If you are starting on API testing and API test automation, what are the things that you should know? If you’ve done UI automation (Selenium/Cypress) for a while, you would find that API testing is a little bit daunting to begin with.
First of all, there is no interface to interact with. In contrast to UI testing, that you can actually visualize activities and interact with an interface, API testing is all about bare HTTP requests and responses.
For example, consider a simple login functionality:
When testing from the UI, all you need to do is navigate to the login page, enter username and password and click on submit button. You are interacting with the form on the page.
As a tester, you might not be aware of what’s really happening behind the scenes when you click the submit button.
When you want to test the same login functionality at an API layer, where do you start?
You need to know the url address of the endpoint that you need to send a POST request to.
You need to know in which format you need to send your payload. Is it JSON, Multipart, form-data?
You also need to know what headers you need to provide with your request.
Once the request is sent, then what?
You need to know what response status code is expected along with the response body. Not only that, but how to extract various information from the response.
API Testing - What You Should Know
I have come up with a list of items that every tester who is involved with API testing and API test automation should know.
This list is by no means exhaustive, but is a bare minimum that is required to know if you want to learn API testing:
- Being able to create a runnable, executable project with all the necessary libraries to support API testing
- Understand and interact with endpoints via postman
- Create collections and request templates in postman
- Know HTTP in full context
- Requests [request structures, header, method, body]
- Different request methods, GET, POST, PUT, PATCH, DELETE
- Submitting Form data via JSON, Multipart, URL encoded, Query Parameters
- Responses[response status codes, response headers, response bodies]
- Using appropriates libraries to parse a response body and extract values
- Request/Response chaining, extracting a response body and serving it as a request to the next call
- Authentication mechanism, OAuth2, OpenID, JWT, Access Tokens
- REST, JSON, Session management, Authorization