API stands for Application Programming Interface.APIs are vital tools for business in all industries. So first what is an API?
API is a function, that acts like a bridge to communicate between two applications or libraries. Actually, They are a means by which two programs are able to communicate.
Now we should know the importance of API testing. Let's see below:
Millions of apps are now built-in API. Developers are going from monolithic structures to microservices architecture. Microservices architecture's communication runs through API. And also here cost and complexity are less.
There are some types of APIs like Simple Object Access Protocol (SOAP), Remote Procedure Call (RPC), Representational State Transfer (REST), etc. Most of web apps , and mobiles are relying on REST API. Such as Twitter API, Linkedin API, Slack API, etc. But nowadays Facebook is using "GraphQL", and Microsoft is using "SOAP" now.
The difference between SOAP and REST is so crucial. We should know the differences. Let's see how they are different.
For SOAP
Data format is in XML.
It has an SSL security layer.
It is heavyweight.
For REST
Data format is in HTML,XML,JSON format.
It Has SSL & HTTPS security layer.
It is lightweight.
There are so many API testing tools available in the market at present. Among them
- Postman
- JMeter
- Katalon Studio
- Rest-assured are so much popular.
Before the deep driving, we have to know some basics of API request and their function.
- GET: This request is used only to read/view data.
- POST: It creates new data.
- PUT: It is used when we need to update the whole data completely.
- PATCH: It only updates the data partially.
- Delete: It is used to erase data.
Now all of you want to know that what we actually check in API testing. Let's deep drive.
Verify the accuracy of data: When we send a request to the server it gives us some data or information. So it is giving us the correct data or not to check we need API testing.
HTTP Status code checking: We have specific HTTP codes according to our request. Such as for a GET request its successful code is 200. For POST request it is 201. So after sending a request we check the status code either it is right or wrong.
Authorization checking: When we have unauthorized people then they must have their restricted area of access. To verify this we need authorization checking.
Response time: When a request hit the server we also check its response time whether it is normal or not.
Non-functional testing: We also perform some non-functional testing such as security testing, performance testing, etc.
So I think all doubts about basic API testing are clear now. I have tried to tell the story in such a simple way. Any kind of suggestions is highly appreciable.
Keep learning.