API testing is important in the quality assurance process because with API tests you can be sure that the back-end of the application works as expected. No matter which tool are you using and what is your goal with your API tests, writing test cases is useful because it will help you to have a test process that is more streamlined and efficient.
Writing the Test Cases
After you understand the API’s requirements for the app that you are testing, and you know the expected input and output, expected status codes, the flow of the API calls, the validations that need to be implemented, and the business logic behind each API endpoint, you can continue with the next step.
The next step is to decide which aspect of the API you’ll be testing, for example, are you going to perform functional , performance, or security testing?
After completing these two steps you can start writing the test cases for testing the API. The test cases should be written clearly to ensure they are easy to understand and execute.
Here is one example of a test case structure that you can use for your test cases:
Title | A short title that describes the main goal of the test case. |
Description | A summary in one or two sentences about what the test case will verify. |
Pre-Conditions | Any conditions that must be met before the test case can be executed. |
Test Steps | Write every action that you perform while you execute the test case. Write short and precise steps, and include all the relevant information in each step. |
Test Data | The data that is used in the test. |
Expected Result | Write what is expected when the test case is executed. For example, write the status code that you are expecting, the response body, the response time, the validation that needs to be triggered, etc. |
Example:
Test Case Title: GET the list of added products
Test Description: Verify that the API returns a 200 status code when a valid request is sent to the /products
endpoint.
Pre-Conditions: The database must contain at least one product.
Test Steps:
- Send a GET request to the
/products
endpoint. - Verify that the response status code is 200.
- Verify that the response body contains a list of products.
Expected Result: The API returns a 200 status code, and the response body contains a correct list of products.
Identify and Write Test Case About Various Scenarios
When you are testing the UI of the application you are always checking the positive and the negative scenarios. You need to apply the same thing when you are testing the API to ensure that the API behaves correctly under all circumstances.
- For example, check the boundary values for the data that you are sending, like the maximum and minimum allowed values, the longest and the shortest allowed string, the larger and the smaller allowed number, etc.
- Also, you can try sending some invalid values, like negative numbers, invalid strings, values that exceed the maximum and minimum allowed values, etc. Try to send some empty values, null values, or invalid data, or send an empty request body to see how the API will behave.
- Make some tests to see how the API handles multiple requests if they are sent simultaneously to the same endpoint. You can also test what will happen if there is some network issue or server error.
- If the API that you are testing is dependent on some external services or databases, make sure to also include scenarios for that in your test cases.
- You can send a POST or PUT request to some endpoint with a large payload (for example send a 10MB file), and see if the API will return a response in a reasonable time.
- Try to send some requests with an invalid authentication token and check if the API returns an appropriate error message for unauthorized access.
- You can also verify that the API correctly handles pagination parameters in a response (GET
/items?page=1&limit=10
).
As you can see there are a lot of scenarios that you can cover with your test cases to ensure that every aspect of the API is working properly.
Example of a negative scenario:
Title: GET product with unexisting ID
Test Description: Verify that the API returns a 400 status code when an invalid product ID is sent to the /products/{id}
endpoint.
Pre-Conditions: None.
Test Steps:
- Send a GET request to the
/products/invalid_id
endpoint. - Verify that the response status code is 400.
- Verify that the response body contains an appropriate error message.
Expected Result: The API returns a 400 status code, and the response body contains an error message indicating that the product ID is invalid.
Review and Refine Your Test Cases
After writing your test cases, review them to ensure they are complete, accurate, and easy to understand. As the API evolves, make sure your test cases are updated to reflect any changes in functionality or parameters.
Things to consider when reviewing your Test Cases:
- Are the test cases aligned with the API requirements?
- Do they cover all key functionalities, edge cases, and error scenarios?
- Are the steps clear, concise, and easy to follow?
- Is the expected outcome well-defined and measurable?
Automate Your Test Cases
When the test cases are written, consider automating them using tools like Postman, RestAssured, or SoapUI. Automation helps you quickly rerun tests, especially regression tests, and ensures consistency in your testing process. You can start with automating the most critical and frequently executed test cases. Make sure that you integrate your automated tests into your CI/CD pipeline for continuous testing.
By following these guidelines, you’ll be able to create clear, concise, and comprehensive test cases that will help ensure the reliability and performance of the APIs you’re testing.