Rest API Testing fundamentals
What is an API?
An API can be defined as an Interface that takes requests from a Client system to a web server and sends back the response from a Web server to the client machine.
Definition 2: An interface that facilitates communication between Client machine and a Web Server.
Example 1: MakeMyTrip.com which aggregates flight information from various airlines and presents it on the website.
When user enters information like date, source and destination the request is made to APIs of different Airline companies which then return the information about availability and price.
Another example is Trivago which requests the APIs of different Hotels which then returns back information about price and availability of rooms.
Example 2, Let us consider that you are browsing through the products on Amazon.com and you see a product/deal that you really like and you wish to share it with your Facebook network.
The moment you click on the Facebook icon on the share section of the page and enter your Facebook account credentials to share, you are interacting with an API that is seamlessly connecting the Amazon website to Facebook.
Types of API testing/How do you test a REST API?
For Example, let’s say that based on the requirements provided, we know that the API that is designed needs to service at least 500 requests per hour and maintain the average response time of less than .01 seconds.
Based on our load and performance tests we found out that as long as API receives less than 500 requests per hour, it is able to maintain SLA for average response time. However, if it receives another 200 requests, then the average response time increases and the breaking point is reached when the incoming request exceeds 1200 per hour.
Application Programming Interfaces or APIs are vulnerable and are the easiest access point for malicious hackers who want access to data or gain control of an application.
This can lead any company into legal trouble, where due to a security breach unintended people and/or organizations are able to access client’s data through a venerable API.
Security testing is a specialized branch of testing and should be handled by specialists. The security testing resources can be from within the organization or independent consultants.
Comments
Post a Comment