Hello, dear readers!
Today, I want to dive into the vital world of testing API services from the perspective of Quality Assurance. In modern applications, APIs play a crucial role, including web APIs and backend APIs, and testing them is an indispensable part of ensuring the quality of the software.
Firstly, let's clarify what an API is. In its simplest form, an API is a service or a set of functions that enables the creation of applications accessing the features or data of an operating system, application, or another service.
Who does what?
You might wonder, "Why is it essential to test APIs when the developers who build them should also test their work?" Well, the reality is that many developers, while exceptional at crafting the intended use, may overlook alternative usage scenarios. This is where QA professionals come in. We approach testing not only from the intended use but also from various alternative angles.
API is a service or a set of functions
You might ask, "Who uses an API in ways it wasn't intended for?" The answer is not just us, but other developers and, at times, even end-users.
Let me share a real-life example from my experience:
In a company I worked for, there was an internal-use API service. During testing, I found that sending a POST or PATCH request with invalid data to a particular endpoint could lead to an exception, crashing the service.
The response from the development team was that this scenario was hardly a production case and didn't require fixing. While that was true, it was unacceptable to me. I believed that even in such situations, the API should return an error indicating an invalid parameter rather than crash.
A ticket was logged in Jira, but it was only a few months later when an end-user reported service outages. It turned out that the user was directly interacting with the API using Postman, ignoring the proper front-end validation.
This highlighted the importance of testing API functionality beyond the intended use.
I've heard that Japanese engineers frequently test beyond the boundaries as well as within them, bearing in mind that manuals are often left unread.
The main takeaway here is the importance of QA professionals striving for broad test coverage. Unlike most software engineers, who often focus on the intended paths, we explore the negative paths, ensuring the smooth and reliable operation of the Application Under Test (AUT). Plus, we need to be prepared for the questions from business stakeholders, who might ask, "Was it tested? Why wasn't it tested? This is your job!"
The Rabbit and the Turtle
Furthermore, when it comes to security and performance, the developer who designed and built the API may not be as stringent as a QA professional.
QA will consult documentation, engage with the business team, consult developers, and define a strict set of tests covering API performance, data consistency, and more. Any deviation from the expected results is flagged, prompting further investigation by the development team. This proactive approach ensures potential performance issues and data conformity deviations are addressed before reaching the production environment.
Another story from my experience emphasizes the importance of API testing.
I was testing changes to an API responsible for reading and writing device settings stored as JSON files, some of which were thousands of lines long. Performance was critical since these settings needed to be loaded quickly for a live system. During my testing, I focused on timing and conformity, not the actual changes to settings. I saved snapshots with different sizes—Default, Low Size, Medium Size, Big Size, and Max Size. What I discovered during testing was unexpected. The response times increased as expected with the size of the snapshot, but over subsequent runs, these times doubled and tripled. The problem wasn't with the API's performance but with the load-save service itself, which was slow and prone to memory leaks. This finding prompted a red flag, marking the issue as a blocker that needed resolution before going live.
Summary
This highlights that sometimes simple API testing can reveal deeper issues that go beyond the surface. Therefore, it's crucial to recommend smoke tests of APIs, checking performance and conformity, and always considering negative test cases. While QA is often primarily associated with frontend testing, advocating for comprehensive API testing can uncover hidden bugs and ensure the overall quality of your software.
Happy testing!
Comments