//: # ()
The term “API” stands for Application Programming Interface. It refers to an interface that allows software developers to interact with other programs. An API is often used by programmers to create applications that use another program’s functionality.
REST API Testing is testing of the software. REST API at the end of the day is a software & all kinds of software demand testing. Whenever we build & deliver a REST API, it is important that we test the API for security, stability, performance & technical functionality.
REST API testing is a herculean task given the complexity of the API nature & architecture. REST API Testing is manual & automated. You need to write down code to test the API & use a testing tool to drive the API. Depending on the need of the situation, different kinds of API testing approaches & toolscan be used to test the software.
Unit Testing : Testing per unit or testing each operation
Integration : Testing the relationship between different software modules (API & other software)
Functional Testing : Testing the nature of the REST API for the desired & defined functionality
Load Testing : Testing how much volume REST API can handle – number of calls
Reliability Testing : Testing for consistency of results & connections
Security Testing : Testing the security parameters like access control, encryption methods & for rights management
A plethora of API Testing tools are available in the market.
Three Commonly used tools for REST API Testing are:
As the name suggests (pun intended), you can be REST assured if you decide to use this tool. It is an open-source library built in Java. It is used to test RESTful Web Services. It has a lot of in-built functions. This is a great tool for testers which don’t want to run manual tests. It accommodates major HTTP testing methods like POST, GET, PUT, DELETE.
You can look at the below example from the REST Assured website (https://rest-assured.io/)for a game of Housie/Lotto. The below code test if the HTTP server returns the desired information,
Test if the HTTP server returns the JSON at “http://localhost:8080/housie/{id}”:
{
"housie": {
"housieId":5,
"winning-numbers":[2,40,30,23,7,4,3],
"winner":[
{
"winnerId":23,
"numbers": [2,40,30,23,3,4]
},
{
"winnerId":54,
"numbers":[51,3,12,10,18,22]
}
]
}
}You can use REST Assured as a REST API Testing Tool to validate interesting things from the response:
@Test
public void housie_resource_returns_200_with_expected_id_and_winner() {
when().get("/housie/{id}", 5).
then().statusCode(200).
body("housie.housieId", equalTo(5),
"housie.winner.winnerId", hasItems(23, 54));
}This a command like tool meant for REST API testing. It works along with cURl, another command-line URL which isLinux based.You can visit below link on Github & refer to Chapter 7 of O’Reillys book for more details
https://beders.github.io/Resty/Resty/Overview.html
Postman is the best & popular REST API testing tool because it is highly compatible, highly supportive & very easy to use. It has testing tools for every stage in the REST API Lifecycle from design to production. It comes with a browser extension & can be used on MAC, Linux & Windows. You can check out the features on the https://www.postman.com/. It is a generic API testing tool & the application is not limited to REST API.
I personally prefer, insomnia over postman
Like every other thing in the universe, REST API Testing brings along with it some challenges: Some common challenges are:
REST API Parameter Combination & Error : Different Rest API Parameters make different combinations which lead to multiple program states & errors. Some parameters which demand testing are request method, request URI & query parameter.
Validation of REST API Parameters: Unvalidated String & Data Types lead to wrong string & data types. They have to validated to prevent errors.
Data Format Schema Maintenance : The Data Formatting Schema has to be maintained to handle responses & requests. The schema has to be updated with new parameters from time to time.
API calls order sequence : REST API calls are multi-threaded. The API calls have to be made in a certain order.