You may be taking your first steps as a QA and have heard about APIs but are not yet familiar with what APIs do and what they are. Don't worry, we've been there too and that's why I thought this article would be useful. Just to let you know in advance, this article is focused on REST APIs.
What is an API?
An Application Programming Interface (API) provides a secure and standardized way for applications to communicate with each other and share information or functionality using a simple set of commands. Acting as messengers, APIs deliver one application's request to another and return a real-time response. In a nutshell, it is essentially a software-to-software interface. Even though we can't see them, APIs are there, handling practically all the heavy work for us.
Imagine you're planning your next vacation, and you visit a travel site to check the flight options to your destination. You're also looking for movie tickets to go out with your friends, or maybe you're using the app of your favorite restaurant to see if you can change the reservation you made for 8 pm on Friday night to 7 pm. Perhaps you're checking your online banking platform for the latest transactions made with your account. You might even be tired of social networks and decide to close your account. Or, in a different scenario, you're on a shopping site and you've just bought that ornament for your house that you've been wanting so badly. APIs, APIs, APIs, they are everywhere! Now that we have a clearer understanding of what an API is and the versatile operations it performs, let's address the million-dollar question: How do we perform API testing? We'll start with the basics, and we strongly encourage you to stay tuned to the Rootstrap blog because we'll be posting more about APIs and gradually increasing the complexity.
What do you need to be prepared?
Almost a maxim for us as QAs... Read the documentation. Yes, before performing API testing you need to understand the purpose of the API, how it works, and what kind of results (HTTP Status Codes) you can expect from the API endpoint.
HTTP Status Codes:
Now that we know that we are waiting for a 2XX as a desired output, it is time to define the input and how we are going to call (method supported) the API.
What type of methods supports an API?
Get familiar with the parameters that you will need to define as inputs:
For example, a request in REST API can accept header, and body requests or payloads, among other input parameter types.
Let's walk through an example of performing a POST request to an API endpoint:
Suppose we have an API endpoint for a simple task management system, and we want to create a new task using a POST request.
Here's a step-by-step explanation:
- Identify the API endpoint: Determine the URL or URI of the API endpoint where you want to send the POST request. For our example, let's assume the endpoint is https://api.example.com/tasks .
- Construct the request payload: In a POST request, the data to be sent is typically included in the request body. The payload can be in various formats like JSON, XML, or form data. Let's assume we are using JSON. Here's an example payload for creating a task:
- Set the request headers: Specify any required headers for the request. Common headers include "Content-Type" to indicate the format of the payload. For a JSON payload, set the "Content-Type" header to "application/json".
- Create the POST request: Using your preferred programming language or tool, create a POST request to the API endpoint. Include the payload and headers in the request.
- Send the request: Send the POST request to the API endpoint.
- Handle the response: Receive the response from the API. The response will contain information about the success or failure of the request, along with any data returned by the API. Common response codes include 200 (OK) for successful requests or 4xx/5xx codes for errors.
That's it! You've successfully performed a POST request. Remember to handle any errors and validate the response according to your requirements.
⚠️ It's worth mentioning that the specific implementation details may vary depending on the programming language or testing framework you're using. But the fundamental steps remain the same: identify the endpoint, construct the payload, set headers, create the request, send it, and handle the response.
Ready to Practice?
To practice your API testing skills, we recommend using the free and open-source tool called Swagger Petstore. Visit https://petstore.swagger.io/ to explore the tool and start experimenting with API requests.
Keep Learning: API testing is a vast field, and there's much more to explore. Stay tuned to the Rootstrap blog, where we'll continue posting articles about API testing. We'll gradually cover more complex topics to help you enhance your API testing knowledge.
Happy testing and exploring the world of APIs!