REST API Testing Strategy What Exactly Should You Test

API testing is a crucial part of software quality assurance, ensuring that APIs function correctly, securely, and efficiently. This guide details key test actions, test scenario categories, and test flows to ensure a thorough validation of API behavior.

API Test Actions

Each API test involves several key actions:

  1. Verify Correct HTTP Status Code:

    • Ensure the correct status code is returned (e.g., 201 CREATED for resource creation, 403 FORBIDDEN for unauthorized requests).
  2. Verify Response Payload:

    • Validate JSON structure, field names, types, and values, including error responses.
  3. Verify Response Headers:

    • Check headers for security and performance compliance.
  4. Verify Correct Application State (Optional):

    • Validate state changes, especially for manual tests with UI interaction.
  5. Verify Basic Performance Sanity:

    • Ensure response times meet performance expectations.

Test Scenario Categories

API tests fall into several broad categories:

  1. Basic Positive Tests (Happy Paths):

    • Verify basic functionality using valid required parameters.
  2. Positive Tests with Optional Parameters:

    • Test optional parameters like filtering, sorting, and pagination.
  3. Negative Testing – Valid Input:

    • Ensure the API handles operations correctly when using valid but incorrect data (e.g., attempting to delete a non-existent resource).
  4. Negative Testing – Invalid Input:

    • Test missing parameters, incorrect values, invalid authentication tokens, and unsupported methods.
  5. Destructive Testing:

    • Attempt to break the API with malformed content, overflows, boundary value testing, incorrect headers, and concurrency tests.

Test Flows

API testing consists of three main test flows:

  1. Testing Requests in Isolation:

    • Execute single API requests and validate responses.
  2. Multi-Step Workflow Testing:

    • Validate a sequence of API interactions (e.g., create, retrieve, update, delete a resource).
  3. Combined API and Web UI Testing:

    • Verify data consistency between API actions and UI state.

Example Test Cases

Basic Positive Tests (Happy Paths)

# Test Scenario Category Test Action Category Description
1 Basic Positive Tests Status Code Ensure 2XX responses for valid requests (200 for GET, 201 for POST, etc.)
2 Payload Validation Validate JSON structure, fields, and values against schema
3 State Validation Ensure expected state changes occur
4 Header Validation Verify expected headers are present and correct
5 Performance Check Validate response time within limits

Negative Testing – Invalid Input

# Test Scenario Category Test Action Category Description
1 Negative Testing Status Code Ensure error status codes for invalid input
2 Payload Validation Check error messages and response format
3 Header Validation Ensure expected security headers are in place
4 Performance Check Validate timely failure response

Conclusion

A well-structured API test plan ensures APIs are functional, secure, and performant. By covering various test scenarios and flows, teams can identify potential issues early and maintain robust API functionality.

0%