Sunday, December 11, 2016

API Monitoring and Testing

Application Programming Interfaces (APIs) testing is different than other testing as GUI is not available and this won't concentrate on look and feel of the application. API testing involves testing APIs directly. It enables communication and data exchange between two separate software systems and as part of the end-to-end transactions exercised during integration testing.

API testing commonly includes testing REST APIs or SOAP web services with JSON or XML message payloads being sent over HTTP, HTTPS, JMS. Since APIs lack a GUI, API testing is performed at the message layer.

Summary - RESTful vs SOAP Web Service

--XML based protocol
--Uses WSDL for communication between consumer and provider
--Does not return human readable result
--Transfer over HTTP, SMTP, FTP, etc.
--Javascript can call SOAP but difficult to implement
--Performance is not great compared to REST
--SOAP web services can be tested through programs or software such as Soap UI.

--Architectural style protocol
--Uses XML or JSON to send and receive data
--Result is readable which is just plain XML or JSON
--Transfer is over HTTP only
--Easy to call from Javascript
--Performance is better than SOAP. Amazon and Google are moving their APIs from SOAP to REST.
--REST can be easily tested through CURL command, Browsers and extensions such as Chrome Postman.

There are multiple API testing tools available
  • SoapUI
  • Runscope
  • Postman (Chrome Extension)
  • Advanced REST Client (Chrome Extension)
  • Insomnia REST Client (Chrome Extension)
Suppose, there is a checkbox in user registration form and the system using API function which receives input as date range and return a list of users that was registered with checkbox marked at that time interval.

Input: Date interval (e.g, fromdate=2016-12-01&todate=2016-12-15)
Output: list of users registered that time interval with checkbox marked

First of all, install any of the API testing tools and here i will be using SoapUI / Postman / Insomnia / Advanced REST Client.

Download SoapUI from here according to your machine. Other Insomnia / Advanced REST Client can installed from google chrome extensions.

1. Open SOAP UI application

2. Create REST project and put request URL

3. Authenticate using Username and Password

Authentication is stated as the act of confirming the identity of API consumer. After authenticated, they are usually authorized to get access to desired APIs
  • Authentication is used to determine who the user of an API is.
  • Authorization is used to determine what resources the identified user has access to. 

There are multiple standards and technologies available for authenticating users, for example;
  • Form-based - Web/HTML based authentication that commonly uses HTTP cookies.
  • Basic/Digest - Uses HTTP headers to identify users.
  • OAuth 1.x/2

4. Submit the request

 See image from Insomnia

Now you can move to advanced things :)