https://www.techtarget.com/searchsoftwarequality/tip/How-to-develop-an-API-test-automation-strategy
Without proper API testing, disruptions in the back-end exchange of data, files and other information can wreak havoc. If those connections fail, so does the application.
To ensure an application functions as expected, create an effective suite of automated API tests. Automating API tests -- though complex -- is less complicated and error-prone than automating UI-based or workflow-based functional tests. Automated API test suites focus on the API functionality and require less test maintenance overall. With the right tool and a supportive developer resource, QA can effectively and efficiently create automated API test suites.
Learn which tests to automate, what tool to use and how to implement API test automation, using Postman as an example.
Any API that requires continuous or frequent testing is a great candidate for an automated test suite. To determine which APIs require continuous testing, review the application functionality, all available workflows and API documentation.
API tests that require continuous testing or monitoring include the following:
APIs that are only used occasionally may be prioritized at the end or tested manually using existing functional regression test suites. APIs that serve news feeds or decorative items in the application are important but likely not in need of continuous testing or test automation.
QA testers need to verify that data-related APIs return the expected data across application platforms. For example, most applications support both a web and mobile app. Both application platforms likely depend on data from the same API connection but are coded separately on the application side. Create automated tests that ensure both display the same data.
Once teams cover the API connection with basic tests, they can add more complexity and extend the test coverage. For example, QA testers using Postman can start automating via a set of JavaScript snippets independently, or combined, to extend test coverage.
Functional, connectivity and security tests benefit from API test automation. It's essential to verify endpoints are not only responsive, but processing valid and invalid messages. Security is key to business operations, and it relates to both application functionality and connectivity. Create automated API tests that capture all three of these items to return the most business value.
Develop a suite of automated API functional and security tests to execute routinely, meaning continuously or, at minimum, daily. Add in connectivity tests for both expected and failure scenarios. Execute connectivity tests at least daily or weekly, depending on the priority of the API. Consider creating a critical test suite for items that need testing continuously, and leave the rest on a daily schedule.
Don't skip the error messaging or failure tests; they let you know and test how an API responds to bad data and alert you to any other problem within the application and its API set. It's far better to catch failures during a test than when customers are using the system.
Many tools cover API test automation. Before committing to one, consider a free trial, or free version, to ensure the tool is intuitive and expandable for maximum API test coverage.
Most API testing tools offer code snippets to get started and support custom coding. The code snippets alone enable teams to create valid tests in a variety of coverage patterns. Additionally, the tests are always editable to add more detail or expand coverage.
The following tools provide capabilities to automate API tests:
The above list is a brief sampling; there are many available tools.
Let's discuss the initial steps to create and automate an API request test in Postman.
To get started, open Postman, create a workspace and then create a request. The request is a message sent to the API under testing. In our examples below, we use Postman's public API. To create a request, choose the HTTP Request option on the top left, as seen in Figure 1.
Next, you'll see a tab at the top of the screen labeled Untitled Request. This is your new request. You can add a title, then choose GET, POST or PUT and enter the endpoint URL, params, authorization, headers and body.
View the sample request in Figure 3. The request tab displays the name; this example uses GET and provides the endpoint URL to test. Notice the Headers tab shows five headers exist. Postman automatically creates these for you.
When testing secured APIs, the Authorization and Params tabs would show the username and password or authentication to receive a valid security token. Your API developer or IT manager knows the API password and security token.
Now that the request is set up to process, hit Send. In Figure 4, the request name and request type are highlighted in the top portion of the window. Once you select Send, you'll see the response body in the lower half of the window. The best view is JSON, and there is additional information to the right indicating if the message was successfully processed -- in this case, the 200 OK message.
Next, we can create test automation using our request. Click on the Tests tab that displays on the same line as Params and Authorization. Use the code snippets accessible on the right to develop automated API tests. When a request is sent, the automated tests execute, and the results populate under the Test Results tab.
Figure 5 uses two of the code snippets. We edited the first one, so you see it pass. The second one was left as is, so it fails. You always need to edit the snippet to match the response data you are verifying. The test results populate whenever the request is sent.
Next, add detail to your automated API tests based on the testing needs for the API. Edit the snippets based on the API response data to verify data, fields, security tokens and if the message processes or fails.
25 Apr 2023