REST API Testing Strategy What Exactly Should You Test
API testing is a crucial part of software quality assurance, ensuring that APIs function correctly, securely, and efficiently. This guide details key test actions, test scenario categories, and test flows to ensure a thorough validation of API behavior.
API Test Actions
Each API test involves several key actions:
-
Verify Correct HTTP Status Code:
- Ensure the correct status code is returned (e.g.,
201 CREATEDfor resource creation,403 FORBIDDENfor unauthorized requests).
- Ensure the correct status code is returned (e.g.,
-
Verify Response Payload:
- Validate JSON structure, field names, types, and values, including error responses.
-
Verify Response Headers:
- Check headers for security and performance compliance.
-
Verify Correct Application State (Optional):
- Validate state changes, especially for manual tests with UI interaction.
-
Verify Basic Performance Sanity:
- Ensure response times meet performance expectations.
Test Scenario Categories
API tests fall into several broad categories:
-
Basic Positive Tests (Happy Paths):
- Verify basic functionality using valid required parameters.
-
Positive Tests with Optional Parameters:
- Test optional parameters like filtering, sorting, and pagination.
-
Negative Testing – Valid Input:
- Ensure the API handles operations correctly when using valid but incorrect data (e.g., attempting to delete a non-existent resource).
-
Negative Testing – Invalid Input:
- Test missing parameters, incorrect values, invalid authentication tokens, and unsupported methods.
-
Destructive Testing:
- Attempt to break the API with malformed content, overflows, boundary value testing, incorrect headers, and concurrency tests.
Test Flows
API testing consists of three main test flows:
-
Testing Requests in Isolation:
- Execute single API requests and validate responses.
-
Multi-Step Workflow Testing:
- Validate a sequence of API interactions (e.g., create, retrieve, update, delete a resource).
-
Combined API and Web UI Testing:
- Verify data consistency between API actions and UI state.
Example Test Cases
Basic Positive Tests (Happy Paths)
| # | Test Scenario Category | Test Action Category | Description |
|---|---|---|---|
| 1 | Basic Positive Tests | Status Code | Ensure 2XX responses for valid requests (200 for GET, 201 for POST, etc.) |
| 2 | Payload Validation | Validate JSON structure, fields, and values against schema | |
| 3 | State Validation | Ensure expected state changes occur | |
| 4 | Header Validation | Verify expected headers are present and correct | |
| 5 | Performance Check | Validate response time within limits |
Negative Testing – Invalid Input
| # | Test Scenario Category | Test Action Category | Description |
|---|---|---|---|
| 1 | Negative Testing | Status Code | Ensure error status codes for invalid input |
| 2 | Payload Validation | Check error messages and response format | |
| 3 | Header Validation | Ensure expected security headers are in place | |
| 4 | Performance Check | Validate timely failure response |
Conclusion
A well-structured API test plan ensures APIs are functional, secure, and performant. By covering various test scenarios and flows, teams can identify potential issues early and maintain robust API functionality.