Lets take a look at the terminologies related to API Testing which you must know. It is highly recommended to remember all the following terminologies.
|
Top API Testing
Tools |
|
|
Katalon |
Postman |
|
SoapUI |
Rest-Assured |
|
CITRUS |
Karate |
|
Jmeter |
apigee |
|
API Terminologies |
|
|
API |
Application Programming Interface (API) is software that acts as an intermediary for two apps to communicate with each other. |
|
HTTP |
Hypertext Transfer Protocol is the collection of rules for the transmission of data on the World Wide Web, like graphic images, text, video, sound, and other multimedia |
|
HTTPS |
The S in HTTPS stands for "secure." HTTPS uses TLS (or SSL) to encrypt HTTP requests and responses |
|
URI |
Uniform Resource Identifier is a string identifier that refers to a resource on the internet. It is a string of characters that is used to identify any resource on the internet using location, name, or both. |
|
URL |
Uniform Resource Locator is used to find the location of the resource on the web. It is a reference for a resource and a way to access that resource. A URL always shows a unique resource, and it can be an HTML page, a CSS document, an image, etc. |
|
Layers of API Testing |
|
|
Three separate layers |
Presentation (or user interface) layer, the business layer, and the database layer for modeling and manipulating data. |
|
API Test Actions |
|
|
Verify correct HTTP status code |
For example, creating a resource should return 201 CREATED and unpermitted requests should return 403 FORBIDDEN, etc. |
|
Verify response payload |
Check valid JSON body and correct field names, types, and values — including in error responses. |
|
Verify response headers |
HTTP server headers
have implications on both security and performance. |
|
Verify correct application state |
This is optional and applies mainly to manual testing, or when a UI or another interface can be easily inspected. |
|
Verify basic performance sanity |
In case an operation was completed successfully but took an unreasonable amount of time, the test fails. |
|
API Test Scenario Categories |
|
|
1 |
Basic positive tests
(happy paths) |
|
2 |
Extended positive testing with optional parameters |
|
3 |
Destructive testing |
|
4 |
Security, authorization, and permission tests
(which are out
of the scope
of this post) |
|
5 |
Negative testing with valid input |
|
6 |
Negative testing with invalid input |
|
API Example with Test Matrix |
|
|
API Call |
Action |
|
GET /users |
List all users |
|
GET /users?name={username} |
Get user by username |
|
GET /users/{id} |
Get user by
ID |
|
GET /users/{id}/configurations |
Get all configurations for user |
|
POST /users/{id}/configurations |
Create a new configuration for user |
|
DELETE /users/{id}/configurations/{id} |
Delete configuration for user |
|
PATCH /users/{id}/configuration/{id} |
Update configuration for use |
|
Web Services |
|
|
SOAP |
(Simple Object Access Protocol) is a standard protocol defined by the W3C standards for sending and receiving web service requests and responses. |
|
REST |
(Representational State Transfer) is the web standards-based architecture that uses HTTP. Unlike SOAP-based Web services, there is no official standard for RESTful Web |
|
CRUD |
Create, Read, Update
& Delete |
|
HTTP Request Methods |
|
|
GET |
It fetches the information from the server. Moreover, it is the most commonly used method which does not have a request body. Every time you open a website, the Get request fires to retrieve the website contents. Additionally, it is equivalent to the |
|
POST |
It works to send data to the server. User may add or update data using the Post request. They send the information that needs to update in the request body. |
|
PUT |
It is similar to the Post method since it updates the data. The only difference is that we use it when we have to replace an existing entity completely |
|
PATCH |
It s again similar to Post and Put methods, but user use it when they have to update some data partially. Moreover, unlike the Post and Put methods, user may send only the entity that needs updation in the request body with the Patch method. |
|
HEAD |
It is similar to the Get method, but it retrieves only the header data and not the entire response body. User use it when they need to check the document's file size without downloading the document. |
|
DELETE |
It deletes the server's representations of resources through the specific URL. Additionally, just like the Get method, it does not have a request body. |
|
OPTIONS |
It is not a widely used method when compared to other ones. It returns data specifying the different methods and the operations supported by the server at the |
|
HTTP Response Status
Codes |
|
|
Code |
Description |
|
1xx |
informational response, request
was received, continuing process |
|
100 |
Continue: The client
can continue with
the request as long as it doesn't get rejected. |
|
101 |
Switching Protocols: The server is switching protocols. |
|
102 |
Processing, It indicates that the server has received and is processing the request, but no response is available yet. |
|
103 |
Early Hints, it primarily intended to be used with the Link header, letting the user agent start preloading resources while the server prepares a response. |
|
2xx |
Success, request was successfully received, understood, and accepted |
|
200 |
OK: The request succeeded |
|
201 |
Created: The request succeeded, and a new resource was created as a result. This is typically the response sent after POST requests, or some PUT requests. |
|
202 |
Accepted: Request accepted for processing, but in progress |
|
203 |
Non-Authoritative Information: The information in the entity header is not from an original source but a third-party |
|
204 |
No Content: Response with status code
and header but no response body |
|
205 |
Reset Content: The
form for the transaction should
clear for additional input |
|
206 |
Partial Content: Response with partial data as specified in Range header |
|
207 |
Multi-Status, Conveys information about multiple resources, for situations where multiple status codes might be appropriate. |
|
3xx |
Redirection, further action
needed in order
to complete the request |
|
300 |
Multiple Choices: Response with a list
for the user to select
and go to a location |
|
301 |
Moved Permanently: Requested page moved to a new url |
|
302 |
Found: Requested page
moved to a temporary new URL |
|
303 |
See Other: One can find
the Requested page under a different URL |
|
305 |
Use Proxy: Requested URL need to access through the proxy mentioned in the Location header |
|
307 |
Temporary Redirect: Requested page moved to a temporary new URL |
|
308 |
Permanent Redirect: This means that the resource is now permanently located at another URI, specified by the Location: HTTP Response header. |
|
4xx |
Client Error, request contains bad syntax
or cannot be fulfilled |
|
400 |
Bad Request: Server
unable to understand the request |
|
401 |
Unauthorized: Requested content needs authentication credentials |
|
403 |
Forbidden: Access is forbidden |
|
404 |
Not Found: Server
is unable to find the
requested page |
|
405 |
Method Not Allowed: Method in the request is not allowed |
|
407 |
Proxy Authentication Required: Need to authenticate with a proxy
server |
|
408 |
Request Timeout: The request took
a long time as expected by the server |
|
409 |
Conflict: Error in completing request
due to a conflict |
|
411 |
Length Required: We require the
"Content-Length" for the request to process |
|
415 |
Unsupported Media Type: Unsupported media-type |
|
417 |
Expectation Failed, it means the expectation indicated by the Expect request header field cannot be met by the server. |
|
421 |
Misdirected Request, request was directed at a server
that is not able to produce a |
|
423 |
Locked, the resource that is being
accessed is locked |
|
429 |
Too Many Requests, user has sent too many requests in a given
amount of time |
|
5xx |
Server Error, the server failed
to fulfil an apparently valid
request |
|
500 |
Internal Server Error:
Request not completed due to server
error |
|
501 |
Not Implemented: Server
doesn't support the functionality |
|
502 |
Bad Gateway: Invalid response from an upstream server to the server. Hence, the request not complete |
|
503 |
Service Unavailable: The server is temporarily down |
|
504 |
Gateway Timeout: The gateway has timed out |
|
505 |
HTTP Version Not Supported: Unsupported HTTP protocol version |
|
507 |
Insufficient Storage, method could not be performed on the resource because the server is unable to store the representation needed to successfully complete the |
|
511 |
Network Authentication Required, it indicates that the client needs to authenticate to gain network access |
No comments:
Post a Comment