API testing is becoming increasingly a crucial part of any QA professional’s job, particularly since more and more sophisticated applications rely on Application Programming Interfaces (APIs), most importantly software infrastructure that is powered by artificial intelligence.
However, many QA teams tend to neglect API functional testing, while they most certainly should not.
At least, that is the stark warning from Boulder, Colorado-based Amy Reichert, a QA tester and QA lead with more than two decades of experience under her belt.
Reichert, who has been a QA tester within a variety of software development teams and has worked with multiple types of software development methodologies including Waterfall, Agile, Scrum and Kanban, said that, in the recent past, developers would conduct unit tests on APIs during feature development.
“Beyond that stage, however, further API testing would be rare, if it happened at all. With APIs becoming more prominent and the recognition of them as a potential source for intrusion, regular API testing has increased,” the QA veteran pointed out.
Reichtert called functional testing of APIs these days “complicated” as “it requires technical know-how and the ability to dig deep and understand how applications process data.”
“API testing is not testing that can occur by simply accessing a UI.”
– Amy Reicher
t
The main key challenges involved in API testing include access to a testing tool and training on how to use that tool, access to changing security tokens for testing, adequate API documentation, the ability to fully test all dependencies, the ability to fully test API sequencing calls, as well as tracking of all APIs and ongoing changes.
“Testing requires an understanding of API concepts, which are highly technical and difficult to explain,” Reichert continued, writing in a recent TT blog post.
“For those reasons, developers are often the ones responsible for testing API functionality. This responsibility reduces the time they spend creating new code,” she stated.
QA testers can handle API functional testing on an ongoing basis with proper training, a tool, API documentation and a support system so their questions can be answered.
“To meet these challenges, a team should consider selecting an API testing tool and having a willing developer train QA staff how to test APIs,” Reichert added. “Start by ensuring all APIs have full documentation, including dependencies and sequencing information.”
Security tokens
Reichert suggested that banks and other big finance players should consider having QA testers and IT staff in place to develop a system where security tokens for APIs can be used without exposing unnecessary information.
“Many APIs require authorization tokens to exchange data. Other APIs may require security tokens to save or retrieve data,” she explained.
Security tokens change per use, Reichert elaborated, so there is no option to set a single token code for ongoing testing executions.
“You need the IT team’s cooperation to functionally test APIs in a secure fashion.”
In addition, Reichert highlighted it is important that all API changes are tracked as stories or tasks.
“Functional testing depends on understanding any changes to API functionality so new tests can be developed to ensure test coverage.”
– Amy Reichert
Reichert pointed out that many teams create an API inventory that enables them to track every API, its functions, and when it is updated or changed.
“Understanding an application and the inner workings of the APIs it depends on is essential if you’re going to achieve high-quality functional API testing.”
Strategy
For QA testers to succeed in API functional testing, having a mature and well-thought strategy is paramount, Reichert stated.
Such an approach should include elements like API documentation, access to necessary security information for testing, an API testing tool that assists in creating requests, reading responses and automating tests, as well as a dedicated test environment where APIs can be set up to function as close to production as possible.
Having a plan to execute API tests throughout the development lifecycle and taking time to correct defects is also paramount, Reichert continued, as well as a tool that assists testers in keeping test cases organized and easy to locate.
“Testing APIs needs to be an ongoing test option to ensure application quality.”
– Amy Reichert
“The only way to succeed with API functional testing is by making a true commitment to understanding the APIs and how they interact with each other and the application,” she said.
“By analyzing API documentation and input from development, QA testers can not only develop test cases, but also determine different API behaviours and create specific tests for them.”
Additionally, by fully understanding the API, tests can be prioritised and scheduled based on the effects they have on UX, Reichert noted.
She was also keen to stress that API functional testing is critical to ensure applications function accurately, securely and with superior performance.
“APIs are central to application development anytime an application saves, retrieves or shares data. APIs are coded and often changed either internally or may be adversely changed by external partners that use the API to connect.”
Therefore, “testing APIs needs to be an ongoing test option to ensure application quality and a positive customer experience,” Reichert concluded.
Amy Reichert is a 20-plus-year professional QA tester and a QA lead specialised in test development, execution and management techniques. She has experience with Agile, Extreme, traditional and, most recently, continuous testing practices. She holds Certified Tester Foundation Level (CTFL) with the American Software Testing Qualifications Board, as well as the Advanced ASTQB certification. Reichert spends her time riding horses, writing novels and managing a variety of small animals.
Stay up to date and receive our news, features and interviews for free
Our e-newsletter lands in your inbox every Friday. Sign up HERE in one simple step.
LAST WEEK
DO NOT miss coverage of our conferences in Chicago and Toronto
READ MORE
