I am looking for your suggestions on the general workflow of setting up and executing an API testing mainly for RESTful Web API.
More specifically, I have puzzles of below points:
- Is API testing done by writing code (like unit test) or more by running tools?
- What kind result and report that API testing should generate?
- What kinds tests should covered by API testing?
Using unit tests you can check that implemented logic to fetch requested data is correct but it's not enough. To test API, things like data serialization/deserialization to various formats (JSON, XML, ATOM, ...), authorization & authentication, exception handling (translate application exceptions to HTTP error codes) should be check. API should be tested from client point of view. You can achieve it using tools that can send request similar to requests send by your clients i.e. jmeter.
API tests should generate report with information which requests pass / fail. In case of failed request a response should be provided for further investigation. API tests should be integrated into CI.
-
API testing should cover:
- functional tests: valid requests to test different combination of arguments and parameters, prepare test scenario that simulate clients requests also invalid (bad) requests should be tested to check that there are handled properly and won't crash your application
- security tests: check that requests from different clients don't influence each other
- performance tests: measure response time from endpoints
Example
Let's assume that there is an endpoint /users with query parameters:
-
count (count > 0 & count <= 100, default 10)
-
startIndex (startIndex >=0, default 0)
Related test scenarios can be split into two groups: valid and invalid requests
Valid requests (always check response format):
- GET /users - verify that response contains 10 items, starting from item 0
- GET /users?count=1 - verify that response contains 1 item, starting from item 0
- GET /users?count=100 - verify that response contains 100 item, starting from item 0
- GET /users?startIndex=5 - verify that response contains 10 items, starting from item 5
- GET /users?startIndex=200&count=100 - verify that response contains 100 items, starting from item 200
- GET /users?startIndex=0&count=10 - verify that response contains 10 items, starting from item 0
Invalid requests:
- GET /users?count=0 - verify that response code is 400
- GET /users?count=-10 - verify that response code is 400
- GET /users?count=foo - verify that response code is 400
- GET /users?count=10bar - verify that response code is 400
- GET /users?count=101 - verify that response code is 400
- GET /users?startIndex=-1 - verify that response code is 400
- GET /users?startIndex=foo - verify that response code is 400
- GET /users?startIndex=foo&count=bar - verify that response code is 400