The ultimate guide to efficient test automation

Automation engineers have to take API testing seriously and include it in today's ever-changing market in their automation testing strategy. Generally, Agile and continuous testing (CI/CD) has rattled standard test automation practices, forcing test engineers to rethink the process and practices of test automation. This prevalent scenario has made APIs and API testing a vital part of software application development for any test automation efforts to succeed.

In this in-depth guide, we will cover:

  1. What exactly is API testing?
  2. What is headless AIP testing?
  3. The importance of API testing
  4. Automated API testing fast feedback
  5. API testing pyramid
  6. What is GUI testing?
  7. Definition of a unit test
  8. What is an API test, and where can you use it?
  9. API load testing explained
  10. Tips for choosing the best API testing tools
  11. How would you test a web service?
  12. Web service testing key terminologies
  13. Getting started with API testing: How to create a SOAP Web Service Test
  14. API WSDL response explained
  15. How to verify WSDLs response
  16. What are SOAP Message elements?
  17. What is HTTP in simple words?
  18. Making HTTP requests
  19. HTTP Requests overview
  20. HTTP Status Codes
  21. What is meant by a REST API?
  22. Rest API testing: Steps for creating a REST API test
  23. What is JSON?
  24. Validating a rest API test

What exactly is API testing?

API (Application Programming Interface) is a specification that serves as an interface for application software components. Whereas most functional testing entails a user interface such as a .NET form, or a web page, API testing entails communicating directly with an application by placing calls to its APIs; or bypassing a user interface. API testing enables the user to test headless technologies such as Web Services, Databases, HTTP, and JMS. For instance, many modern web applications' business logic lives in a backend API. When interconnecting with the frontend, calls are placed to these backed microservices.

Thus APIs enable different parts of your software to talk to each other. Today graphical user interface (GUI) is no longer the king, and automation engineers need to burrow deeper underneath the GUI to the API level.

Typically, there are many reasons why API testing is essential, and by adhering to automated testing practices, you can ensure that your testing strategy delivers the maximum return on investments (ROI). Automation testing means more test coverage, continuous integration, and delivery needs fast feedback, improved speed of execution, and the Internet of Things (IoT).

What is headless AIP testing?

Most headline tests include bypassing the GUI, sending a request directly to an application service or backend, and receiving a response while authenticating the response to ensure everything is working as expected.

The above example is often known as the client/server relationship. Typically the client requests by asking for a resource, and the request goes out to locate the server that will execute the request. The server finds the desired resource and then sends feedback to the client.

The importance of API testing

Software development process and the ways we automate tests have changed dramatically with the rise of Agile development. Before Agile testing, most of the time spent on test automation was done against GUI. This part that tools such as UFT/ QTP and Selenium handle. However, if you have experience in test automation, you know it’s time-consuming, delicate, and challenging to maintain these types of tests. Books have been written on how firms have invested huge amounts of money in developing custom functional GUI test automation frameworks, only to become disappointed with their reliability over time. Additionally, GUI tests that go against UI tend to take a lot of time to run. For various Agile practices such as continuous builds, when new code is checked in, the time it takes to get feedback from the GUI regression suite of tests is objectionable.

Automated API testing fast feedback

In those situations, swift feedback is required. The sooner bugs are discovered, the better because a software developer immediately knows the code changes they made have broken the build, and they need to be looked at. In test-driven processes, users require a large percentage of test sets to run fast and frequently and should integrate them into the development lifecycle.

GUI testing is equally important; it is the only type of test that accurately tests how a user will experience an application during production. Certain flaws can only be seen through GUI tests. Simply put, whereas GUI testing is vital, GUI should not be the only automation type a user concentrates on, nor should it be the largest piece of the total amount of automated tests that one creates. The reasons discussed above have made test automation famous for being unreliable and not worth creating. You might wonder, but isn’t test automation a central agile practice? Fortunately, the type of automation Agile concentrates on is Unit Testing (and the more reliable API lower-level testing) and less on GUI testing.

Additional great topics on software testing:

parasoft.com/solutions/test-data-management/

parasoft.com/blog/what-is-service-virtualization/

parasoft.com/solutions/unit-testing/

parasoft.com/solutions/static-code-analysis/

parasoft.com/solutions/misra/

parasoft.com/solutions/iso-26262/

API testing pyramid

Author Mike Cohn introduces the approach of a test automation pyramid in his book Agile: Software Development Using Scrum. His test automation concept is the opposite of how most non-agile development teams do automated testing.

Here’s are the levels of the API testing pyramid

  1. Manual tests
  2. UI (IGUI tests)
  3. Service (IAPI test)
  4. UNIT

What is GUI testing?

GUI testing concentrates on testing an application user interface to ensure that its functionality is working correctly.

IDE GUI represents a small section of the total number of automation test types that should be developed, and it is at the top of the testing pyramid.

Definition of a unit test

Unit testing takes the most significant part of the pyramid section, forming a solid base. Unit tests are developed to verify a single source code unit, like a method. By doing this, software developers can isolate the smallest testable parts of their application code. A unit test is the simplest to create since it is usually written in the same language as an application, indicating that developers have an easy time adding them to their software development process.

What is an API test, and where can you use it?

The central Service layer is where tools such as Postman and Rest-Assured were designed. Service testing is also called integration testing. Integration testing verifies that the interactions of many small elements can integrate without a problem. Because API tests bypass the UI, they tend to be faster and more dependable than GUI tests. Essentially, since API tests do not depend on a User Interface to be ready, they can be developed early in the development cycle. Generally, API tests are easier to create compared to GUI tests.

API load testing explained

Another importance of API testing is that developers can leverage the same functional API automated test to deploy it in the performance testing efforts. JMeter is one of the popular tools used to run load tests. Another essential type of API testing is API function testing. Basically, with API functional testing, you will be doing performance testing using a service such as BlazeMeter; however, before you run, for instance, a large-scale load test against your API, you want to ensure that it works at all. Thus, you want to do the functional tests first, followed by performance tests. Therefore API scripts are a great add-on in the workflow of a performance testing company. Additionally, deploying performance testing to help with API testing is very common.

How to choose the best API testing tools

There are many API tools in the industry that you can use to help you with API automation. But some tools such as Selenium cannot be used to test an API. This is because Selenium is just meant for browser-based testing. Here are some of the best API test tools for REST and SOAP services:

  1. Postman
  2. Karate DSL
  3. SoapUl
  4. HttpMaster Express
  5. Rest-Assured
  6. Rest Console

How would you test a web service?

Web service testing is almost the same as other application tests. Generally, the best technique for normal functional testing is the same for web service (the only difference is unlike most other applications, web service does not have GUI user interfaces). So the functional testing approaches that you have been using still apply. Think of web service as a business process without an IDE, and write your test case accordingly. Here are some good questions to ask yourself when automating a web service:

  • Can the service manage invalid expectations and values resulting from bad data?
  • Can the service manage unexpected and expected user loads
  • How fast does the service send a response to the user?
  • Does your service respond with the correct values?

Web service testing key terminologies

The biggest challenge for most testers is adapting to the terminology deployed when talking about web services.

Here are some of the most common web service testing terminologies:

  • WSDLs: This XML format tells users how to access a web service. Most testing tools read in WSDL and present all the data/information you need to interact with it.
  • XML: XML is an approach to creating a markup language to determine your tags. XML enables the user to share structured data with many systems, including the internet.
  • SOAP: Simple Object Access Protocol (SOAP) is a protocol that utilizes XML format to trade-off information to and from web service.
  • SOA: Service-oriented architecture (SOA) is an approach in which businesses can organize software that can be rapidly changed to respond to the standards of the marketplace.
  • Web Services: Web services are small units of software applications that run in a network. They are generally written to manage a particular business process. Web services can be strung together in many ways and deployed by different applications to develop the expected functionality.
  • Restful API and REST: Representational State of Transfer (REST) is a lightweight method for creating a web service that deploys the HTTP protocol. This makes it easier with less overhead than a web service that utilizes the SOAP protocol.

Once the above terms are clarified, testing web services becomes relatively straightforward.

Getting started with API testing: How to create a SOAP Web Service Test

A WSDL is one of the most significant parts of testing a SOAP-based service. WSDLs are a set of definitions that define a contract used by web services.

The W3C’s requirements on WSDL outlines it as an XML format for defining network services as a set of endpoints operating on messages consisting of either procedure-oriented or document-oriented information.

In the example below, we will be deploying the HolidayWebservice web service’s WSDL; holidaywebservice.com provides that. This will enable us to check which countries celebrate what holidays.

We will use an online app to call our web service for this tutorial.

  1. First, navigate to https://wsdlbrowser.com/
  2. Enter http://www.holidaywebservice.com//HolidayService_v2/HolidayService2.asmx?wsdl in the WSDL URL.
  3. Click on GetHolidaysAvailable under functions click on.
  4. Change the <CountryCode> from Array to Scotland under Request, XML.
  5. Now click the Call function
  6. At this point, the results of the response should return.

API WSDL response explained

The above HolidayWebservice web service is the most typical type, in that a client ( in this case, a test tool) sends a request to the service and waits. The service will then process the request and send a response. Generally, SOAP- an XML-based protocol deployed in communicating with a Web Service- sends information to the request utilizing the HTTP protocol. Looking at the response you obtained from the test, you will see SOAP elements like SOAP Envelope, Body, and Header.

How to verify WSDLs response

There are numerous ways to verify the WSDL results based on the test tool you are using. For instance, you can use the assertion method using SOAP UI.

What are SOAP Message elements?

The SOAP XML message comprises of three elements:

Soap message element : Description

SOAP Envelope : The SOAP Envelope is often at the top element in the message.

Header: A header is optional, and it is the first child component to appear after the envelope. Headers can comprise different kinds of software application- particular info such as session management info or security authentication info

Body (Also known as payload) : The body comprises the actual message that displays the information for the message's recipient. Generally, the UFT Results Viewer consistently displays the SOAP XML response returned from a web service.

What is HTTP in simple words?

The Hypertext Transfer Protocol (HTTP) is a communication protocol that transports messages over a network. It is also called a stateless protocol because every request that it makes depends on the former requests. Cookies are deployed to track previous request states for a session. Cookies refer to files stored on the client that have data from HTTP header information. When a user requests a website they have already visited, the data stored in the cookie is sent back to the browser. This helps a website to remember a user’s previous activities.

It is crucial to understand HTTP as it will give you a good foundation for understanding most API test tools' functionality.

We will use the free Insomnia REST client for our examples in this section. You can install it through:

https://insomnia.rest/download/

Making HTTP requests

  1. Choose the New Request option in Insomnia
  2. Name the Request HTTPDemo and select the GET option
  3. Enter https://testguild.com under the GET field
  4. Now click the send button
  5. You should get a response with a status code of 200 OK.

To view the raw data, click on the Timeline tab.

HTTP Requests overview

HTTP client request comprises three main parts.

1. HTTP Method (Request line): This informs the server what kind of request is made. For instance, in our example, we made a GET request; however, there are numerous lines you can use based on the type of request you want to make. The HTTP method has the following options with GET, POST, PUT and DELETE as the most used.

  • GET: Recover data from a specified source
  • PUT: Updates information for a particular source
  • POST: Sends new information to a specified source
  • DELETE: Extracts data from a specified source
  • HEAD: Related to a GET request, but only sends information about a document
  • OPTION: Ask for information/data about options available on the server
  • TRACE: Ask proxies to declare themselves
  • CONNECT: Deployed when a client is using an HTTPS server

2. Header: Comprising extra information to send to the server such as Cookie info, Accept, Browser, and OS. Here are the different types of headers:

  • Entity: Comprise particular information about a document sent, such as encoding and length schemes.
  • Request: Offers more info about the client to the server.
  • General: This optional header comprises info like the current time.

3. Body: The body consists of data for the methods that need it, such as the PUT method. As seen in our example, the GET method is empty.

The feedback from the server also comprises three sections, such as what we looked at for the HTTP request:

  • A body that incorporates all the text from the response
  • Header info
  • Status code (a response line)

HTTP Status Codes

In our example, 200, our status code meant everything was OK. The status code varies based on what happened with the initial request.

Here are status codes that can be returned from a server:

  • 5xx: These are responses in the range of 500 to 599, meaning that the server encountered an error.
  • 4xx: These are responses in the range of 400 to 499, meaning that the request was incomplete and might require more information.
  • 3xx: These are responses in the range of 300 to 399, which means that the request was not made- and that further action is required.
  • 2xx: These responses are in the range of 200 to 299, meaning that the request was successful.
  • 1xx: These are responses in the range of 100 to 199, meaning that the server is working on the request. Typically 1xx codes are un.

What is meant by a REST API?

Representational State of Transfer (REST) is a lightweight option for creating web services using the HTTP protocol. This makes it easier with less overhead than a webs service that utilizes the SOAP protocol. When APIs follow REST architecture, it is known as REST API. When a service is developed around a REST standard, it is said to make a service RESTful. For a web service to be regarded RESTful, it must:

  • Be stateless
  • Use HTTP
  • Have a separate server and client

A REST API consists of resources or a bunch; this is known as a resource model, and it makes use of URIs (Uniform Resource Identifiers). The URI syntax enables you to specify a question and returns the info you want from a REST API. The main elements of a REST system include:

  • Representations: When a server sends a response with the resource in a complete format.
  • A resource identifier is a URI that names the resource
  • Resources are the requests from a client of what it wants from a host- such as a database record or a web page.

Rest API testing: Steps for creating a REST API test

We will be using the cool Star Wars REST API from swapi. co for our REST test example:

  1. First, create a new project in Insomnia
  2. Call the project RestDemo and select type GET
  3. Enter https://swapi.co/api/people/10 in the GET field
  4. Click on send

Under the preview pane, notice that instead of the website view we had in our HTTP example, we get back JSON instead.

What is JSON?

JavaScript Object Notation (JSON) was developed as a lightweight data-interchange format. JSON is becoming more famous and is now replacing XML in some instances for API data exchanging. Generally, JSON is built on two structures:

  1. A group of value or name pairs: In various languages, this is realized as an associative array, keyed list, hash table, dictionary, struct, record, or object.
  2. An arranged list of values: This is realized as a sequence, list, vector, or array in most languages.

Let us now look at using REST to POST information using JSON.

Validating a rest API test

As we discussed earlier, there are numerous ways to validate a REST response, and it all depends on what test tool you are deploying. Additionally, the choice of tools can range from just libraries utilized in a programming language such as rest-assured for full-brown vendors or java API test tools from a vendor such as Microfocus UFT API.

For instance, you can create a rest API test using an open-source solution such as SOAP UI.