying the Sequence of API calls and check if the API's produce useful results from successive calls.
  • API Testing requires an application to interact with API. In order to test an API, you will need to
    Use Testing Tool to drive the API
    Write your own code to test the API

Set-up of API Test environment

API testing is different than other testing types as GUI is not available, and yet you are required to setup initial environment that invokes API with required set of parameters and then finally examines the test result.
Hence, Setting up a testing environment for API testing seems a little complex.
Database and server should be configured as per the application requirements.
Once the installation is done, API Function should be called to check whether that API is working.
Types of Output of an API
Output of API could be

Any type of data
Status (say Pass or Fail)
Call to another API function.

Common Tests performed on API's

  • Return Value based on input condition - The return value from the API's are checked based on the input condition.
  • Verify if the API's does not return anything.
  • Verify if the API triggers some other event or calls another API. The Events output should be tracked and verified.
  • Verify if the API is updating any data structure.

What to test for in API testing

  • API testing should cover at-least following testing methods apart from usual SDLC process
  • Discovery testing: The test group should manually execute the set of calls documented in the API like verifying that a specific resource exposed by the API can be listed, created and deleted as appropriate
  • Usability testing: This testing verifies whether the API is functional and user-friendly. And does API integrates well with another platform as well
  • Security testing: This testing includes what type of authentication is required and whether sensitive data is encrypted over HTTP or both
  • Automated testing: API testing should culminate in the creation of a set of scripts or a tool that can be used to execute the API regularly
  • Documentation: The test team has to make sure that the documentation is adequate and provides enough information to interact with the API. Documentation should be a part of the final deliverable

Best Practices of API Testing:

  • Test cases should be grouped by test category
  • On top each test, you should include the declarations of the APIs being called.
  • Parameters selection should be explicitly mentioned in the test case itself
  • Prioritise API function calls so that it will be easy for testers to test
  • Each test case should be as self-contained and independent from dependencies as possible
  • Avoid "test chaining" in your development
  • Special care must be taken while handling one time call functions like - Delete, Close Window, etc...
  • Call sequencing should be performed and well planned
  • To ensure complete test coverage, create test cases for all possible input combinations of the API.

Types of Bugs that API testing detects

  • Fails to handle error conditions gracefully
  • Unused flags
  • Missing or duplicate functionality
  • Reliability Issues. Difficulty in connecting and getting a response from API.
  • Security Issues
  • Multi-threading issues
  • Performance Issues. API response time is very high.
  • Improper errors/warning to caller
  • Incorrect handling of valid argument values
  • Response Data is not structured correctly (JSON or XML)

Tools for API testing

Since API and unit testing both target source code, similar tools can be used for testing both.

  • Run-scope
  • Postman with jet-packs
  • Postman with Newman
  • Curl

Challenges of API Testing

  • Main challenges in API testing is Parameter Combination, Parameter Selection, and Call Sequencing
  • There is no GUI available to test the application which makes difficult to give input values
  • Validating and Verifying the output in different system is little difficult for testers
  • Parameters selection and categorisation is required to be known to the testers
  • Exception handling function needs to be tested
  • Coding knowledge is necessary for testers
  • Check out top API Testing Tools List


API consists of a set of classes / functions / procedures which represent the business logic layer. If API is not tested properly, it may cause problems not only the API application but also in the calling application.