API testing or Application Programming Interface testing is a type of software testing that focuses on evaluating the functionality, reliability, performance, and security of an application’s APIs (Application Programming Interfaces).

API testing can be performed using various tools and techniques including manual testing, automated testing frameworks and specialized API testing tools.

Automated API testing is particularly common as it allows faster and more efficient testing, especially when a large number of test cases need to be executed.

Recently, there was a knowledge-sharing meetup by Alina Lyakhova, the QA Lead of Speroteck’s QA department, who has successfully implemented API testing in projects.

Let’s find out what the basics of API testing are.

Alina Lyakhova (QA Lead)

“Now we decided to dive into familiarization with API testing with those who have time for self education. This is not a full course, but most likely just a sharing of knowledge that takes place once a week on a common call.

Well, let’s start with what an API is. I will try to explain in simple words.

When developing a site for a person, it is necessary to make a nice UI (user interface), in which it will be convenient for a user to click on all kinds of buttons there and interact with various active elements, but programs or applications need a completely different method of interaction than just buttons on the site, namely – Application Programming Interface (API).

APIs are explicit methods of interaction between a client (such as a website, browser, or application) and a server.Communication between the client and the server takes place in the language of data sent through the API – for example, in JSON, XML and other formats.

What is the importance of API? In general, absolutely everything now works on API – it is like gasoline for a car, without which you will not go anywhere.
They clicked on some button on the site – the data is sent to the server, then the server responds to them – and then bam, and on the site you see a message about the successful creation of an order, for example. Or not successful.

How can you test the API?

1. Download a program for API testing (for example, Postman, Rest-client, Katalon, Soap UI and many others to your taste).
2. If you already have a collection and an environment for API testing on your project, download and use it.
3. If you are not so lucky – use the API documentation of the project, and save your requests in your own API collection.

What can you test with the API anyway?

• Security (for instance, on your site, access to certain functionality is closed without a login and password. But it happens that you forget to close it through the API – and you can add to the cart sale products that you could not add through the site).
• You can test any features you have on your website or app. This is especially convenient when the backend team has already developed many functions, and the frontend is still in the process of implementing the design.
• Then, so that you don’t have to wait and just deal with documentation and writing test cases, you can already at this stage check how requests work on the backend using the API and find bugs.And, as you know, the earlier a bug is found, the cheaper it is to fix it.
• You can expose a lot of things through the API but it’s better not to do that.
• Place orders – if you are like I am too lazy) to do it through the site, but you need to check the order flow in the order management system.

Let’s see an example of a request through the API:

1. We will use the POST method (there are different methods, this is the one we use when we want to send some data to the server)



2. Where to send: to the URL of your site, but it should not be the link to the stage storefront, but the link to the API, every site has it, you just don’t always know about it).

But what is the end point? This is the developer-defined name of the command that does something with your data that you submit. That is, the developers themselves come up with the names of the commands on the backend, and then you use them.

3. Write or copy and paste something in the Body (this is the body of the request, that contains details of the order and the exact product that should be changed):

If everything works, then after this request the status of the item should be successfully altered, and you should receive a response code of 200 OK and a response body with the message “Item status is successfully updated” (or another text invented by your developers).

In the future – after API testing, we will also share other interesting QA topics.
Stay tuned for updates on the blog.”

WRITTEN BY: Alina Lyakhova, Speroteck QA Lead.