API Testing Tips for beginners

Language 2020-01-10 16:17:40 views: null

API (Application Programming Interface) is a direct test at the API level to perform validation of software testing. It is part of the integration testing, it confirms API testers meets the expectations of functionality, reliability, performance and security. With different test UI, API test is performed in operation no GUI layer.

API Testing Tips

There are two types of Web API Web Services: SOAP and REST. SOAP (Simple Object Access Protocol) is a standard protocol defined in the W3C standard for transmitting and receiving a Web service request and response. The REST (Representational State Transfer) using standard HTTP Web-based architecture. Different SOAP-based Web services, there is no official standard for RESTful Web API's.

The following are the 10 basic skills test API:

Understanding API requirements

Before testing the API, answer the following questions need to thoroughly understand the requirements of the API:

  • What is the API function? What business processes are? What use scenes?

Typically, applications of API used to manipulate resources. They are often used to read, create, update. Understanding API uses input and output ready for test data and lay a solid foundation. This step can also help you define the authentication method. For example, for some API, you will verify against the database response. For some other, preferably the authentication response according to another API.

For example, "Create User" API output will be "to obtain user" Enter the API for verification. "Get Users 'output API can be used as" update users' input API, and so on.

API specified output state

You need to verify the test API API output is the most common response status code.

The new API testers familiar verify response code is equal to 200 to determine API test passed or failed. This is not wrong test. However, it does not reflect all of the test program API.

In general standard, all API response status code are divided into five categories. The first digit defined category of response status code. After two no role in any category or classification.

The first five digits value:

  • 1xx (Informational): receives the request and continues processing
  • 2xx (Successful): successfully received, understood and accepted the request
  • 3xx (redirection): the need to take further measures to fulfill the request
  • 4xx (client error): The request contains incorrect syntax or can not be achieved
  • 5xx (Server Error): The server can not meet the seemingly valid request

API actual response status code is specified by API development teams to build.

Focus on small functional API

In the test project, there are always some simple API, only one or two inputs, such as logging API, to obtain an identity token API, API and other health checks. However, the API is required, be deemed to enter other business "door API." First, pay attention to these API, will ensure that the API server, environment, and authentication is working properly.

API also should avoid multiple tests in a test case. If an error occurs, it is very painful, because you will have to in order to debug the test data generated API. Keep the test as simple as possible. In some cases, if you need to call a series of API to achieve end to end testing process, these tasks should have elapsed after separate tests in all API.

API classification

A test project may have several or even hundreds API for testing. It is strongly recommended to categorize them, in order to better test management. It needs to take additional steps, it will greatly help you create a test plan coverage and high level of integration.

API share some of the same category of public information, such as resource type, path, etc. In the same organizational structure will test your test can be reused and extended in the integration process.

API functions with automated test

As early as the use of an API to automate testing. Here are some important benefits of test automation API:

  • Test data and execution history can be saved with API information. After that makes it easier to re-run the test.
  • API test stability and less change. API reflects the business rules of the system. Any changes to the API requires clear requirements; therefore, testers can always keep abreast of changes and adjustments.
  • Compared with the Web UI testing, test execution speed is much faster
  • API test is regarded as gray box testing, user input data may be transmitted and obtain an output in which the data for validation. Automated data-driven approach (ie, the application of different sets of data in the same test scenario) API can help increase test coverage
  • Input and output data follow certain template or model, you can only create a test script. These test scripts can be reused throughout the test project
  • API test can be carried out early in the software development life cycle. Automated methods with analog technology can help verify the API before the actual API development and integration. Therefore, reducing dependency within the team.

Select the appropriate automation tools

Another step automation functions using the API test is to select the most appropriate tool or set of tools suitable selection from hundreds on the market. When selecting API automated testing tools, should consider the following criteria:

  • The tool supports API test whether your AUT (application under test) are using / Web service type? If you use a SOAP service in AUT selected tool supports testing RESTful service, then there is no meaning.
  • The tool supports the required authorization methods AUT your service? Here are some of your API authorization methods can be used: No Auth, Bearer Token, Basic auth, Digest Auth, NTLM Authentication, OAuth 1.0, OAuth 2.0, Hawk Authentication, AWS Signature. This is an essential task, because you can not start testing API without the authorization.
  • The tool supports import API / Web service endpoint from a WSDL, Swagger, WADL and other service specifications? This is an optional feature. However, if you want to test hundreds of API, it is very important.
  • Data-driven approach to the tool support? This is also an optional feature.
  • Last but not least, it is that in addition to the API test, you also need to perform other types of testing, such as WebUI or data source? Test service API layer between the source and the UI data is performed. All of these layers must be tested is normal. It supports all types of testing tools would be the ideal choice, so that your test object and test scripts can be shared among all layers.

Select the appropriate authentication method

When the response status code to tell the status request, response body content is the content returned by the API to a given input. API response content data by type and size vary. Response can be plain text, JSON data structures, XML documents. They can be simple few words string (even empty), it can also be a JSON / XML file hundred pages. Thus, given the appropriate API authentication method selected must.

Typically, there are some basic API methods to verify the response body content:

  • The entire body of the response content compared with the expected information, this method is suitable for simple response with static content. Dynamic date and time information, increased ID, which would cause trouble in the assertion.
  • Each attribute value comparing the response, the response JSON or XML format, it is easy to obtain the given key value or attribute. Therefore, this method is useful when verifying or dynamic content, rather than the entire contents of a single value.
  • Compare match the regular expression, and verification with the single attribute value, this method for verifying data having a specific pattern in response to complex dynamic data.

Each verification method has its advantages and disadvantages, and there is no "one size fits all" option, you need to select the most suitable solution for your test project.

Create a positive and negative test

API test requires forward and reverse test to test, to ensure the normal operation of API. Since the API test test is seen as a gray box, and therefore the drive by the two types of test input and output data.

Forward test

  • Verify that the API has been received as input returns the expected output specified as required.
  • Verify that specifies required to return the response status code, whether it returns an error code or 2xx.
  • Specifies the minimum required input fields and the largest fields.

Reverse test

  • When the expected output does not exist, verify whether the API returns an appropriate response.
  • Perform input validation test abnormalities.
  • Use different authorization levels to verify the behavior of the API.

Field testing process

API test execution schedule is recommended daily during the test. Since the API test execution fast, stable and small enough so that it is easy to minimize the risk to add more tests to the current testing process. This can only be achieved through automated API testing tool with the following features:

  • Use the built-in test command to test plan
  • Tools and test management and defect tracking tool integration
  • Continuous integration with a variety of leading CI tool
  • Visual log report generation

After the test is complete, every day can get the results of these tests. If it fails the test occurs, you can examine the output and verify the problem immediately to find an appropriate solution.

Do not underestimate the API automated testing

API testing process is very simple, just three main steps:

  • Sending a request with the necessary input data
  • Fetch response data having an output
  • Verify response required to return

The most important part of the API test is neither a transmission request nor receive a response. They are test data management and verification. Typically, some of the first test API (such as login, query a number of resources, etc.) is very simple. Therefore, API testing tasks can easily be underestimated. When conventional methods and means can not achieve your goal, use programming skills can greatly expand the boundaries of API testing.

  • Solemnly declare : The article first appeared in public No. "FunTester", prohibit third parties (except Tencent cloud) reproduce, publish.

Technology Featured articles

Non-technical Selected Articles

Guess you like

Origin juejin.im/post/5e17d787f265da3e12181945
Recommended
The number of MaxKB GitHub Stars, an open source knowledge base question and answer system based on large language models, exceeded 5,000!
Ranking
Getting the basic concepts of ROS + catkin Profile
Spring Learning (2) --- Assembling Beans in the IoC Container
js to get the src attribute of the image regularly
STM32 is based on CubeIDE and HAL library basics entry study notes: Bluetooth WIFI STM32 connects to Alibaba Cloud
Short video learning - 3, pandas simple use of pivot_table
Print directory of project configuration log, output log
Understand the difference between vi and vim in Linux in 3 minutes
1 + x certificate Web front-end development HTML5 special exercises
mangodb save and insert the difference
7-1 Family tree processing (50 points) (binary tree solution)
Daily
More
2024-05-13(8)
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)

Code World

© 2018 codetd.com