If you look at the Test pyramid (also refer to below image), more API testing is recommended over the UI testing.
Reason is that, as we go up into the pyramid –
- Increase the time to create the tests (tool selection, dependency libraries, writing the UI test scripts)
- Increasing the cost of creating and running the UI tests (setting up environment, increased run time)
- Increasing flakiness of running the tests (involves lot’s layers like front end libraries, CSS, JS etc )
- Increasing the effort to maintain the tests
Unit testing is normally done by the developers while implementing the user stories, they make sure to add unit tests for each module as part of their definition of done.
API / integration tests can be written by QA / automation QA engineers, using Programming language API libraries (RestSharp in C#, RestAssured in Java, Request in Python etc) or postman collections.
UI tests are written by automation QA using test automation tools like Selenium, Appium, Cypress, Playright etc.
UI tests involve lot’s of dependencies like external libraries (for locating UI elements) or layers into application like (CSS, JS, Ajax etc), which makes the tests more flakiness and time taken to run the tests.
So instead of more UI test coverage, API testing is recommended.
You can refer to this video for more details –
Let’s list out API testing benefits –
- Takes less time to test business logics
- Quality can be derived to use across multiple platforms (browsers and devices)
- Early stage detection of issues
- Cost saving to fix the bugs at early stage & reduces prod bug leakage.
- Helpful for performance testing (as API tests take less time, we can use it for load testing)
What should we test in API Testing?
Gather all the api calls from product or dev team.
It can be by doc file or swagger documentation
Example – http://petstore.swagger.io
For each api call, validate
- desired status code
- desired response time
Validate business logics
– CRUD operations
- Creating an entity using API post call, verify the response body
- Have different combination of post body and verify the response
- Delete an entity, verify if deleted and do a get call to verify if the entity count reduced to desired count
- Update an entity, verify the response if updated
- Get all the entities and verify the items and count
Some negative testing scenarios –
Performing API call with –
- wrong endpoint
- wrong / missing headers
- Incorrect authorisation
- a record that does not exist
- a body that has missing required fields
- a body that has invalid field values
