11.5 - API Testing Checklist for QA

Interactive Audio Lesson

Listen to a student-teacher conversation explaining the topic in a relatable way.

Understanding Status Codes

Unlock Audio Lesson

Signup and Enroll to the course for listening the Audio Lesson

Teacher
Teacher

Let's start by discussing HTTP status codes. Why do you think these codes are essential in API testing?

Student 1
Student 1

I think they indicate whether a request was successful or failed.

Teacher
Teacher

Exactly! For example, the status code 200 means a successful response, while 404 indicates that something was not found. Remember, '2xx means success.' Can anyone tell me what a 500 error represents?

Student 2
Student 2

It usually means there's a server error, right?

Teacher
Teacher

Right on! HTTP status codes help us determine the state of our API. Make sure to check these during your testing process.

Response Field Validation

Unlock Audio Lesson

Signup and Enroll to the course for listening the Audio Lesson

Teacher
Teacher

We've talked about status codes. Now, let's focus on the actual response body. Why is it important to verify that the response contains the expected fields?

Student 3
Student 3

If the response fields are incorrect, it could lead to errors in the application.

Teacher
Teacher

Exactly! Testing response body fields ensures the app receives the correct data. For example, if you're expecting 'name' to appear, but it doesn’t, that's a problem!

Student 4
Student 4

Can this be automated in Postman?

Teacher
Teacher

Yes! You can write assertions in the Tests tab to validate field presence and values.

Data Type Checks

Unlock Audio Lesson

Signup and Enroll to the course for listening the Audio Lesson

Teacher
Teacher

Let's dive into field data types. Why do you think we should validate that the fields returned have the correct data types?

Student 1
Student 1

Incorrect data types could cause the application to crash or behave unexpectedly.

Teacher
Teacher

Exactly! An 'id' should always be an integer, while an 'email' should be a string. Would anyone like to share how we check these in Postman?

Student 2
Student 2

I guess we could use assertions in the Tests tab to compare the data types.

Teacher
Teacher

Correct! Validation helps maintain application integrity.

Authorization Testing

Unlock Audio Lesson

Signup and Enroll to the course for listening the Audio Lesson

Teacher
Teacher

Now, let’s talk about authorization. What happens when you try to access an API without valid credentials?

Student 3
Student 3

We should get a 401 Unauthorized response.

Teacher
Teacher

Exactly! It's essential to confirm that unauthorized requests are handled properly. This protects sensitive data. Make sure you test for this when creating your checklist.

Introduction & Overview

Read a summary of the section's main ideas. Choose from Basic, Medium, or Detailed.

Quick Overview

This section provides a comprehensive checklist for API testing focused on various types of validations and testing scenarios using Postman.

Standard

The API Testing Checklist for QA outlines essential checks such as validating status codes, response bodies, data types, authorization, and handling negative test cases. Each checklist item is crucial for ensuring a robust API testing process and reliability of the application.

Detailed

API Testing Checklist for QA

API testing is a critical step in ensuring that applications function correctly when communicating over APIs. The checklist provided here serves as a guide for Quality Assurance professionals to systematically assess various aspects of an API during testing.

Key Types of API Tests Covered:

  1. Status Code Validation: Ensures the API returns appropriate HTTP status codes like 200, 404, or 500 depending on the request.
  2. Response Body Field Checks: Involves verifying that the API response contains the expected fields such as 'id' and 'name'.
  3. Field Data Type Validation: Confirms that fields in the response have the correct data types, such as integers for IDs or strings for emails.
  4. Authorization Testing: Tests the API's response when accessed without valid tokens, expecting a 401 Unauthorized status.
  5. Negative Testing: Involves sending invalid or malformed data to ensure the API returns appropriate error messages.

This checklist not only helps in ensuring the functionality of the API but also enhances its reliability, security, and performance.

Audio Book

Dive deep into the subject with an immersive audiobook experience.

Status Code Validation

Unlock Audio Book

Signup and Enroll to the course for listening the Audio Book

Check for correct HTTP status (200, 201, 400, 404, 500)

Detailed Explanation

This chunk emphasizes the importance of validating the HTTP status codes returned by API requests. HTTP status codes are standardized responses that indicate whether a request has been successfully processed or if an error occurred. A 200 or 201 status code typically means the request was successful, while 400 and 404 indicate client errors and 500 indicates a server error.

Examples & Analogies

Imagine you send a package through a courier service. Upon checking the status online, a 'delivered' status confirms your package reached the recipient. If it says 'not found,' it indicates an issue in the delivery — similar to how HTTP status codes inform you about the success or failure of an API request.

Response Body Validation

Unlock Audio Book

Signup and Enroll to the course for listening the Audio Book

Verify fields like id, name, etc.

Detailed Explanation

This chunk discusses the necessity of verifying that the response body returned by the API contains the expected fields, such as 'id' and 'name'. Each API request should return a well-defined structure in its response, and validating the presence and correctness of these fields ensures the API functions as intended.

Examples & Analogies

Think of this like checking your bank statement after a transaction. You expect to see the transaction ID and the amount debited from your account. If those details are missing, there may have been an error in processing the transaction, just like missing fields in an API response could indicate an issue.

Field Data Type Validation

Unlock Audio Book

Signup and Enroll to the course for listening the Audio Book

Ensure id is an integer, email is a string

Detailed Explanation

In this chunk, the focus is on validating the data types of the fields returned in the API response. For example, confirming that the 'id' field is an integer and that the 'email' field is a string ensures that the data adheres to expected formats and can be processed correctly by applications consuming the API.

Examples & Analogies

Consider how you would ensure that the information on an online job application is correctly formatted. You wouldn’t want a numeric value in the email field; just like ensuring fields in API responses have the correct data types prevents errors during data processing.

Authorization Testing

Unlock Audio Book

Signup and Enroll to the course for listening the Audio Book

Send without token and verify 401 Unauthorized Test

Detailed Explanation

This chunk pertains to testing the API's authorization mechanisms. By sending a request without an authorization token and checking for a 401 Unauthorized response, you can confirm that the API correctly restricts access to authenticated users only. This kind of testing is critical for ensuring the security of the API.

Examples & Analogies

Imagine trying to enter a secured building without your ID badge. The security team will not let you in, and you'll receive an 'unauthorized' response. Similarly, APIs should block access unless the user is authenticated with the correct token.

Negative Testing

Unlock Audio Book

Signup and Enroll to the course for listening the Audio Book

Send invalid data, expect proper error message

Detailed Explanation

This chunk highlights the practice of negative testing, where invalid data is sent to the API to ensure it handles errors gracefully. By checking for appropriate error messages in response to invalid input, developers can confirm that the API provides useful feedback to users, improving overall user experience and system reliability.

Examples & Analogies

Think of a vending machine. If you enter an invalid code, you expect it to respond with an error message explaining the issue. Similarly, when an API receives invalid data, it should respond with a meaningful error message to help users correct their inputs.

Definitions & Key Concepts

Learn essential terms and foundational ideas that form the basis of the topic.

Key Concepts

  • Status Code Validation: Ensuring the API returns appropriate HTTP codes.

  • Response Body Verification: Checking the presence of expected fields in the API response.

  • Field Data Type Validation: Confirming the data types of fields in the response.

  • Authorization Testing: Verifying API access with valid/invalid tokens.

  • Negative Testing: Testing with invalid inputs to ensure robust error handling.

Examples & Real-Life Applications

See how the concepts apply in real-world scenarios to understand their practical implications.

Examples

  • Checking for a 200 status code when a user list is retrieved successfully.

  • Validating that the response contains the field 'name' after creating a new user.

Memory Aids

Use mnemonics, acronyms, or visual cues to help remember key information more easily.

🎵 Rhymes Time

  • Status code is the key, it tells you what you see; 2's for success, 4's for miss, 5's for server's hiss.

📖 Fascinating Stories

  • Imagine you're an API sending data. One day, a user asks for data but forgets their key (token); the API kindly replies, '401 Unauthorised, please check your key!'

🧠 Other Memory Gems

  • To remember the HTTP methods: 'Get Some Perfect Triple-Decker Sandwiches' (Get, POST, PUT, DELETE).

🎯 Super Acronyms

RESPONSE

  • Verify Results
  • Ensure Status Code
  • Observe Necessary Fields
  • Safeguard Against Errors.

Flash Cards

Review key concepts with flashcards.

Glossary of Terms

Review the Definitions for terms.

  • Term: API

    Definition:

    Application Programming Interface; allows different software systems to communicate.

  • Term: Status Code

    Definition:

    Numeric response code from the server indicating the status of the request.

  • Term: Response Body

    Definition:

    The data returned by an API after a request is made.

  • Term: Assertions

    Definition:

    Scripts used in Postman to validate responses.

  • Term: Negative Testing

    Definition:

    Testing the API with invalid data to ensure proper error handling.