Recently I joined a project, which already has relatively large code-base. This project contains primarily a back-end service which exposes a large number of APIs (somewhere in between 200-300). These APIs are used by numerous clients (Mobile Apps, Web-browser clients etc). I have been tasked with testing these APIs and making sure nothing breaks. No prior API Testing is present in this project. What is the most reliable way to do this?
The Project is still in active development. Thus new APIs could be added, existing ones could be removed/updated.
Since the number of APIs is large I am reluctant to do the testing manually and verifying if the output is valid. I did preliminary research (reading documentation, YouTube demos) on following tools
PostMan : It appears, here I need to manually add the APIs into the tool and write tests in JavaScript (although I know basics, I am not very comfortable with programming in JavaScript). I am also worried how I can maintain the API Tests if an API gets modified overtime. Is there an easy way to update the Tests.
SOATest : Unlike PostMan, this tool appears to require some upfront effort in learning how to use. It claims to generate the API tests automatically. I am not sure how useful those will be. I am not sure how maintenance of Tests works here.
Tosca : Similar to SOATest this tool also appears to require some upfront training about how to use. it. The website claims that with this tool helps in rapid creation of resilient tests that can be easily maintained, It would be great if any actual user could describe how useful this tool is.
I am new to this responsibility any suggestion/advice/feedback would be greatly appreciated.
Are there any other tools/tricks that I could use to get API testing done quickly and reliably?
How often should we run the API tests**?** Would running the Test prior to release sufficient? Or should they be run after every commit to code repository? Can this be achieved through typical CI/CD integrations?
How much time should that tests take to run for a project of this size? Is it an acceptable norm in the industry for API test cases to run for few hours? or should they complete in the scale of minutes/seconds? (I can see that it affects how may times we could execute the tests, any insights on this trade-off?)
Apart from testing team, who are generally involved in API Testing? Does the back-end write/review API Tests? How involved are front-end and product teams?
Sometimes I look at an API I don't clearly understand, what are the input parameters and often end up discussing with the dev how an API should be called, what test data should be passed and what assertion should be made. Is there an efficient way to handle the Test data problem?
I apologize for relatively lengthy post. But as you could see there are so many question and I have little to no idea how to go about them. Thank very much for reading.
โ01-29-2021 02:16 AM
If you ask me about the testing cycles, I'd prefer an easie solution: to codify my tests with Java with Behavior Driven Development (BDD) with Gherkin or C#. The former is a perfect tool that increases coverage (drastically) with much less code.
We also use a manual testing tool > Postman and essaydune.com for homework. But it depends on your colleagues' testing skills.
โ04-19-2021 03:47 AM - edited โ04-19-2021 03:48 AM