In recent times we have heard alot about APIs and their applications. It has gained so much popularity that today it has become one of the integral parts of the Software Development process. In this blog post we will learn about API, and how to test the same using automation. API is the abbreviation for Application Programming Interface. It is a set of methods and procedures that developers expose to other programmers to have their applications communicate and interact with other applications. Designing an API is half of the work, and the rest half is about testing the same to provide a truly secure, reliable and scalable connection between platforms.
Now to perform API testing we have a wide variety of tools available in the market, but the most used one is Rest Assured framework. This is quite easy to use and as it has a steep learning curve. Before we will explore the usage of API Automation, we should understand an API and specifically what are the validations we need to perform in end-to-end API Testing.
API Methods
Basically when we talk about API methods it is basically the HTTP methods.
We have many types of methods used for an API, but we will discuss about the six methods which are mostly used: like GET, POST, DELETE, PUT, etc., to do CRUD operations
GET
This Method is to retrieve information about the REST API resource.
POST
When we want to create a REST API resource, we will use the POST method.
PUT
It is used to update a REST API resource.
DELETE
This one is quite self explanatory, used to Delete a REST API resource or related component.
HEAD
The HEAD method is quite identical to that of a GET request, but without the response body. This is basically useful for retrieving meta-information written in response headers, without having to transport the entire content.
OPTIONS
The OPTIONS method returns the HTTP methods that the server supports for the specified URL. This can be used to check the functionality of a web server by requesting ‘*’ instead of a specific resource.
API Validation Types
When we perform end-to-end API testing, we need to validate three important information returned from the server to the request. In the below section we will explore those validation types, and once we understand those types it would be easy to perform end-to-end testing on APIs.
Status Code Validation
Status Code Validation is the primary type of validation, that means before we start validating the body we should validate the status code which tells us if HTTP Response was successful or not.
There are five different types of response status code. Let’s explore the responses in five classes:
1xx informational response – the request was received, continuing process
2xx successful – the request was successfully received, understood, and accepted
3xx redirection – further action needs to be taken in order to complete the request
4xx client error – the request contains bad syntax or cannot be fulfilled
5xx server error – the server failed to fulfil an apparently valid request
If we want to validate status code in API Automation with Rest Assured then below would be the approach:
Response Validation
Once the status code is validated then we should proceed with response body validation. When we make a request, the server returns us the response payload, and to make sure the response returned is as expected we need to validate the same.
In this validation type we have to consider two subtypes, one is response header and another part is response body. The response JSON body should have correct field names, types, and values while HTTP server headers have implications on both security and performance.
Schema Validation
The last type of validation technique to be considered is JSON Schema Validation. JSON Schema helps us in describing the existing data format and providing clear, human and machine readable documentation. As JSON Schema provides complete structural validation, it helps in automated tests and also validating the client-submitted data for verification.
It is required to monitor API responses and ensure that the format that we are getting is the same as the expected one.
Demo Code
In the previous sections we have checked different types of validation which can be done using Rest Assured, let’s check the demo code and try to understand each and every step.
Requirement:
– Automate GET api for endpoint: /api/users and validate status code as 200
The imports we have used in the code as we have already defined the same in the project pom.xml file.
Advantages of Automating End-to-End API Testing
The more we adapt the Agile process, the more evident it is that API Automation becomes an integral part of Test Automation. The main reason behind this is Time Efficiency.
As API Testing doesn’t require UI to be ready, it can be performed way early in the development cycle so we can enter the testing phase quite early in the release cycle. The execution time of API tests are much faster as compared to UI automation as we can avoid spending time rendering and loading the web pages and interface elements, whereas we can execute API tests in seconds.
The second important benefit is Test Maintenance and stability. Now the main reason behind the stability of API than in UI is GUI’s are dynamic and may change for new requests from stakeholders and users, API interfaces are quite stable. As APIs get consumed at many places, so we can expect bare minimum change from API side, due to this stability, API tests are also much easier to maintain.