Knowledge on API & Webservice Testing

Articles on QA & Software Testing

Introduction to API Testing

An application Program interface that provides a developer
with programmatic access to a proprietary software application.
A software intermediator that makes it possible for application
program to interact with each other and share data.

API How it works

Appication Client ->API Request – >Server/Data surce – API Response then back to client
[irctc – icci bank – transaction – comes back -to irctc]

UI Testing challenges

The challenges what we face in UI Testing such has

xpath location, synchronization, driver
these challenges will be sorted out in API testing. more coverage is done
less execution time.

API VS WEBSERVICE

api don’t need an http conversation to connect to the
API can work both http and without http selenium connecting to excel using apache poi without internet api jar file , it can be .dll, c, c++, java
WEBSERVICE API Communication over web only
To conclude ALL Webservices are API, But all API are not webservices

Benefits from using an API

By using an API, the applications can gain immediate access
to software modules and functionality that is already developed by another application.
This way you can leverage and re use existing functionality from another application in the context
of your own app, allows you to offer more functionality to your customers.

What’s an API Documentation?

A type of software documentation that explains:
What the API can do for me? What functionality does it offer and what work can it do for my applications?
How to connect to the API?
How to authenticate myself, once connected to the API?
What are the types of requests, I can send to this API?
What are their parameters?
What are the types of responses I can expect to receive,
once the API request is being processed?
What will be the result I can expect in the end?

Writing Documentation using Swager UI

What is swagger?

An API development platform that brings together capabilities of the open source swagger framework, as well as additional capabilities that allows you to build, document, manage, and deploy API

Benefits from using swagger for writing documentation

Write as you design approach:
create a new REST (that is, representational state transfer)API
Document it while designing your REST API in Swagger
Predefined tools to avoid the need to write directly in JSON or YAML

Types of APIs

REST: Most APIs built today are RESTful in nature, and if you’re not sure what kind of API you’re working with,
RESTful is a good estimate. REST is a collection of architectural principles rather than a protocol like other web services. The REST service must have specific properties, such as simple interfaces, which allow resources to be
recognized quickly inside the request and resources to be manipulated through the interface.

SOAP: (Simple Object Access Protocol): This is a protocol that uses XML as a format to transfer data.
Its main function is to define the structure of the messages and methods of communication.
It also uses WSDL, or Web Services Definition Language, in a machine-readable document to publish a definition of its interface.

GraphQL : GraphQL is kind of trying to bridge the gap between REST and SOAP in some ways, so it’s a little bit more standardized rules, but it still has some of the freedom of REST APIs. GraphQL is both an API query language and a runtime for executing those queries using your current data. GraphQL allows clients the power to ask for exactly what they need and nothing more, makes it easier to evolve APIs over time, and enables powerful developer tools by providing a clear and comprehensible description of the data in your API.

Hypermedia : Hypermedia APIs are systems that want a consuming API (the programmed client) to do that as well. Hypermedia APIs accomplish this by responding to requests with both the requested data AND other resources available or actions to take.

API Authorization and Authentication

Let’s understand the difference between authorization and authentication. Authentication is all about proving who you are, while authorization is all about proving what you can do. That sounds fairly abstract, and it’s difficult to wrap your head around . Let’s pretend you’re in a restaurant and want to order an alcoholic drink They demand to see your identification. They can both authenticate and approve you using your ID. They can verify that you are who you claim you are by comparing your photo to the one on your ID. They can also verify that you are using the correct identification and allow you. They can figure out how old you are and if you’re old enough to be provided alcohol by looking at your birth date. Now, in API security, we normally mix authorization with authentication, just like we do with your ID. As a result, you only need to provide one token, or one ID badge if we consider it an ID, which can be used to verify both your authentication and authorization in one step

OAuth Tokens

OAuth is an open-standard authorization protocol or framework that allows programs to grant “secure designated access” to users. You can, for example, notify Facebook that ESPN can access your profile and post items to your timeline without giving ESPN your Facebook password. This significantly reduces risk: even if ESPN has a data breach, your Facebook password is secure. OAuth does not disclose password information, instead of relying on permission tokens to establish a connection between users and service providers. OAuth is a security mechanism that allows you to authorize one application to engage with another on your behalf without disclosing your password.

API Mocks for Testing

Sending requests to an API and reviewing the answers is the quickest method to learn what it can do.
It can take weeks to make active calls available during the initial creation of an API.
To return example API mock results, you can build against an API in parallel online.
Furthermore, by obtaining input sooner and iterating before developing code to service a production API, you can design a better API