API testing: Difference between revisions

Browse history interactively

← Previous edit

Content deleted Content added

VisualWikitext

Revision as of 08:17, 19 October 2023 edit 117.193.56.89 (talk) →Software Tags: Reverted Visual edit ← Previous edit		Latest revision as of 10:01, 14 February 2025 edit undo FrescoBot (talk \| contribs) Bots 1,152,845 edits m Bot: link syntax
(19 intermediate revisions by 18 users not shown)
Line 1: ~~{{Software development process}}~~{{Short description\|Automated software testing of programmable application interfaces (APIs)}} {{Software development process}}'''API testing''' is a type of [[software testing]] that involves testing [[application programming interface]]s (APIs) directly and as part of [[integration testing]] to determine if they meet expectations for functionality, reliability, performance, and [[Computer security\|security]].<ref name="reichart1">[http://searchsoftwarequality.techtarget.com/tip/Testing-APIs-protects-applications-and-reputations Testing APIs protects applications and reputations], by Amy Reichert, SearchSoftwareQuality March 2015</ref> Since APIs lack a [[Graphical user interface\|GUI]], API testing is performed at the [[Communications protocol#Layering\|message layer]].<ref name="stickyminds">[http://www.stickyminds.com/interview/all-about-api-testing-interview-jonathan-cooper All About API Testing: An Interview with Jonathan Cooper], by Cameron Philipp-Edmonds, Stickyminds August 19, 2014</ref> API testing is now considered critical for automating testing because APIs ~~now~~ serve as the primary interface to [[application logic]] and because [[Graphical user interface testing\|GUI tests]] are difficult to maintain with the short release cycles and frequent changes commonly used with [[Agile software development]] and [[DevOps]].<ref name="forrblog">[http://blogs.forrester.com/diego_lo_giudice/15-04-23-the_forrester_wave_evaluation_of_functional_test_automation_fta_is_out_and_its_all_about_going_be?cm_mmc=RSS-_-BT-_-63-_-blog_1769 The Forrester Wave Evaluation Of Functional Test Automation (FTA) Is Out And It's All About Going Beyond GUI Testing] {{Webarchive\|url=https://web.archive.org/web/20150528225452/http://blogs.forrester.com/diego_lo_giudice/15-04-23-the_forrester_wave_evaluation_of_functional_test_automation_fta_is_out_and_its_all_about_going_be?cm_mmc=RSS-_-BT-_-63-_-blog_1769 \|date=2015-05-28 }}, by Diego Lo Giudice, [[Forrester Research\|Forrester]] April 23, 2015</ref><ref name="layers">[~~http~~https://www.gartner.com/~~document~~en/documents/2645817~~?ref=QuickSearch~~ Produce Better Software by Using a Layered Testing Strategy]~~{{dead link\|date=December 2021\|bot=medic}}{{cbignore\|bot=medic}}~~, by SEAN Kenefick, [[Gartner]] January 7, 2014</ref> ==API testing overview== API testing involves testing APIs directly (in isolation) and as part of the end-to-end transactions exercised during integration testing.<ref name="reichart1"/> Beyond [[Representational state transfer\|RESTful APIs]], these transactions include multiple types of endpoints such as [[web services]], [[Enterprise service bus\|ESBs]], [[database]]s, [[Mainframe computer\|mainframes]], [[Web application\|web UIs]], and [[Enterprise resource planning\|ERPs]]. [https://www.hypertest.co/api-testing/top-10-api-testing-tools API testing] is performed on APIs that the development team produces as well as APIs that the team consumes within their application (including third-party APIs).<ref name="reichart2">[http://searchsoftwarequality.techtarget.com/tip/Onus-for-third-party-APIs-is-on-enterprise-developers Onus for third-party APIs is on enterprise developers] {{Webarchive\|url=https://web.archive.org/web/20190731082123/http://searchsoftwarequality.techtarget.com/tip/Onus-for-third-party-APIs-is-on-enterprise-developers \|date=2019-07-31 }}, by Amy Reichert, SearchSoftwareQuality July 2014</ref> API testing is used to determine whether APIs return the correct response (in the expected format) for a broad range of feasible requests, react properly to [[edge cases]] such as failures and unexpected/extreme inputs, deliver responses in an [[Service-level agreement\|acceptable amount of time]], and respond securely to potential [[Cyberwarfare\|security attacks]].<ref name="reichart1"/><ref name="layers"/> [[Service virtualization]] is used in conjunction with API testing to isolate the services under test as well as expand test environment access by simulating APIs/services that are not accessible for testing.<ref name="accelerate">[http://www.gartner.com/document/2642716 Accelerate Development with Automated Testing]{{dead link\|date=December 2021\|bot=medic}}{{cbignore\|bot=medic}}, by Nathan Wilson, [[Gartner]] December 30, 2013</ref> API testing commonly includes testing [[Representational state transfer\|REST]] APIs or [[SOAP]] [[web services]] with [[JSON]] or [[XML]] [[Payload (computing)\|message payloads]] being sent over [[HTTP]], [[HTTPS]], [[Java Message Service\|JMS]], and [[IBM WebSphere MQ\|MQ]].<ref name="stickyminds"/><ref name="guidance">[http://www.gartner.com/document/2827918 A Guidance Framework for Designing a Great Web API]{{dead link\|date=December 2021\|bot=medic}}{{cbignore\|bot=medic}}, by Eric Knipp and Gary Olliffe , [[Gartner]] August 20, 2014</ref> It can also include message formats such as [[Society for Worldwide Interbank Financial Telecommunication\|SWIFT]], [[Financial Information eXchange\|FIX]], [[Electronic data interchange\|EDI]] and similar fixed-length formats, [[Comma-separated values\|CSV]], [[ISO 8583]] and [[Protocol Buffers]] being sent over [[Communications protocol\|transports/protocols]] such as [[TCP/IP]], [[ISO 8583]], [[MQTT]], [[Financial Information eXchange\|FIX]], [[Java remote method invocation\|RMI]], [[SMTP]], [[TIBCO Rendezvous]], and [[Financial Information eXchange\|FIX]].<ref>[http://www.drdobbs.com/tools/the-fight-against-brittle-scripts-and-so/231901658 The Fight Against Brittle Scripts and Software Defects], by Adrian Bridgwater, [[Dr. Dobb's Journal]] October 26, 2011</ref><ref>[http://www.drdobbs.com/testing/how-do-we-learn-composite-app-testing-sp/232600874 How Do We Learn Composite App Testing-Speak?], by Adrian Bridgwater, [[Dr. Dobb's Journal]] February 14, 2012</ref> ==API testing, GUI testing, and test automation== API Testing is recognised as being more suitable for [[Automated_testing\|test automation]] and [[continuous testing]] (especially the automation used with [[Agile software development]] and [[DevOps]]) than GUI testing.<ref name="forrblog"/><ref name="layers"/> Reasons cited include: * '''System complexity:''' GUI tests can't sufficiently verify functional paths and back-end APIs/services associated with multitier architectures. APIs are considered the most stable interface to the system under test. Line 21: There are several types of tests that can be performed on APIs. Some of these include smoke testing, functional testing, security testing, penetration testing, and validation testing. * [[Artificial intelligence]] (AI) used in API testing improves the efficiency and accuracy of the testing process. It can automatically generate test cases, identify potential issues, and analyze test results through machine learning to identify patterns and anomalies.<ref>{{cite book \|last1=J. Gao, C. Tao, D. Jie ĺ, S. Lu \|title=What is AI Software Testing? and Why \|date=2019 \|pages=27–2709 \|publisher=IEEE \|doi=10.1109/SOSE.2019.00015 \|url=https://ieeexplore.ieee.org/document/8705808/authors#authors}}</ref> * [[Smoke testing (software) \| Smoke test]] - This is a preliminary test that checks if the most crucial functions of an API are working correctly and identifies any major issues before further testing. [[Functional testing]] - This type of testing validates a software system against its functional requirements by providing input and verifying the output. It mainly involves black box testing and is not concerned with the source code. * [[Black box testing]] - This is a type of testing where the tester interacts with the API without knowing its internal workings. The tester provides input and observes the output generated by the API to identify how it responds to expected and unexpected user actions. Line 37: [[Penetration Testing]] - Ethical hacking is used to assess the security of an API design. An external pentester finds vulnerabilities in API integrations due to incorrect business logic or programming issues to identify security vulnerabilities that attackers could exploit. [https://docs.oracle.com/cd/E55956_01/doc.11123/external_user_guide/content/wsi_compliance.html WS-* compliance testing] - This testing applies to SOAP APIs and ensures proper implementation of standards such as WS-Addressing, WS-Discovery, WS-Federation, WS-Policy, WS-Security, and WS-Trust. *[[~~Graphical_user_interface_testing~~Graphical user interface testing\|Web UI testing]] - Checks if the visual elements of a web application's user interface work correctly and are user-friendly. It is different from API testing, which tests the communication between software components. ==Software== Line 46: \|SoapSonar \|Crosscheck Networks \|-▼ ~~\|[https://hypertest.co/ Hypertest]~~ ~~\|Lugg Cargo Private Limited~~ \|- \|[[SoapUI]] Line 64 ⟶ 61: \|[[Katalon Studio]] \|Katalon ▲\|- \|vStellar \|vStellar \|- \|- \|Step CI