Table of Contents
Preface
The test pyramid is an essential concept in automated testing. This diagram shows how to automate testing for a project. It shows what parts you should test first, as they make up the pyramid’s base. Then what should be left for the pyramid’s top? The unit-testing layer is the first. Developers often do this code testing as they write it. Next comes the Server Layer, where API testing is located. UI Testing occurs after the front end has been completed. UI tests are not sufficient to verify functional paths and API services. You could end up with bugs that are rooted in the server, or at the unit level. However, mistakes can be costly, as you may have to rewrite a lot of code. This could cause delays in the release. Start testing in the very early stages. If the request does not return the required value at the server layer, it will not be displayed at UI layer. API tests are not required to be completed at the end of the development cycle.
They will eliminate at least half the bugs before they become serious. Unit and API Tester are preferable to GUI testing in the agile process, which requires instant feedback. The former requires a lot of rework in order to keep up with the rapid pace of change. However, we do not dismiss UI testing. GUI testing is the only type of test that can catch certain defects and the only one that really tests the user experience. We encourage you to also pay attention to API testing and use it to improve your overall development process.
API Description
API is the heart of software development. They connect and transfer data across different systems and applications. Testing them can help you deliver software faster by increasing the efficiency of your entire testing strategy. API (or Application Programming Interfaces) is the link between different layers or systems within an application. An application may have three layers: a layer of data, a layer of service (API), and a layer with a user interface (UI). The API layer is an app’s business logic – it contains rules for how users interact with data, services, or other functions. The API/service layer directly touches the presentation layer as well as the data layer. This makes it a great choice for continuous testing by both QA and Development teams.
Aspects of Focus
QA engineers approach testing API from different angles. They verify that it produces the correct outputs, delivers timely responses, and integrates well with presentation layer software. An API’s response to edge situations (e.g. Failures, unexpected or extreme inputs and security threats. Let’s now address each one.
Well-Designed API
Functional testing is the evaluation of functions within the codebase. Functional testing ensures that the API works as expected.
- Returns the output you want for a given input
- Handles errors when results are not within the expected parameters
One type of functional testing is Positive/Negative testing. While negative testing examines how an API reacts to any type of incorrect input, positive testing confirms that the API is functioning correctly when the input conforms with the norm. Positive test cases failing is a sign that the application cannot perform under ideal conditions.
Recital of API
To make sure the API can handle higher loads; QA engineers simulate or create API calls to validate the API’s functionality and performance. Below are examples of API performance testing.
Load testing. Load testing is used to determine the limits of system performance when subjected to high loads. This is why we test response times, server conditions, and other parameters while increasing the number calls. Soak testing. Load testing that is extended for a prolonged period of time may reveal system instabilities such as API memory leaks. Automated soak tests can be left running if you have a long weekend. It will notify you if any undesirable behavior has occurred on Monday.
- Stress testing to determine the point at which an API stops responding or starts throwing errors, the idea is to increase gradually the number of virtual users.
- Spike testing An API is subject to a sudden surge in users, contrary to stress testing. Spike testing is used to determine if the API can stabilize and then return to its normal function.
- Scalability testing Scalability testing is necessary to ensure that your system can handle changing loads. Increase the number of requests you receive and track whether this causes an increase in response times.
- Peak testing Similar to soak testing but with a shorter attack time, you can subject your API to the most severe load.
API Security Tests
Security, penetration, and fuzz testing are components of the security auditing process that aims to test an API for vulnerabilities from outside threats. Security testing It verifies that security requirements have been met. This includes authorizations, authentication, and access control, such as:
- What authentication type is required to use API?
- How secure sensitive data is encrypted
- What authorization checks are required for resource access?
Penetration Testing
Penetration testing is a further step in security testing. It allows you to test specific API functions, resources, processes, or the entire API. This will determine if the threat vector is possible to reach.
Fuzz Testing
The final step of the security audit is to test the API at all its limits. It involves forcing massive amounts of random data to be input. This test will determine if the API can withstand it or end up with undesirable behavior such as a forced crash, overflow, or both.