I was recently assigned a task where I have to come up with scenarios for operational acceptance testing for API's. Although I have a fair bit of experience in testing, this is completely new to me.

I have been given the design, call flow and all other relevant data. However I am completely clueless as to where to start from. A bit of help and direction from anone would be highly appreciated.


Views: 203

Reply to This

Replies to This Discussion

As in any software, you have to think on how to user will use it.
Regarding APIs, some questions that your tests could answer are:

  • Does the API design allowed only one way to get a given result? (1)
  • Does the API uses the correct HTTP methods for an action? (2)
  • Boundary testing
    • Results with big chunks of data
    • Results with small chunks of data
  • Error handling
    • API results when user looks for an in-existent resource
    • API results when user looks for a resource which he does not have access
    • API results when database or third party services are down

I'd also look for raising inputs on the API design itself, since these kinds of software are - usually - designed by developers, and we know how an outside, client-based vision in design is important. There are several blog posts on API design, but, if you want a deep dive, I'd suggest the API Guidelines from Microsoft and Integent.

1 - If the user can do the same thing in multiple ways, it can indicate a flaw/confusing design - and more likely to be break client code on updates.

2 - One could make all actions in an API using the GET method, but this is ugly and highly confusing for users. There are several HTTP methods the clearly shows the request purpose. Check out here: http://www.restapitutorial.com/lessons/httpmethods.html

I am working on the POST method. There is just one Success flow. This helps. Thanks a lot.

I would suggest to start from choosing a toolchain for testing, i.e. what tool you will be using for sending requests and checking if responses are match your expectations.

The most popular tools are:

In regards to scenarios, they should be pretty the same as for any HTTP-based application, to wit:

  1. Check all endpoints sanity, i.e. when you send well-build request you get a "good" response
  2. Perform negative testing: 
    • send not supported request type
    • intentionally miss some data
    • call endpoint with a user who should not be having permissions
  3. Check whether API provider provides reasonably low response times under the anticipated load
  4. Check the boundaries, i.e. how many concurrent users it can serve before errors start occurring. Does API provider recover when load comes back to normal or it remains broken, etc.

We are using Apache JMeter. Thanks for the help. Will let you guys know how it went and how exactly I went forward with it.

If it's a web based API you might consider something like runscope. They focus mainly on production testing and monitoring but they use test cases and data validation to ensure correctness. YMMV.



© 2017   Created by Rosie Sherry.   Powered by

Badges  |  Report an Issue  |  Terms of Service