An Introduction to API Testing

api2

In this modern era of distributed computing where web service architectures remain dominant, the importance of API testing has grown significantly. Black-box testing, which primarily deals with overall application functionality, is no longer sufficient to fully validate the logic contained within the interfaces used in SOA-based programs. Enterprises developing distributed applications without proper testing run the risk of bug-laden application logic, poor performance, or even security holes prone to exploitation by hackers.

White-box testing, on the other hand, examines each functional point within an application’s logic. API testing, which follows this white-box approach, provides the mechanism to fully vet any distributed application’s codebase. Let’s take a closer look.

API Testing for the Three-Tiered Application Model

Most web-based applications follow a three-tiered application model. The presentation tier focuses on the interaction between the user and the program’s visual and functional interface — display, touchscreen, keyboard, etc. The data tier is where application data resides, usually stored in a database or a file system.

In the middle lies the logic tier containing the entire business logic for an application. Typically, it also handles the data access for the presentation and data tiers. The logic tier, in most cases, includes the entire API for an application, and as such, its testing requirements are paramount.

One of the advantages of strict adherence to the three-tiered architecture is the ability to swap out any tier with a QA test tool, including those designed specifically for API testing. Enterprises depend on testing tools like these to fully leverage the collaborative efficiencies gained by embracing the principles of DevOps and/or the Agile methodology.

What API Testing needs to Cover

Since the logic tier is responsible for an application’s business rules in addition to serving as traffic cop for the presentation and data tiers, API testing carries a lot of responsibility. Sometimes the project manager for a development effort gives API testing short shrift, primarily leaving the task to the programmers and their unit testing. This tends to be a poor strategy, as the QA team needs to play a role on any software development project from the beginning.

Many traditional QA approaches only focused on GUI testing which doesn’t provide enough code coverage of an application’s underlying logic. API testing — when properly implemented — gives applications a thorough vetting of their business rules and data access functionality. When combined the use of automated testing tools, the entire development team — developers, BAs, testers, etc. — becomes more efficient, achieving the promise of Agile and DevOps.

With business rules and data access encapsulated in the logic tier, as with a properly-architected application, API testing leads to a more robust product. Code maintenance and future upgrades become easier. Additionally, the API is able to be tested before other parts of the application are fully developed, most notably the user interface.

In short, API testing needs to be in the toolbox of any modern software testing team.

Stay tuned to future posts on the Betica blog as we dive more deeply into API testing as well as other topics of interest to the QA and software development professional.