How to Overcome Challenges with API Testing

Placing special attention on API testing can result in a product that works more reliably and thus enforces the professionalism of the company. Testers must verify functionality in both internal and external APIs that affect the product and they can also help maintain the quality of published APIs.

1. Test early and test often

Changes in APIs are generally known in advance and thus test case changes can be made earlier. Test changes can be made as soon as changes are known and published and do not need to wait for the release of a GUI.

Michael Sonshine

Rather than wait for the GUI elements that will call on the API like a user—or focus only on unit tests—testers must write API test cases in advance as much as is possible to get feedback to development quickly.

2. Automate API testing directly and consistently

APIs are more and more consumed by the public, by other applications, by mobile devices. When they are made public it’s easy to forget security.

Ole Lensmar

3. Couple automation with exploratory testing

But don’t rule exploratory testing out completely. API testing expert Ole Lensmar notes:

I think automation is great and it gives you a safety net. You can be sure that your app doesn’t break or stop working in any way but also having an experienced tester doing exploratory testing can really find those issues and bugs that make the user experience bad. It’s not a good way of saving money in the short run but in the long run you’re going to have happier customers. – Ole Lensmar

4. Shorten the feedback loop

The true benefit of API testing is that testers are able to give valuable information to developers when something isn’t working right. We’re all familiar with the frustration of not being able to reproduce a customer issue. API testing makes that less likely to occur and helps pinpoint the exact area of weakness for faster resolutions.

If the test fails you can discover why and see at what step in the interaction. Thus the feedback loop shortens drastically and the monitoring is more realistic. Of course, the quicker in the cycle tests take place, the shorter the feedback loop in general. For API testing to be the most valuable, very detailed issue logs need to make it back to development as quickly as possible.

5. Pay special attention to security concerns

With API testing, security should never be an afterthought. Most APIs give other companies access to very sensitive user data and all sorts of assets.

API testing gives you another quality checkpoint that everything is working okay. You’re getting continuous validation that things are working as they should and not breaking.

Ole Lensmar

All authentication and authorization methods also require attentive testing to ensure protecting of user data.

6. Maintain consistent documentation and terminology

  • Avoiding the use of abbreviations and jargon
  • Choosing only one name for any one element (i.e. refer to users as ‘users’ not ‘users’ and ‘customers interchangeably)
  • Finding and minimizing variations of common field names
  • Migrating documentation from PDFs to live HTML files (updating and maintaining so documentation is more usable)

Since external developers typically won’t have access to the source code—but will still need to fully understand how to interact with the API—testers can act as a first checkpoint and help give feedback on the understandability and experience of the API.

Jumbotron image