Among the many concerns of API providers, the biggest is related to API quality and performance (as highlighted in a previous post). In a API security webinar conducted by SmartBear and Axway, 56% of the attendees mentioned that security is a ‘very important’ feature in APIs. Rather strangely, only around 12% of the same group of people stated that they had a proper API security testing procedure in place. Apart from security, many other issues can affect the performance of APIs. According to reports, nearly 25% of all API issues remain unresolved after a week – a significant figure considering that 1 out of 3 customers is likely to switch to another provider in such cases. In today’s feature, we will briefly highlight some common types of API testing, before moving on to 9 effective API testing tools:

Types Of API Testing

Before we get any further into this discussion, let’s clear the concept of ‘API Testing’ first. As is the case for any software and mobile applications, testing is all about finding out bugs and inconsistencies in performance, so that they can be resolved quickly, prior to final launch. For testing APIs, custom software is employed to make API calls. The system generates a response, which is recorded and logged. The focus is on ensuring that the API itself, and its associated integrations, are functioning as they are supposed to (and there is consistency across different conditions). Here are the main types of API testing that are performed at organizations:

• Usability Testing – This is done to check the user-friendliness of new APIs. With ‘the learning curve’ being an important factor in determining the overall API quality, thorough usability testing is vital.
• Proficiency Testing – What are APIs supposed to do? That’s right, they should enhance the productivity of the web and mobile app developers. As the name suggests, this form of testing is done to find whether an API actually helps developers/end-users.
• Load Testing – The number of calls that an API has to handle is likely to vary with time. Through systematic load testing, providers can check whether APIs can handle huge call volumes.
• Security Testing – Arguably, the most important form of API testing. All the security specifications of an API, right from access control and user authentication, to required permissions, are checked through security testing of APIs.
• Discovery Testing – More commonly known as API documentation testing, this is done to ensure that users have enough guidance in the form of formal documentation.
• Functionality Testing – The most basic type of API testing. Functionality testing is about finding out whether an API is ‘functioning’ as it is meant to. If not, the root cause(s) are identified and resolved.
• Reliability Testing – These are the tests performed to determine whether the responses/outputs from APIs are consistent for different projects, in all scenarios.

In addition to the above, Creativity Testing for APIs is also often performed by companies. The purpose for this is determining the extent of customization supported by an API.

Tools For API Testing

Not having access to the required technology/resources, and not delegating the tasks to the correct individual/team are two key reasons behind API testing often remaining incomplete and half-baked. You need to have proper working knowledge of these tools, to make sure that your APIs never fall short on the quality front:

1. HttpMaster

   Primarily used to test web API calls (i.e., load testing), the HttpMaster tool automates the overall process of web application testing. POST, GET and DELETE are some of the common http methods supported in this tool, along with a fairly large array of validation methods and expressions. API requests can be clubbed into batches with the dynamic parameters of the web development tool, making the testing process easier for developers. In addition to API testing, HttpMaster can be used for website testing and service testing as well.

2. Apache JMeter

   A Java-based, multi-utility, open-source tool for load testing and functionality testing of the endpoints of Web services APIs. JMeter is increasingly being used to test RESTful APIs as well. The multi-threaded feature of this tool makes it ideal for performing effective, accurate load testing. Multiple protocol types are supported by Apache JMeter (FTP, LDAP, SOAP/REST, HTTP/HTTPS, and more), during performance testing and load testing of APIs.

3. SoapUI

   One of the most ‘complete’ API testing tools out there at present. From load and regression testing, to compliance and, obviously, functional testing can be done with this software resource. The built-in Groovy support enables API testers to generate complicated validation scripts with ease, while web method requests can be used to directly generate test cases. SoapUI offers cross-platform functionality and serves as a tool for testing both REST APIs and SOAP APIs. Assertions (created with XQuery or XPath) are used to generate the web method results. The test setup in SoapUI can also be altered, as and when required.

4. DHC

   Created by Restlet, DHC is a widely used Web API testing resource. The tool allows users to seamless integrate the API testing procedure with their Continuous Integration (CI) and/or Continuous Delivery (CD) delivery methods. The built-in graphical user-interface of DHC doubles up as an excellent visual tool for monitoring API calls. A large number of API requests can be bunched together in test scenarios, with the tool having the capability to handle requests of varying complexity. The responses to requests can be analyzed easily too.

5. Postman

   For manual API testing, Postman – which is basically a Google Chrome plug-in – can be just the perfect tool. Since Postman is, in essence, a high-end HTTP client, it supports practically all forms of modern web API data (for extraction or exploration). The interface of the tool allows testers to write out custom Boolean test scripts, while batches of REST calls can be created and saved (for later execution) too. A big advantage of Postman is that it is not a command-line based tool (unlike, say, CURL), which makes using it considerably easier.

6. Runscope

   Generally used for checking XML as well as JSON endpoints, Runscope is goes beyond the definition of ‘just another API testing tool’, and simultaneously serves as a ‘traffic inspector’ for APIs as well. It monitors API uptimes on a continuous basis, and notifies users as soon as an API stops working. The third-party metrics integrations supported by Runscope bolster the overall API monitoring process further. API providers can use the tool to create and deploy functional tests, along with accessing private APIs (when required). API traffic can be monitored on a real-time basis through this tool, and issues can be promptly logged and debugged.

7. Parasoft

   Parasoft is often the go-to testing tool for APIs without graphical user interfaces (GUIs). A vast range of protocols is supported by the Parasoft interface, making the task of specifying automated test scenarios a lot simpler. Scenarios of varying complexities are automated by this tool – across mainframes, databases and even messaging layers. The tests created with Parasoft are typically reusable and scalable, apart from being easy to maintain. The tool is best for performing regression testing of APIs with state-of-the-art validation methods. A high point of Parasoft is that, it lets users create tests without having to actually code.

8. TestingWhiz

   Yet another code-free API testing tool (it also performs mobile testing, big data testing and database testing). Regression tests for APIs can be easily automated with TestingWhiz, and the tool also offers reliable automated web UI testing services. Practically all the popular browsers are supported (the likes of Firefox, Chrome, IE, Opera, Safari) – enhancing the coverage of tests as well as the convenience of users. More than 290 commands are available for generating modular automation scripts – doing away with the need for coding.

9. vRest

   For automated testing of RESTful APIs as well as HTTP APIs, vRest is a more than handy online tool. Depending on the precise specifications of each API, documentations are generated by the tool – and it also delivers high-speed validation services for REST APIs. The Mock Server Functionality of vRest, which allows smooth creation of API mocks, also deserves a special mention. Data can be imported from the Swagger API framework without any hassles. vRest also comes with JIRA-Jenkins integration.

TestMaker, HP QTP and Chakram (REST APIs) are some other popular API testing tools and frameworks. The importance of quality in an API cannot be overemphasized – and to maintain performance standards and retain users, using these tools for testing is of paramount importance.

Resources: https://smartbear.com/learn/api-testing/practical-tips-for-api-security/

https://smartbear.com/learn/api-testing/what-is-api-testing/

http://www.guru99.com/ , http://www.quora.com