511572021 10 API Testing Tips or Beginners (SOAP & REST) | Complete Guide Insights INSIGHTS [oN READ 10 API Testing Tips for Beginners (SOAP & REST) ‘An API (application programming interface) is essentially the “middle man’ of the layers and systems within, an application ora software. APItesting (httos:/mwwxatalon.cor /apitesting/) is performed at the message layer without GUI. tis part of integration testing that determines whether the APIs meet the testers’ expectations of functionalty, reliability, performance, and security, ‘There are two broad classes of web service for Web API SOAP and REST. SOAP (https /wwnaw3.0rg/TR/2000/NOTE-SOAP-20000508/) (Simple Object Access Protocol) isa standard protocol defined by the W3C standards for sending and receiving web service requests and responses, REST (hitos:/restfulapiret/) (REpresentational State Transfer) is the web standards-based architecture that uses HTTP, Unlike SOAP-based Web services, there is no oficial standard for RESTful Web APIs. Here are 10 basic tips that you need to know for API testing 1, Understand API requirements Before testing your APls, you need to answer these questions to thoroughly understand the APIs, requirements ‘+ What is the API's purpose? hitpsshwwuckatalon comesources-canterfboglapltesting-tips! 9511572021 10 API Testing Tips or Beginners (SOAP & REST) | Complete Guide Knowing the purpose of the APIwill seta firm found and output. This step also helps you define the verification approach For example, for some APIs, you will n for you to well prepare your test data forinput verify the responses against the database, and for sasneiathers, tis better to verily the responses against other APIs ‘+ What is the workflow of the application; and where is the API in that flow? Generally, APIs of an application are used to manipulate its resources in reading (GET), creating (POST (https: mwwxataicn.com videos /api-testing-katalon-studio-Dost-request-verify-response/)}, undating (PUT (httos:wwwkatalon.com/videos/api-testing-Katalor-studio-put-request-verify-response/)) and deleting (DELETE). Knowing the purpose of the API will seta firm foundation for you to well prepare your API testing data for input and output In addition, this step also helps you define the verification approach. For example, for some APIs, you will verify the responses against the database; and for some others, itis better to verily the responses against other APIs. For example, the output of the “Create user” API willbe the input of the “Get user” API for verification. The ‘output of the “Get user” APIcan be used as the input of the “Update user” API, and soon, 2. Specify the API output status ‘The most common API output you need to verily in API testing is the response status code. Verifying if the response code equals to 200 or net to decide whether an API testing is passed or failedis familiar to new API testers. This is not a wrong verification. However, it does not reflect all est scenarios of the APL All API response status codes are separated into five classes (or categories) ina globalstandara, The first digit of the status code defines the class of response. The last two digits do not have any class or categorization role There are five values for the first digit + 1x (Informational) The request is received and continues to be processed + 2x (Successful) The request is successfully received, understood, and accepted + 3x (Redirection): Further action needs to be taken to complete the request + 4x«(Client Error): The request contains the wrong syntax or cannot be fulfilled + Sxx (Server Error) The server fas to fulfill an apparently valid request However, the actual response status code of an APIs specified by the development team that built the API, So asa tester, youneed to verify whether: * The code follows global standarc classes + The code is specitied2021's;\ Continuous Testing Navigator Make winning strategies with a benchmark defined by experts 3, Focusonsmallfunctional APIS Getiy copy (htipsifvaenkatloncom/2021-continuous-testing-naigsor/? ut souree-katalon&utm medlamepopup blogkutm, campalgn=whitepaper 2021) hitpsshwwuckatalon comesources-canterfboglapltesting-tips! 219511572021 10 API Testing Tips for Boginners (SOAP & REST) | Complete Gude Ina testing project, there are always some APIs that are simple with only one or two inputs such as login ‘APL get token API, health check APL ete. However, these APIs are necessary and are consideredas the “gate” to enter further APIs, Focusing on these AP gare the others will ensure that the API servers, environment, and authentication work properly You should also avoid testing more than one APlina test case. It's painfuliferrors occur because you will have to debug the data flow generated by API ina sequence. Keep your testing as simple as possible. There are some casesin which youneed to calla series of API to achieve an end-to-end testing flow. However, these tasks should come after all APIs have been individually tested, 4, Organize API endpoints testing project may have a few or even hundreds of APIs for testing, We highly suggest that you organize them into categories for better test management. It takes one extra step but will significantly help you create test scenarios with high coverage and integration Take JIRA’s API, for example api/2/group nd all methods > Create group pos? /rest/api/2/group > Get group (DEPRECATED) GET _/rest/api/2/group > Remove group DELETE /rest /api/2/group > Get users from group Get /rest /api/2/group /menber » Add user to group Post /rest/api/2/group/user > Remove user from group DELETE /rest/api/2/group/user api/2/issue Sn » Create issue Post /rest/api/2/issue » Create issues Post /rest/api/2/iseue oul. » Getissue Ger /rost/api/2/issue/{issueteorkey} » Delete issue DELETE /rest /api/2/issue//{issuerdorkey) » Edit issue Pur /rest/api/2/issue/{issuetdorkey} APIs in the same category share some common information such as resource type, path, etc. Organizing your tests with the same structures will make your test reusable and extendable with integration flow 2021's Continuous Testing Navigator 5, Leverage autdrieatioinadjsatititgter WPI téstinsy mark defined by experts Leverage automation (nttps:/Awwkatalon. con PASE aap¥center/olog/no-pain-ro-gain-earlytest= automation-ibsivertmthietetortyye/262bHey Youpeinisaimiacmiagtpribess as much and as early 2s possible. Hore are son SRM BERENS Sad reRR AD Pm tena’ 202) hitpsshwwuckatalon comesources-canterfboglapltesting-tips! 30511572021 10 API Testing Tips for Boginners (SOAP & REST) | Complete Gude + Test data and execution history can be saved along with API endpoints, This makes it easier to rerun testslater + APltestsare stable and changed with care, Atnéigiteflects a business rule of the system. Any change in the API needsan explicit requirement so testers can always stay alert of any changes and adjust them on time ‘+ Test execution is much faster compared to Web Ul test + API testing is considered as black-box testing in which the users send input and get output for verification, Automation with a data-driven approach — ie applying different datasets in the same test scenario —can help increase API test coverage + Data input and output follows some specitic templates or models so that you can create test scripts only once. These test scripts can also be reused throughout the entire testing project. + API tests can be performed at the early stage of the software development lifecycle. An automation approach with mocking techniques can help verify API and its integration before the actual APlis developed, Hence, the level of dependency within the team is reduced. 6. Choose a suitable automation tool Afurtherstep to leverage the automation capability of API testing is choosing the most ora set of suitable tools (https://mecium.com/@alicealdaine/too~10-apitesting-tools-rest-soap-services-8395cb03cfa9) from hundreds of options in the market. Here are some criteria that you should consider when choosing an API testing automated testing tool *+ Does the tool support testing the API/Web service types that your AUT (Application Under Test) is Using? I will not make sense ifthe selected tool supports testing RESTful services while you AUT is using SOAP services. * Does the tool support the authorization methods that your AUT services require? Here are some authorization methods that your API can use: + Nc Auth * OAUth1.0 ‘+ Bearer Token + OAUth20 + Basicauth + Haws Authentication + Digest Auth + AWS Signature ‘+ NTL Authertication Thisisan essential task sir BODYe ContIneOUS Tasting Navigator’ + Does the tool suypletininminignstAeGlestwithvcbendbriatkidefiA8G Dy Seperte WADL, and other service specification? Thisis an optional feature. However, it willbe time-consuming if you have hundreds of APIto test Getmy copy (https:www katalon.com/202!-continuous-testing-navigator/? Ulm sourceskatalonf.utm, medium=popup_blogutm_campaign=whitepaper.2021) hitpsshwwuckatalon comesources-canterfboglapltesting-tips! 49511572021 10 API Testing Tips or Beginners (SOAP & REST) | Complete Guide + Does the tool support data-driven methods? This s also an optional feature However, your test coverage will increase dramatically if the tool has this function *+ Last but not least, besides API testing, do youlaigltéo perform other types of testing, such as WebUI ‘or data source? API testing is performed at the business layer between data sources and UL Itis normal that all these layers have to be tested. A tool that supports alltesting types would be an ideal choice so that your test objects and test scripts can be shared acrossall layers. 7, Choose suitable verification methods While the response status code tells the status of the request, the response body contents what an API returns with the given input ‘An API response content varies from data types to sizes. The responses can be in plain text, 8 JSON data structure, an XML document, and more. They can be simple few-word string (even empty), ora hundred page JSON/XML file, Hence, itis essential to choose a suitable verification method fora given API Katalon Studic (httos /wwwicatalon.com/) has provided rich Ibraries to verify different data types using matching, regular expression, JsonPath, and XmiPath Generally, there are some basic methods to verify an API response body content: ‘+ Compare the whole response body content with the expected information This method is suitable for a simple response with static contents. Dynamicinformation such as date time, increasing ID. etc. will cause trouble in the assertion. + Compare each attribute value of the response For those responses in SON or XML format, itis easy to get the value of a given key or attribute, Hence, this methods helpful when verifying dynamic content, or individual value rather than the whole content, ‘= Compare matching with regular expression Together with verifying individual attribute values, tnis method is used to verily data responses witha specific pattern to handle complex dynamic data Each verification method has pros and cons, and there is no one-size-fits-all option, You need to choose the solution that best fits your testing project, . : \ Se ee RC ec a (https: wwwukatalcn.com/downloac) 8. Create positive and negative tests APltesting requires both 2OZ#s Continuous-Festing Navigatoriins corectly Since API testing is considereauyawecvanlinrd strategie With @ BanRa think Ban Aa eR SYrBOU! and output data There are afew suggestions for test scenario generation: Get my copy * Positive test “AEBS pwn ataton.com/202I-continuous-testing-navigator/? Lt, source-katalonutm, medium=popup_blogkutm,campaign=whitepaper.2021) hitpsshwwuckatalon comesources-canterfboglapltesting-tips! 59511572021 10 API Testing Tips or Beginners (SOAP & REST) | Complete Guide © Verify that the API receives input and returns the expected output as specified in the requirement © Verify that the response status code is relalgets as specified in the requirement, whether returns 2ncor error code. © Specify input with minimum required fields and with maximum fields. + Negative test © Verily that the API returns an appropriate response when the expected output does not exist. © Perform input validation test. © Verily the API's behaviors with different levels of authorization. 9. Live testing process Scheduling APItest execution every day while the testing process is live is highly recommended. Since API test execution is fast, stable, and small enough, itis easy to add more tests into the current testing process with minirnum risks, Thisis only possible with automated API testing tools that come with features like + Test scheduling with built-in test commands « Integration with test management tools and defect tracking tools * Continuous Integration with various leading Cl tools + Visual log reports generation (Once the testing process is completed, you can get the result of those tests every day, Iffailed tests occur, you can check the outputs and validate issues to have proper solutions. 10. Do not underestimate API automation testing APL testing flow is quite simple with three main steps + Send the request with necessaryinput data + Get the response having output data + Verify that the response returned as expectedin the requirement ‘The most touch parts of API testing (https:/Mwwwkatalon.com /rescurces-center /tutorials/introduction= apitesting/) are not either sending requests nor receiving the response. They are test data management and verification. Itis common that testing a few frst APIs such as login, query some resources, etc. is quite simple. The testing task becomes more and more difficult to further APIs. Therefore, API testing taskis easy to be underestimated. , 2021's Continuous Testing Navigator ‘At some point in time yeu would find oursel'n she mddle.of cheasing a good aperaach for test date and lake winning strategies with a benchmark detined by ekperts verification method. It's because Ihe returhed data have sila” structures, Bul nat ine same in a testing project. Get my copy (pttps:fwwnatalon.com/202I-continuous-testing-navigator/? Lt, source-katalonutm, medium=popup_blogkutm,campaign=whitepaper.2021) hitpsshwwuckatalon comesources-canterfboglapltesting-tips! ae511572021 10 AP! Testing Tips for Beginners (SOAP & REST) | Complete Guide Furthermore, deciding the right one would be difficult if you should verify the JSON/XML data key by key, ruse object mapping (https://cccsabp.io/en/abp/latest /Otject-To-Cbject-Mapping) to leverage the power of programming language. iaights Considering API automation testing a rel development project is highly suggested. It should be. structured to be extendable, reusable, and maintainable. Start out your API Testing journey with ease - Katalon Studio (https://wwwkatalon.com/api-testing/) There you have it 10 API Testing Tips for you to sot foot in the wondors of API Testing, no sweat ‘Whether experienced or just starting out with API Testing, Katalon Studio is an optimal solution regardless of the level of expertise, Equipped with minimum maintenance requirements, integrations with CCD and DevOps practices and so much more. Itis the hidden gem for your API Testing journey. Sena RCo aCe a Ld {https wwwnatalcn.com/downloac) Read more: + 3 Best Practicesto Refine AP/ Testing | Fostrran Alternativesin 2021 (https: awwkataion.com/rescurces-cer ter /blog/postmar-altematives-api+testing/) + Top 5 Free API Testing Tools (New & Updated Tools) (https:/mwwkatalor.com /rescurces- center/blog/top-5-free-api-testing-tools/) Related Articles INSIGHTS | san READ Top 5 Free API Testing Tools (New & Updated Tools) 2021's Continuous Testing Navigator Make winning strategies with a benchmark defined by experts Get my copy (https:www katalon.com/202!-continuous-testing-navigator/? tm source-katalon&utm.medium=popup_blogkutm,campaig itepaper_2021) hitpsshwwuckatalon comesources-canterfboglapltesting-tips! 719511572021 10 API Testing Tips for Beginners (SOAP & REST) | Complete Guide INSIGHTS | MN READ [Infographic] 2021's Continuous Testing Navigator | Your Path to Maturity (https:'www katalon com/resources-center/t INSIGHTS | Iv READ Historical Test Report Portal — How Developers Accelerate the Testing Process (https:f'wwwkatalon com/resources-center/blog/historcal-data-unit-test/) Your automation journey starts here. Get Started (https: /wwkatalon.com/sign-up/) Contact Sales 2021's Continuous Testing Navigator Make winning strategies with a benchmark defined by experts Get my copy (https:www katalon.com/202!-continuous-testing-navigator/? Ulm sourceskatalonf.utm, medium=popup_blogutm_campaign=whitepaper.2021) hitpsshwwuckatalon comesources-canterfboglapltesting-tips! 89511572021 10 API Testing Tips or Beginners (SOAP & REST) | Complete Guide Vf Katalon 1774 Peschtea Street NDSSGIAEBDON, Alans, 30309 Generale Legalinguinerinfosatalen com (ai sakatsloncom) License &Purcheseinques busneskatlo.com (matbusinesehatalon om) Partrerepinquilesparner@katloncom (maioprtnerataln, =) Fouowus fv PRODUCTS Kelson Stu (lpsvratston comataln-tusi/) Katalon Recorce (ps wanhatalon.comlatelon-ecorse-id}) Kasalon Tests nto pwwatlon contests) tal (htosfwmcataloncombog/tataumntoduction/) Aatalon Stor (hnios storedatale tps slataloncom rica!) suPPORT lel Canter (hts:fwhatalon com /hlp-centar-recrec} Docs (hosfdoestatalon com) ‘Community htesforum ktaln com) Repository tos Webinars (tps tannthatatoncompwebnas/) Training (hts twawims-cchnologycom/testautomaton-amewerks) Tea tefemaincomfre) Pray Poy psn Joncom(ernsteivecy-aaey) https et tf eantha radmin fp hat PUSGPIaBoL van XC SOLUTIONS (tps cata cem/web-tesing!) APLTesungtpstamntataln com) sa) Mooi Tertngtpsifwentiataloncom/mobie-testns/) Desktop Testing (tpfeenataloncom/deaetoptetng) Ingratinsftpsfawirkataln com/ltepratons)} Methodolgis(ntpsiflmentataloncomjmethodologiee/) comPaNY About Kataln (htfeweatloncom abouts) Beg ts: fwrnhatalon.com tesouc contra) Parnas tpiaeataon com/parners Customer Stories (tpsfmetataloncom/eate=tusies/) tpstwwtatalon com/careats License Ageuren fips famnalalen conjerns/iicerse- 2021's Continuous Testing Navigator Make winning strategies with a benchmark defined by experts Get my copy (https:wwwkatalon.com/202t-continuou testing-navigator/? lutm source-katalonf.utm, medium=popup_blogButm,campaign=whitepaper 2021) hitpsshwwuckatalon comesources-canterfboglapltesting-tips!