Olivier Le Moal - stock.adobe.co
The basics of implementing an API testing framework
With an increasing need for API testing, having an efficient test strategy is a big concern for testers. How can teams evaluate what framework strategy is the right match?
Modern web and mobile application design is increasingly gravitating toward a style that focuses on front-end calls to middle-tier APIs. As such, API testing and API test strategy have moved to the forefront of many teams' testing needs.
This tip reviews the core components of an API testing framework, examines the basics of getting started with implementation, and offers a look at four popular API testing tools and platforms in order to demonstrate the range of options that exist to serve differing business needs and testing goals.
Creating an API test framework
An API testing framework is made up of small individual test cases that developers can run separately from one another. The test cases are often organized into test suites that represent designated segments of the application and can run the individual tests in a predefined order.
The API testing framework also acts as the source of libraries and other resources used to help manage access authentication processes, create global variables or update core API code as updates occur across various environments. One standout advantage of using these small test scripts is that they are easy to isolate, rerun and analyze in the event of a failure.
It's often possible for in-house programmers to build API test frameworks on their own, so long as the format of output data isn't likely to change, the tests involved don't have to run in parallel, the authentication model remains consistent and there are no new, looming change requirements that threaten the validity of results. These can start with something as simple as a script or text file in a specified directory. Meanwhile, another directory might contain the names of individual tests and the global data they need to run. After executing a loop to run the test files and redirecting output to memory storage, the program returns the results of the test.
Unfortunately, sweeping changes tend to be inevitable in large systems, especially if those systems are distributed. Also, frameworks written in-house are often written in the same language as the original production code, meaning that the production programmers likely need to help maintain and debug API tests when they fail. As such, many organizations tend to recruit the help of one or more API testing platforms or tools that are specifically calibrated to provide testing framework support.
In addition to finding the right platform and tooling support, software teams should keep the following pieces of advice in mind when getting started with implementing a new API testing framework:
- Keep the scope of tests small enough that errors are easy to debug.
- Deal with issues related to authentication and password management as early as possible.
- Try and make sure that test outputs remain compatible with test automation servers.
- Consider focusing efforts on APIs that are under active development since they'll need to be tested anyway.
API test frameworks tools
API testing can be complex, as it often involves running a continuous series of tests across a plethora of code, versions, authentication systems and other dynamic elements. One major advantage of using ready-made framework tools is that they provide features for both common and edge-case testing needs, including support for multiple types of data formats.
While organizations need to carefully assess their own individual needs, here are some examples that demonstrate the range of available options when it comes to support for API testing frameworks.
Postman
Postman is a standalone API management platform designed to support a range of API testing needs, particularly when it comes to JavaScript code. While there is a cost for shared team licenses, individuals who don't need to share files can get started on the platform for free. Postman is excellent for JSON-based REST API testing in the JSON format; however, it does provide a SOAP-specific client as well.
SoapUI
SoapUI supports scripting in both Groovy and JavaScript, is compatible with Linux and macOS, and uses an XML file format. It also features a command-line runner, which helps it readily integrate with most continuous integration servers. The base version of SoapUI can run as a desktop application and enables users to save and share files across teams for easier version control.
ReadyAPI
ReadyAPI is an API testing platform designed to offer comprehensive features around security testing and service virtualization. It shares a common file format with SoapUI; in fact, it's common for teams to start with SoapUI as a steppingstone to ReadyAPI. Additionally, ReadyAPI offers an array of macros created to automatically complete routine tasks, such as creating assertions used to verify response codes -- as opposed to SoapUI, which requires users to manually identify response nodes and the expected responses.
Subject7
Subject7 is a web-based test automation platform that aims to provide access to a number of complex software testing facilities through a simplified interface accessible by less technical users. The tool enables programmers to write components in JavaScript that testers can then drag and drop into collections of navigable, graphics-based test suites.
