Want to build a better API? Just follow these 6 API testing best practices and you’ll be in great shape.
- Start with a thorough examination and review of the API specifications, their definition of each resource parameter, call use, business process use and error trapping.
- Test individual API calls to verify the operation of each against its entry in the specifications and graceful handling of error conditions.
- Test API calls in business function groups to verify process operation including normal error handling.
- Load API calls in business function groups to verify operation under normal to extreme use level conditions as well as measuring performance degradation under load and over time (soak testing).
- Create sanity check test suites to verify basic operation of each API call in a system each time a system upgrade is released.
- Create surveillance test suites to continuously monitor the operation of the production installation and flag any operational degradation to IT immediately.
But if testing isn’t your specialty, these steps can be a time-consuming drain on limited resources. At QualityLogic, API testing is what we do for a living. We’ve developed expert resources and capabilities that we bring to bear when implementing best practices for every API project:
- Baseline Request/Response Tests to exercise each resource in isolation using only mandatory elements and typical content.
- Limit Tests to exercise each resource using all optional elements and maximum allowable content lengths and/or instances of repeated elements.
- Business Logic Tests to exercise resources in groups as they are used to support system business functions to verify cross-call operation and reasonable error trapping.
- Illegal Tests that contain a further sampling of typical error scenarios, such as missing required elements, empty content, and content exceeding maximum limits across a representative sampling of the resources.
- Load Tests that drive business process-associated resource groups to verify operation under normal, time/date profiled, maximum projected, demand spike and failure level traffic loads.