API is an acronym and it stands for Application Programming Interface. API is a set of routines, protocols, and tools for building Software Applications. APIs specify how one software program should interact with other software programs.

In simple words, API stands for Application Programming Interface. API acts as an interface between two software applications and allows the two software applications to communicate with each other. API is a collection of software functions which can be executed by another software program.

Let’s see some examples of an API in a more approachable way.

Assume an API as a Waiter at a Restaurant.

At a restaurant, you give an order based on the items available on the menu. A waiter in the restaurant writes down your order and delivers it to the kitchen who prepares your meal. Once the meal is ready, the waiter picks up your food from the kitchen and serves it to you at your table.

In this scenario, the waiter’s role is similar to an API. As a waiter, the API takes a request from a source, takes that request to the database, fetches the requested data from the database and returns a response to the source.

What is API Testing?

API testing is a type of software testing that involves testing APIs directly and also as a part of integration testing to check whether the API meets expectations in terms of functionality, reliability, performance, and security of an application. In API Testing our main focus will be on a Business logic layer of the software architecture. API testing can be performed on any software system which contains multiple APIs. API testing won’t concentrate on look and feel of the application. API testing is entirely different from GUI Testing.

Let’s see how is UI testing is not similar to API testing?

UI (User Interface) testing is to test the graphical interface part of the application. Its main focus is to test the look and feel of an application. On the other hand, API testing enables communication between two different software systems. Its main focus is in the business layer of the application.

API Testing Types?

API testing typically involves the following practices:

• Unit testing: To test the functionality of individual operation
• Functional testing: To test the functionality of broader scenarios by using block of unit test results tested together
• Load testing: To test the functionality and performance under load
• Runtime/Error Detection: To monitor an application to identify problems such as exceptions and resource leaks
• Security testing: To ensure that the implementation of the API is secure from external threats
• UI testing: It is performed as part of end-to-end integration tests to make sure every aspect of the user interface functions as expected
• Interoperability and WS Compliance testing: Interoperability and WS Compliance Testing is a type of testing that applies to SOAP APIs. Interoperability between SOAP APIs is checked by ensuring conformance to the Web Services Interoperability profiles. WS-* compliance is tested to ensure standards such as WS-Addressing, WS-Discovery, WS-Federation, WS-Policy, WS-Security, and WS-Trust are properly implemented and utilized
• Penetration testing: To find vulnerabilities of an application from attackers
• Fuzz testing: To test the API by forcibly input into the system in order to attempt a forced crash

Common tests on APIs:

Some of the common tests we perform on APIs are as follows.

• To verify whether the return value is based on input condition. Response of the APIs should be verified based on the request.
• To verify whether the system is authenticating the outcome when the API is updating any data structure
• To verify whether the API triggers some other event or request another API
• To verify the behavior of the API when there is no return value

What exactly needs to be verified in API Testing?

Basically, on API Testing, we send a request to the API with the known data and we analyse the response.

• Data accuracy
• HTTP status codes
• Response time
• Error codes in case API returns any errors
• Authorization checks
• Non functional testing such as performance testing, security testing