As information systems become more and more distributed and
systems and devices become ever more interconnected, the use of APIs has seen
exponential growth in the past couple of years. Where traditional (or
old-fashioned) computer systems were monolithic in nature, nowadays they are
often made up of reusable components that communicate and exchange information
with one another through various APIs.
Below diagram depicts the growth
in number of publicly accessible APIs,
Best Practices of API Testing:
Structuring tests:
An API usually consists of several methods or operations that
can be tested individually as well as through the setup of test scenarios.
These test scenarios are usually constructed by stringing together multiple API
calls. I suggest a three step approach to testing any API:
1. Perform syntax testing of
individual methods or operations
2. Perform functional
testing of individual methods or operations
3. Construct and execute
test scenarios
Syntax testing
This type of testing is performed to check whether the method or operation accepts correct input and rejects incorrect input. For example, syntax testing determines whether:
This type of testing is performed to check whether the method or operation accepts correct input and rejects incorrect input. For example, syntax testing determines whether:
·
Leaving mandatory fields empty results in an error
·
Optional fields are accepted as expected
·
Filling fields with incorrect data types (for example, putting a
text value into an integer field) results in an error
Functional testing of individual operations or
methods
This type of testing is performed to check whether the method or operations performs its intended action correctly. For example:
This type of testing is performed to check whether the method or operations performs its intended action correctly. For example:
·
Is calculation X performed correctly when calling operation /
method Y with parameters A, B and C?
·
Is data stored correctly for future use when calling a setter
method?
·
Does calling a getter method retrieve the correct information?
Test scenarios
Finally, when individual methods or operations have been tested successfully, method cals can be strung together to emulate business processes, For example:
Finally, when individual methods or operations have been tested successfully, method cals can be strung together to emulate business processes, For example:
You see that this approach is not unlike user interface-based testing, where you first test individual components for their correct behaviour before executing end-to-end test scenarios.
API virtualization:
When testing systems of interconnected components, the availability of some of the components required for testing might be limited at the time of testing (or they might not be available at all). Reasons for limited availability of a component might be:
When testing systems of interconnected components, the availability of some of the components required for testing might be limited at the time of testing (or they might not be available at all). Reasons for limited availability of a component might be:
·
The component itself is not yet developed
·
The component features insufficient or otherwise unusable test
data
·
The component is shared with other teams and therefore cannot be
freely used
In any of these cases, virtualization of the API can be a
valuable solution, enabling testing to continue as planned. Several levels of
API virtualization exist:
·
Mocking – This is normally done for code objects using a
framework such as Mockito
·
Stubbing – this is used to create a simple emulation of an API,
mostly used for SOAP and REST web services
·
Virtualization –
This is the most advanced technique of the three, enabling the simulation of
behaviour of complex components, including back-end database connectivity and
transport protocols other than HTTP
Non-functional testing
As with all software components, APIs can (and should!) be tested for characteristics other than functionality. Some of the most important nonfunctional API test types that should at least be considered are:
As with all software components, APIs can (and should!) be tested for characteristics other than functionality. Some of the most important nonfunctional API test types that should at least be considered are:
·
Security testing – is the API accessible to those who are
allowed to use it and inaccessible to those without the correct permissions?
·
Performance – Especially for web services: are the response
times acceptable, even under a high load?
·
Interoperability and connectivity – can be API be consumed in
the agreed manner and does it connect to other components as expected?
Most of the high-end API testing tools offer solutions for
execution of these (and many other types of) nonfunctional test types
No comments:
Post a Comment