Friday, August 1, 2014

API Testing Overview & Post Man User Guide

Posted by Sumit Rana

Today i have been told in my office that i have to do API testing, which was completely a new topic for me. I searched on internet and with the help of some colleagues in my office i gathered below data. Someone else might doing the same job at his/her office so i am sharing this.

 API is an acronym for Application Programming Interface. It is clear from the name that while performing API testing we will be doing testing at backend which do not offer GUI rather works at back-end.

API is set of rules or standards for accessing a web based service. A software company releases its API so that others can design products that are powered by their services.

API’s are software to software interface not the user interface. With API’s web applications talk to each other without any user intervention or knowledge.

APIs and Web services are completely invisible to Web site surfers and software users. Their job is to run silently in the background, providing a way for applications to work with each other to get the user the information or functionality he needs.
API Testing :-
Approach of API Testing:-
There are basically 3 layers in a web based software. Presentation layer, business layer and database layer.

Presentation layer:- This layer will give you the look and feel of the application. This is the user interface layer from where user is actually accessing the web service or application. For eg:- while booking movie tickets at, we navigate through the various pages which are based on GUI . So the movie ticket website is the only interface that user can see which is placed on presentation layer.

Business Logic Layer:- This is the layer where actual API starts working. Let us consider the above example of booking movie tickets though an online portal. When you buy movie tickets online and enter your credit card information, the movie ticket Web site uses an API to send your credit card information to a remote application that verifies whether your information is correct. Once payment is confirmed, the remote application sends a response back to the movie ticket Web site saying it's OK to issue the tickets.

Database Layer:- This is the last and core layer of a web tool. In this layer we define all the rules for saving the information which is to be access by the user. Database is designed and information is stored in an integrated manner.

What is an API Testing:-

API testing is focused on the functionality of the software's business logic and it is entirely different from GUI testing. It mainly concentrates on the business logic layer of the software architecture. This testing won't concentrate on the look and feel of an application.

API testing is mostly used for the system which has collection of API that needs to be tested. The system could be system software, application software or libraries.

For starting API Testing database and server should be configured as per the application requirements. API Function should be called to check whether that API is working.

Output of an API could be any data, status i.e. pass or fail, call some other API function, update some data or trigger some event or modify certain resource or information.

API testing is checking Application Programming Interface of a Software System. In order to check API we need some software to call API. One of the efficient tool for developing and testing API is Postman (an extension of google chrome). With Postman you have all the flexibility you need to test your API, and it is stable enough to find the errors in your API.

Postmant client:- Postman is a powerful HTTP client to help test web services easily and efficiently. Postman is used only to test RESTful web services. Postman is a user friendly add-on for Chrome browser which provides an easy interface for the REST API testing

REST (Representational State Transfer).

REST is now days commonly used web service by all the tech geeks all around the world. It is a simple stateless architecture that generally runs over HTTP. REST is often used in mobile applications, social networking Web sites, mashup tools and automated business processes. The REST style emphasizes that interactions between clients and services is enhanced by having a limited number of operations.

REST web services communicate over the HTTP specification, using HTTP vocabulary:-
 Methods (GET, POST, etc.)
 HTTP URI syntax (paths, parameters, etc.)
 Media types (xml, json, html, plain text, etc)
 HTTP Response codes

Flow chart for RESTful web services:-

Client is the actual user who will try to access the web service through a URL and the web server will response for the same request.

Client can access the web service either through the computer or mobiles, the phenomenon will remain the same.Here webserver is working at business logic layer and computer and mobile works at presentation layer and database is working at database layer.

 How to get Postman :-

1. Open
2. Click on free, it will ask your google account credentials, fill them and click on sign in.
3. A pop will come click on add and it will get added to your chrome browser.

Now go to the apps page (chrome://apps/) and launch postman it will looks like :-

 Overview of postman interface:-

 Adding collections:-

 Example:- Now let us practically implement the above information and run twitter API for better understanding and flow of tool.

 First we need to create a twitter application to retrieve data from twitter. So login into your


 Add application details:-

  •  I have created this “sumit API postman app”, now go to the modify app permissions and set them to read and write so that we can perform both GET and POST operations.

  •  Now go to the API keys tab and click on regenerate as we have modified the permissions so different API key would be required for authenticating purpose.

  •  Now we are ready so open postman extension.

  •  Now let’s access the twitter API, twitter uses OAuth 1.0, open the tab for the same from the tab bar on top. This will authenticate and allow us to access the twitter services.

  • Now open for knowing the url for API testing. Just follow the below steps:-

  •  On this page you can see the option fir generating URL’s for all available operations i.e. for GET, POST ,DELETE etc.

Press send you will get to know the latest tweet posted by the user. In the similar way you can get the POST url and in url parameters add status in place of user_id and in key field ass the status you want to post and click on send. Then check your twitter page you will see that particular status in your most recent tweet.

Suggestions are always welcome, please add if I have missed something or you have something extra to share in this context.