API Testing

API Testing

Lets not test on production 🙂

API Testing

API testing is a type of software testing that analyses that the API fulfils its functionality, security, performance and reliability, API is the middleware code that enables two software programs (often frontend and backend) to communicate with each other, every mature application should have a services layer created by a set of APIs. API testing guarantees that connections among platforms are reliable, safe and scalable, API testing enables developers to access the app and test it without a UI, helping tester identify errors or loopsholes in the application.

Categories of API Tests:

1- Functionality
Functional testing ensures that the API performs exactly as its supposed to, this test analyses the specific functions within the codebase and guarantee that the API functions well within its expected scenarios and handles the errors when the result is outside the expected set of parameters.

2- Reliability

Reliability testing ensures that the PAI can produce consistent results and the connection between the platform is constant.

3- Latency
API latency is the time your API took to respond to its calls, this time is counted from the time API receives the request to the exact time the first response is sent to this same client, maintaining API latency is a big challenge for the applications, high latency has a direct impact on the performance of the application, Average response time, Peak response time, and error rates are the main parameters that one should check for the latency test.

4- Performance
Performance or Load testing generally validates the functionality of the API under a specific load, load testing ensures whether an API will work if multiple users or application access the API concurrently, recently Coinbase site got crashed because of their Super Bowl ads, imagine paying millions for an ad just to crash your own website 🙂 This is one test that you just cannot avoid.

5- Security
As the term suggests this testing handles all the security aspects of an API, including external threats, validation, user access policies, and data encryption.

Load Testing

Load testing is used to see how many calls an API can handle. This test is often performed after a specific unit, or the entire codebase, has been completed to determine whether the theoretical solution can also work as a practical solution when acting under a given load.

Security Testing

Security testing is often grouped with penetration testing and fuzz testing in the greater security auditing process. Security testing incorporates aspects of both penetration and fuzz testing, but also attempts to validate the encryption methods the API uses as well as the access control design. Security testing includes the validation of authorisation checks for resource access and user rights management.

Penetration Testing

Penetration testing builds upon security testing. In this test, the API is attacked by a person with limited knowledge of the API. This enables testers to analyze the attack vector from an outside perspective. The attacks used in penetration testing can be limited to specific elements of the API or they can target the API in its entirety.

Fuzz Testing

Fuzz testing forcibly inputs huge amounts of random data -- also called noise or fuzz -- into the system, attempting to create negative behaviour, such as a forced crash or overflow.