API Testing

Few days ago, WeTest Auckland kicked off the “30 days API Testing Challenge”, which is a great way to learn as individuals or teams. I will participate in this challenge and drive a few tasks. This would give me the opportunity to do some research, refresh my knowledge and get exposed to different tools and testing techniques.

I hope to achieve the following through this documentation:

  • Share my knowledge with people who have the same passion about testing. This includes discussing solutions and opinions
  • Get a feedback about the state of my knowledge and improve it. When you explain a new learning, you understand it better

In this post, I will define API Testing, and include some resources on the topic.

Same as any type of testing, before we test we need to understand. Let’s start by defining what is an API.

What is an API?

An Application Programming Interface (API) is a set of methods that would enable communication and data exchange between multiple software systems. A good way to visualize APIs in a non-technical term is through Lego Blocks:

There is a standard way to connect lego bricks to each other through bumps and holes. These can be considered an API. Same concept applies to software.

When calling an API, many complex processes may occur behind the scene. The system doing the call (requesting the information) doesn’t need to know about the details. The API abstracts the underlying implementation, and only exposes the info requested.

Example: Have a look at this site containing APIs that return facts about Chuck Norris: https://api.chucknorris.io/. Click a URL provided in this page (e.g. https://api.chucknorris.io/jokes/random), notice that we get a random joke without knowing actually what is going in the background.

There are multiple types of APIs, the most common types are Web APIs. Below are a few resources that would provide more information about APIs and their types:





What is API Testing?

Now that we covered briefly the definition of an API, let us move to defining API Testing. this is the wikipedia definition:

API testing is a type of software testing that involves testing application programming interfaces (APIs) directly and as part of integration testing to determine if they meet expectations for functionality, reliability, performance, and security

When testing an application that has a user interface, we interact with it through input methods such as mouse clicks and keyboard key presses, and validate the output on the screen (this can be done manually or through automation). Behind the scenes, this user interface might be interacting with APIs that return responses. The testing through that GUI validates the look and feel, and the displayed information.

In API testing, user interfaces are not in play, we care about the layer behind it, which would be expecting an input and would return a response. We are validating the information returned in this case. Usually we use tools to perform this kind of request submission and response validation. Think of this tool as a replacement of the browser in case of a web interface (it is a tester’s user interface). Alternatively, we can write our own code to test the API.

When I usually test a functionality through the user interface, I start thinking as an end user and assume paths she might take through the application. On the other hand, to do good API testing, I wear the hat of a developer that is developing a program based on the API, and I validate that the response of the API call matches my program’s expectation. For example, If you are building a UI displaying a list list of books in a library, the API returning the books should include the book name, the author, reviews, availability status, etc. for every book in that list.

Below are a few checks to start with:

  • Check the input needed by the API to return a specific output. Go over cases providing different inputs and expecting different outputs
  • Validate negative cases such as not entering an input when expected, or entering a different type (character instead of a number)
  • Modify the order of parameters when they exist, or skip passing an argument
  • Validate errors are handled properly

Let us try to test a Chuck Norris API:

Chuck Norris jokes are actually grouped into categories

We have 2 APIs:

[ “explicit”, “dev”, “movie”, “food”, “celebrity”, “science”, “sport”, “political”, “religion”, “animal”, “history”, “music”, “travel”, “career”, “money”, “fashion”]

Possible scenarios are:

— Pass an existing category and validate a joke belonging to that category appears:

https://api.chucknorris.io/jokes/random?category=food → response.value = “When Chuck Norris wants an egg, he cracks open a chicken.”

Try with multiple valid values

— Don’t pass a category value:

https://api.chucknorris.io/jokes/random?category= → response.category=null

Category was ignored and a random value returned

— Don’t pass a category parameter at all:

https://api.chucknorris.io/jokes/random → response.category=null

Category was ignored and a random value returned

— Pass a category that doesn’t exist:


We got a page with a nice handling saying:

Note that in this case the API has returned an 404 error, which means not found. Open your browser developer tools and validate this in the Network tab, the developer using the API decides to handle this error as the above picture and message…

These examples are mainly web APIs. As mentioned earlier, there are other types of APIs, which aren’t covered in this post.

It is possible to perform different types of testing on APIs:

  • Functional testing (similar to the previous example)
  • Load testing
  • Security testing
  • Performance testing
  • etc.

Below are some links and references for further research and learning:

I hope the post was helpful to get introduced to API testing. Your feedback is appreciated.



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store