API Testing Tools

Let's explore the tools and techniques for testing REST APIs effectively.

Manual Testing Tools

Postman

The most popular API testing GUI:

• Create and save requests
• Organize into collections
• Run automated test suites
• Environment variables

cURL

Command-line HTTP client:

# GET request
curl https://api.example.com/users

# POST with JSON
curl -X POST https://api.example.com/users \
  -H "Content-Type: application/json" \
  -d '{"name": "Alice"}'

# With authentication
curl https://api.example.com/users \
  -H "Authorization: Bearer token123"

HTTPie

User-friendly cURL alternative:

# GET request
http GET api.example.com/users

# POST with JSON
http POST api.example.com/users name=Alice email=alice@example.com

# With auth
http GET api.example.com/users Authorization:"Bearer token123"

Automated Testing Frameworks

JavaScript/Node.js

Supertest - HTTP assertions:

const request = require('supertest');
const app = require('../app');

describe('Users API', () => {
  it('should list users', async () => {
    const res = await request(app)
      .get('/api/users')
      .expect('Content-Type', /json/)
      .expect(200);

    expect(res.body.data).toBeInstanceOf(Array);
  });
});

Python

Requests + pytest:

import requests
import pytest

def test_list_users():
    response = requests.get('http://localhost:3000/api/users')
    assert response.status_code == 200
    assert 'data' in response.json()

Exercise: Build a Test Helper

Contract Testing

Verify API matches its specification:

// Using openapi-validator
const OpenAPIValidator = require('express-openapi-validator');

app.use(
  OpenAPIValidator.middleware({
    apiSpec: './openapi.yaml',
    validateRequests: true,
    validateResponses: true
  })
);

Load Testing

Test performance under load:

# Using k6
k6 run --vus 100 --duration 30s test.js

// test.js
import http from 'k6/http';

export default function() {
  http.get('https://api.example.com/users');
}

CI/CD Integration

# GitHub Actions example
name: API Tests
on: [push, pull_request]

jobs:
  test:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v2
      - name: Install dependencies
        run: npm install
      - name: Run API tests
        run: npm test
        env:
          API_URL: ${{ secrets.TEST_API_URL }}

Testing Checklist

1. Functionality

   • All endpoints work correctly
   • Correct status codes
   • Proper response format

2. Authentication

   • Valid tokens work
   • Invalid tokens rejected
   • Expired tokens rejected

3. Validation

   • Required fields enforced
   • Data types validated
   • Constraints applied

4. Error Handling

   • Errors return proper format
   • Appropriate status codes
   • Helpful error messages

5. Performance

   • Response times acceptable
   • Handles concurrent requests
   • Rate limiting works

Summary

Effective API testing uses:

• Manual tools for exploration
• Automated tests for regression
• Contract tests for specification compliance
• Load tests for performance
• CI/CD for continuous validation