DEV Community


API Testing : The Definitive Guide in 2020

Pramod Dutta
Lead Automation Expert || Founder of || Youtube at TheTestingacademy || Udemy Teacher. ||
Updated on ・7 min read

This is the Definitive Guide to Do API Testing in 2020

Before that, if you are interested to learn about the Automation concepts
Join our Newsletter -

Yes, I’ll cover the most important topics of API Testing from start to end.

This guide is for any Software Tester or Test Automation engineer who is looking to learn What is API testing How it is done at the enterprise level using CI/CD.

I have included all video tutorials list of API Testing using Postman that will make you an expert in API testing.

What is an API?

API stands for the Application Programming Interface,

They are basically a collection of functions and procedures which allow us to communicate two applications or libraries.

In short, It is like a connector between two services as shown in the picture.

scrolltest API testing guide

In one line, API is its an interface between different software programs or service.

API testing explained

Let’s take a simple example,

Suppose you go to a restaurant.

API is the messenger(waiter) that takes your order from you and tells to the chef in (kitchen), what food to be prepared and after some time waiter returns with the ordered food.

Source – Quora.

Type of APIs:-

API types

What is API Testing?

When we talk about API Testing,

API testing is testing that APIs and its integration with the services.

It is one of the most challenging types of testing If we miss certain cases in API Testing that can cause a very big problem in production after full integration and it will hard to debug in the production environment…

In this definite guide,

We are basically discussing the REST API Testing.

What is REST API in API Testing?

As REST is an acronym for REpresentational State Transfer, statelessness is key. An API can be REST if it follows the below constraints.

The REST architectural style describes six constraints. These constraints, put on the architecture, were initially communicated by Roy Fielding in his doctoral dissertation and defines the basis of RESTful-style.

  • Uniform Interface
  • Stateless
  • Cacheable
  • Client-Server
  • Layered System
  • Code on Demand

Uniform Interface

The uniform interface constraint defines the interface between clients and servers.
In other terms,

The first constraint of the REST API states that the Client and server has to communicate and agree to certain rules based on resources(they should communicate with same resource like json, xml, html , txt) and with proper encoding like UTF-8 extra.

Another point they should communicate with the Self-descriptive Messages e.g Use the same MIME types.


APIs in REST is stateless and Client and server don’t worry about the state of the request or response.


According to the World Wide Web, clients can cache responses. Responses should, therefore, implicitly or explicitly, define themselves as cacheable. It’s up to server when they want the cache to expired etc.


Client and Server are two different entity, It means that servers and clients may also be replaced and developed independently, as long as the interface is not altered.

Layered System.

It means that between client and server there can be any number of layered systems it does not matter.

Code on Demand

The server can store the Code or logic to themselves and transfer it whenever needed rather client-side logic.

rest API used by twitter

If any API fulfills all the constraints then we can REST API.

Difference between REST API vs SOAP API.

We have already discussed REST API, Lets now Learn what is SOAP API.

SOAP (Simple Object Access Protocol)

It is a messaging protocol that allows programs that run on disparate operating systems or services like frontend or backend to communicate using Hypertext Transfer Protocol (HTTP) and its Extensible Markup Language (XML).

!(API testing)[]

SOAP uses WSDL is an XML format for describing network services as a set of endpoints operating on messages containing either document-oriented or procedure-oriented information.

What to Test in API Testing?

  • Validate the keys with the Min. and Max range of APIs (e.g maximum and minimum length)
  • Have a test case to do XML, JSON Schema validation.
  • Keys verification. If we have JSON, XML APIs we should verify it’s that all the keys are coming.
  • Verify that how the APIs error codes handled.

Why you should perform API Testing?

  • Many of the services that we use every day rely on hundreds of different interconnected APIs, if anyone of them fails then the service will not work.
  • Right now, the Internet uses millions of APIs and they should be tested thoroughly.
  • Developers make mistake and they create buggy APIs…
  • Validation of APIs is very important which is going live to production.

The above image shows the architecture of an application and notice that API Testing is an important part…


Let’s learn one more concept HTTP Methods

HTTP – Fundamentals for API Testing

HTTP is an application layer protocol designed within the framework of the Internet protocol suite.

Let’s learn one more concept HTTP Methods

There is Client that performs a requested resource which can be an HTML page, file extra from Server and server perform the response to the client back using the same protocol known as HTTP.

HTTP is a stateless protocol. In other words, the current request does not know what has been done in the previous requests.

What are Cookies?

Cookies are usually small text files, given ID tags that are stored on your computer’s browser directory or program data subfolders.

GET /spec.html HTTP/1.1


Cookie: theme=light; sessionToken=abc123

Record the user’s browsing activity. Which pages were visited in the past?

Contain the name of the domain & Lifetime.

Tool : EditThisCookie –

What are different types of Authentications, let’s understand it…

What is Authentication?

Authentication is a process of presenting your credentials like username, password or another secret key to the system and the system to validate your credentials or you.

In the API terms;

Authentication is used to protect the content over the web means only a valid user with valid credentials can access that API endpoint.

These credentials tell the system about who you are. This enables the system to ensures and confirm a user’s identity.

Here the system can be anything, it can be a computer, phone, bank or any physical office premises.

Basic authentication :

The string is encoded with Base64.

curl –header “Authorization: Basic am9objpzZWNyZXQ=”

Digest Authentication :

Authentication is performed by transmitting the password in an encrypted form. (With Some Salt etc)

OAuth :

An Authentication protocol that allows you to approve one application interacting with another on your behalf without giving away your password.

E.g OAuth 1, 2.

More authentication are discussed here –
How to Handle Authentication?

What is an URL?

We can create an HTTP request from the browser by typing a URL.

The Definitive Guide To do API Testing In 2020
Just for more information, URL can be broken down into further chunks like protocol, host, port and query params. More discussion is out of scope for URL

Let’s Understand what all HTTP methods are present

HTTP Methods explained. : for API Testing

GET Method Explained

POST Method Explained

PUT Method Explained

PATCH Method Explained

DELETE & OPTIONS Method Explained

HEAD/TRACE Method Explained

Now we have an HTTP Methods knowledge lets understand what are Cookie and authentication.

How to Test an API ( API Testing)?

Before that take a look into the example API that can available freely.

Here Keys are category, icon_url, id, URL and value and they have corresponding values as String or number.

API Testing can be done manually or using Tools. It is always recommended to certain tools.

Let’s learn API Testing using our favorite tools.

Below is the list of API testing tools, You can learn or use whichever tool you feel is great for you,

I encourage you to start with Postman it’s an awesome API Testing tool which provides lots of feature like the command line, CI/CD and monitoring of APIs with test case support.

API Testing using POSTMAN

What is Postman?

First of all, let’s understand what is Postman.

It is an API Testing tool used by developers and Testers to perform API Testing with lots of different features like Global variables, mock request, Environment and monitoring of APIs.

You can learn more about a postman in my full Video lecture series here. Download and install it.

P.S – This article assumes that you have some experience with Postman. If not please go through my previous tutorials.

It's available in the macOS, Windows, and Linux as a Native app.

Download Postman –

Major features of the postman

Learn more about API Testing with Postman here :

If you prefer to watch and learn, hop on to our API testing series on Youtube
Subscribe to my Youtube Channel 👉 TheTestingAcademy!


Over to you…

Be sure to subscribe for more videos like this!


Discussion (0)

Forem Open with the Forem app