Consumer orientation has changed the structure of software. Modern applications are scattered across mobile devices and web browsers, so users can access services anytime and anywhere. In addition, applications are no longer self-contained. They are made up of multiple service components that are linked at runtime. How does an application programming interface, or API, affect the interaction with the end user? And why is API testing becoming a normal practice for IT companies that provide quality assurance services? Let's try to figure it out.
What API is
API is a set of tools, using which one program can exchange data with another. This approach facilitates communication between modules, applications, and back-end systems. API testing helps specialists to promptly know when something goes down and fix the problem before users notice any inconsistency.
Simplistically, the performance of an API can be compared with taking an order in a cafe. A visitor selects a dish from a menu and sends their request to the kitchen via a server. The server, in turn, gives the task to the chefs and returns to the visitor with a plate of cooked food. Here, the server acts as an API, connecting one program (the visitor) to another (the kitchen).
A typical application has three distinct layers: the presentation (or user interface - UI) layer, the business layer, and the database layer for modeling and managing data. As you can see in the picture below, an API focuses on business logic.
An example of APIs in action is booking tickets online using a credit card. The bank provides an API for online transactions that are invoked by the flight booking website. The website sends a request and receives a response. Based on the response - 'Transaction was successful' or 'Unsuccessful transaction attempt' - the ticket is either booked or not. If the bank’s API doesn’t work, users can’t conduct financial transactions, which leads to profit losses and damage to the business’s reputation.
In applications, APIs are typically used to provide continuous communications between various software components, integrating them into a robust system.
The essence of API testing
Since we have figured out what an API is, it becomes obvious that API testing checks whether an API operates correctly. This process helps to ensure that performance, functionality, security, and reliability of software meet expectations - in other words, that the server (API) is able to serve several visitors simultaneously, return to the client, bring the exact dish that was ordered, and so on.
Consequently, ineffective APIs can result in integration difficulties, poor software quality, user frustration, and revenue losses. According to State of the Internet - a report by Akamai, API calls account for 83% of all web traffic. Quality assurance engineers perform automated API testing by using specialized software, which significantly simplifies and speeds up the checking process.
The difference between API testing and GUI testing
Testing of a GUI (graphical user interface) focuses on the appearance of a web interface. For example, it checks whether a certain payment button works, whether the menu is functional, whether the necessary fonts are used on the page, and so on. Application GUI checks will always be a necessity, but sometimes, finding the cause of the problem with their help is difficult. In the world of Agile methodologies, GUI testing is no longer enough.
API testing helps specialists dig deeper by focusing on the business logic layer of software architecture. The business layer is the most important - this is where all transactions between the UI and the database layer take place. API testing focuses mostly on using software to send API calls, get output, and log system responses, as well as on ensuring data security and software performance.
Moreover, testers can start testing APIs at an earlier stage of development. And the sooner the problem is discovered, the faster, cheaper, and easier it is to fix it. Missing out on mistakes is fraught with high expenditures - for example, in 2016, they cost the US economy about $1.1 trillion.
What API testing services include
Companies that provide software quality assurance services conduct API testing based on the business logic of a software product. But this doesn’t mean that checking the operation of an API only means evaluating its functioning. The choice of API tests is wide, so engineers can apply the following types of testing:
This is the most commonly used form of API testing, as an API is at the core of the majority of integrations between services. This type of check makes it possible to find errors in the interaction between program modules or systems. For this purpose, testers use special tools, with the help of which they send input data (request) and check the correctness of the output data (response).
These checks are carried out to ensure that the software system meets the functional specifications and requirements. To test each API function, an engineer provides the appropriate input parameters in XML or JSON format and then validates the output against the functional requirements.
The API security check detects any risks and vulnerabilities. Testers find potential loopholes and flaws that can lead to loss of information, revenue, and reputation in the event of an attack. Companies engaged in software testing outsourcing check encryption methodologies and authorization rules for accessing resources - all this in order to conduct a quality audit of API security.
By applying this type of test, one can check the performance of an API under a certain load - for example, evaluate how the software interface behaves when several people use it simultaneously. According to statistics, over 40% of people leave a website that takes more than three seconds to load. Load testing can help to prevent user outflow even before the app enters the market. That’s why, when ordering software testing services, one needs to give special consideration to API load tests. After all, software performance directly affects customer perception of the brand and a company's profitability.
Benefits of API testing
In a nutshell, API testing can improve test coverage, save resources and time to release an application, and protect it from malicious code or hacking. Let's take a closer look at the five main benefits of API testing.
1. Finding bugs at an early stage of software development
During API testing, a specialist has access to the application without a UI. In other words, they can run tests without having to test the entire software. This is a great advantage that allows testers to find defects in the application at an early stage. Thus, developers can fix bugs before they affect the GUI. Plus, as we mentioned above, this approach saves a lot of time and money for the company that ordered quality assurance services.
2. Effective use of time
API testing takes much less time than GUI testing. A UI level test lasts seven minutes - compared to the twelve seconds required to run an API test. This means that the latter is executed 35 times faster. Now imagine that you need to run 1000 tests - in this case, the time savings are obvious.
In UI-driven tests, most of the time is spent on loading and rendering web pages and UI elements that might not even be needed in the end. For example, a tester has to test the work of a website form: fill it out, submit it, and make sure that the user is taken to the next screen.
But while running this test, there is a possibility of encountering several problems. The engineer may be hindered by restrictions on the browser and network connection, or by changes in the position of any element on the screen. For example, if the caption ‘Tulips’ overlaps the caption ‘Roses’, the specialist won’t be able to click on it, and the tests will fail.
Using API testing, all these tasks can be easily reduced to one:
3. Reduced testing costs
This advantage is associated with the previous one. API testing provides faster results with early defect diagnosis, which reduces overall testing costs.
4. Non-attachment to programming languages
5. Improved test coverage
Unlike unit tests that check a separate source code component, function, or method, automated API tests are usually broader in coverage. After all, problems often arise at the intersection of modules, where the scope of one level ends and the scope of another level begins. API level tests are specifically designed to check if all system components work as expected. API testing helps to identify potential defects in interfaces, servers, and databases. This, in turn, improves the overall quality of the software and its interaction with users.
The future of automated API testing
Even in 2015, Forrester Research noted in their report:
Modern applications require a shift of the current 80% UI automation down to 5% to 10% approximately, shifting about 80% of that test automation to be replaced by API test automation.
API testing is critical to the success of any company. It should be extensive and automated, especially in the case of flexible software development processes. Automation of APIs simplifies integration and regression testing every time new changes are made. It also reduces execution time for the software development cycle, feedback, patches, and redeployments. All this makes applications more reliable and successful.
To ensure high quality of software, it is necessary to conduct thorough and comprehensive automated API testing. It plays a critical role in a quality assurance strategy, as it touches on the most important business layer.
Hello! My name is Evgeniy and as the head of the Andersen QA department, I’m glad to welcome you. Our work is a mark of excellence that helps our clients keep high-quality standards, assuring that their software is fully functional, reliable, secure, and user-friendly. In case of interest, please contact me and I’ll do my best to assist you.