11.5 - API Testing Checklist for QA
Enroll to start learning
Youβve not yet enrolled in this course. Please enroll for free to listen to audio lessons, classroom podcasts and take practice test.
Interactive Audio Lesson
Listen to a student-teacher conversation explaining the topic in a relatable way.
Understanding Status Codes
π Unlock Audio Lesson
Sign up and enroll to listen to this audio lesson
Let's start by discussing HTTP status codes. Why do you think these codes are essential in API testing?
I think they indicate whether a request was successful or failed.
Exactly! For example, the status code 200 means a successful response, while 404 indicates that something was not found. Remember, '2xx means success.' Can anyone tell me what a 500 error represents?
It usually means there's a server error, right?
Right on! HTTP status codes help us determine the state of our API. Make sure to check these during your testing process.
Response Field Validation
π Unlock Audio Lesson
Sign up and enroll to listen to this audio lesson
We've talked about status codes. Now, let's focus on the actual response body. Why is it important to verify that the response contains the expected fields?
If the response fields are incorrect, it could lead to errors in the application.
Exactly! Testing response body fields ensures the app receives the correct data. For example, if you're expecting 'name' to appear, but it doesnβt, that's a problem!
Can this be automated in Postman?
Yes! You can write assertions in the Tests tab to validate field presence and values.
Data Type Checks
π Unlock Audio Lesson
Sign up and enroll to listen to this audio lesson
Let's dive into field data types. Why do you think we should validate that the fields returned have the correct data types?
Incorrect data types could cause the application to crash or behave unexpectedly.
Exactly! An 'id' should always be an integer, while an 'email' should be a string. Would anyone like to share how we check these in Postman?
I guess we could use assertions in the Tests tab to compare the data types.
Correct! Validation helps maintain application integrity.
Authorization Testing
π Unlock Audio Lesson
Sign up and enroll to listen to this audio lesson
Now, letβs talk about authorization. What happens when you try to access an API without valid credentials?
We should get a 401 Unauthorized response.
Exactly! It's essential to confirm that unauthorized requests are handled properly. This protects sensitive data. Make sure you test for this when creating your checklist.
Introduction & Overview
Read summaries of the section's main ideas at different levels of detail.
Quick Overview
Standard
The API Testing Checklist for QA outlines essential checks such as validating status codes, response bodies, data types, authorization, and handling negative test cases. Each checklist item is crucial for ensuring a robust API testing process and reliability of the application.
Detailed
API Testing Checklist for QA
API testing is a critical step in ensuring that applications function correctly when communicating over APIs. The checklist provided here serves as a guide for Quality Assurance professionals to systematically assess various aspects of an API during testing.
Key Types of API Tests Covered:
- Status Code Validation: Ensures the API returns appropriate HTTP status codes like 200, 404, or 500 depending on the request.
- Response Body Field Checks: Involves verifying that the API response contains the expected fields such as 'id' and 'name'.
- Field Data Type Validation: Confirms that fields in the response have the correct data types, such as integers for IDs or strings for emails.
- Authorization Testing: Tests the API's response when accessed without valid tokens, expecting a 401 Unauthorized status.
- Negative Testing: Involves sending invalid or malformed data to ensure the API returns appropriate error messages.
This checklist not only helps in ensuring the functionality of the API but also enhances its reliability, security, and performance.
Audio Book
Dive deep into the subject with an immersive audiobook experience.
Status Code Validation
Chapter 1 of 5
π Unlock Audio Chapter
Sign up and enroll to access the full audio experience
Chapter Content
Check for correct HTTP status (200, 201, 400, 404, 500)
Detailed Explanation
This chunk emphasizes the importance of validating the HTTP status codes returned by API requests. HTTP status codes are standardized responses that indicate whether a request has been successfully processed or if an error occurred. A 200 or 201 status code typically means the request was successful, while 400 and 404 indicate client errors and 500 indicates a server error.
Examples & Analogies
Imagine you send a package through a courier service. Upon checking the status online, a 'delivered' status confirms your package reached the recipient. If it says 'not found,' it indicates an issue in the delivery β similar to how HTTP status codes inform you about the success or failure of an API request.
Response Body Validation
Chapter 2 of 5
π Unlock Audio Chapter
Sign up and enroll to access the full audio experience
Chapter Content
Verify fields like id, name, etc.
Detailed Explanation
This chunk discusses the necessity of verifying that the response body returned by the API contains the expected fields, such as 'id' and 'name'. Each API request should return a well-defined structure in its response, and validating the presence and correctness of these fields ensures the API functions as intended.
Examples & Analogies
Think of this like checking your bank statement after a transaction. You expect to see the transaction ID and the amount debited from your account. If those details are missing, there may have been an error in processing the transaction, just like missing fields in an API response could indicate an issue.
Field Data Type Validation
Chapter 3 of 5
π Unlock Audio Chapter
Sign up and enroll to access the full audio experience
Chapter Content
Ensure id is an integer, email is a string
Detailed Explanation
In this chunk, the focus is on validating the data types of the fields returned in the API response. For example, confirming that the 'id' field is an integer and that the 'email' field is a string ensures that the data adheres to expected formats and can be processed correctly by applications consuming the API.
Examples & Analogies
Consider how you would ensure that the information on an online job application is correctly formatted. You wouldnβt want a numeric value in the email field; just like ensuring fields in API responses have the correct data types prevents errors during data processing.
Authorization Testing
Chapter 4 of 5
π Unlock Audio Chapter
Sign up and enroll to access the full audio experience
Chapter Content
Send without token and verify 401 Unauthorized Test
Detailed Explanation
This chunk pertains to testing the API's authorization mechanisms. By sending a request without an authorization token and checking for a 401 Unauthorized response, you can confirm that the API correctly restricts access to authenticated users only. This kind of testing is critical for ensuring the security of the API.
Examples & Analogies
Imagine trying to enter a secured building without your ID badge. The security team will not let you in, and you'll receive an 'unauthorized' response. Similarly, APIs should block access unless the user is authenticated with the correct token.
Negative Testing
Chapter 5 of 5
π Unlock Audio Chapter
Sign up and enroll to access the full audio experience
Chapter Content
Send invalid data, expect proper error message
Detailed Explanation
This chunk highlights the practice of negative testing, where invalid data is sent to the API to ensure it handles errors gracefully. By checking for appropriate error messages in response to invalid input, developers can confirm that the API provides useful feedback to users, improving overall user experience and system reliability.
Examples & Analogies
Think of a vending machine. If you enter an invalid code, you expect it to respond with an error message explaining the issue. Similarly, when an API receives invalid data, it should respond with a meaningful error message to help users correct their inputs.
Key Concepts
-
Status Code Validation: Ensuring the API returns appropriate HTTP codes.
-
Response Body Verification: Checking the presence of expected fields in the API response.
-
Field Data Type Validation: Confirming the data types of fields in the response.
-
Authorization Testing: Verifying API access with valid/invalid tokens.
-
Negative Testing: Testing with invalid inputs to ensure robust error handling.
Examples & Applications
Checking for a 200 status code when a user list is retrieved successfully.
Validating that the response contains the field 'name' after creating a new user.
Memory Aids
Interactive tools to help you remember key concepts
Rhymes
Status code is the key, it tells you what you see; 2's for success, 4's for miss, 5's for server's hiss.
Stories
Imagine you're an API sending data. One day, a user asks for data but forgets their key (token); the API kindly replies, '401 Unauthorised, please check your key!'
Memory Tools
To remember the HTTP methods: 'Get Some Perfect Triple-Decker Sandwiches' (Get, POST, PUT, DELETE).
Acronyms
RESPONSE
Verify Results
Ensure Status Code
Observe Necessary Fields
Safeguard Against Errors.
Flash Cards
Glossary
- API
Application Programming Interface; allows different software systems to communicate.
- Status Code
Numeric response code from the server indicating the status of the request.
- Response Body
The data returned by an API after a request is made.
- Assertions
Scripts used in Postman to validate responses.
- Negative Testing
Testing the API with invalid data to ensure proper error handling.
Reference links
Supplementary resources to enhance your learning experience.