Banner Image

Business and Technology Insights

Assuring APIs in an Agile World

 
April 26, 2016

Imagine a world where the watch on your wrist monitors your health and beeps to remind you to take your medication. Your phone talks to your refrigerator, and tells you that you are running low on orange juice. And your smart home starts shutting down the air-conditioning when your car reverses out of the garage. As we look to the future, many of these situations no longer seem impossible or even distant possibilities.

Application Programming Interfaces or APIs enable communication and data exchange between two separate software systems. APIs are at the heart of device and application integration. With a set of tools, protocols, standards, and code, they enable device connectivity and application data exchange. They enable businesses to be more agile, users to be more mobile, and devices to be more connected. APIs enable everything to work together in an integrated yet streamlined way.

But how does one ensure the working of this watch, refrigerator, smart home or car. None of these have a traditional user interface.So how do we test them? Addressing the most challenging aspects of Quality Assurance, API testing assures the optimal working of APIs and their integrations, ultimately enabling seamless and efficient functioning of the digital economy. It involves testing of individual as well as chains of functionality to unearth aspects of their siloed as well as integrated, end-to-end working.

Without getting into details of the what and how of API tests, this post will focus on the criticality of ensuring their quality, reliability and security. The quality of an API implies that when an API is called by any entity, the response is consistent each and every time. Reliability denotes that the expected output of an API is definitely delivered each time it is invoked. Security of the API necessitates that data transferred in every request and response is not compromised, especially in a digital cloud ecosystem.

Before a system is opened up for accepting API calls, it must be equipped to handle issues such as erroneous inputs, server side errors, and network failures. For third party developers to correctly integrate the API with their code, API functions must also be well documented. In case of an API that performs business sensitive financial transactions, one can imagine the drastically adverse consequences of inaccurate processing.

While such mission critical scenarios mandate effective API testing, Agile and IoT too bring challenges that must be considered. Agile adoption accelerates solution delivery, APIs accelerate business growth through quicker integration of third party systems. Frequent builds and continuous iterations in the Agile framework demand faster testing mechanisms. As API testing involves validating function calls and system responses, with practically no Graphical User Interface (GUI) to test, it undoubtedly meets Agiles demand for agility. API functions can also be tested earlier in the development process, thus minimizing the risk of production defects, and optimizing cost of quality assurance and testing. Objects that are part of an IoT ecosystem must communicate with each other remotely using web services and network protocols without having a traditional GUI once again a clear case for API usage (and testing).

Now that we have established the scenario and a strong case for API testing, let us quickly delve into three important aspects to consider while testing APIs:

  • Schema Scalability: API testing must ensure scalability of the input schema to handle changing business requirements, particularly the number or combination of parameters of data interchange
  • Combination Coverage: API testing must cover all possible permutations and combinations of input parameter values. Boundary testing must include number ranges, maximum length restrictions for function parameters, acceptance of specific values, parameter validation, and passing and return of special characters.
  • Sequence Flow: Often, a series of API calls in a logical flow completes a transaction, with the output of one call serving as input parameter for the next one. An API test must cover the complete chain of functions, called through both, correct and incorrect sequences.

To summarize, APIs are a critical part of the backbone that supports IoT and digital ecosystems. As the technology landscape becomes fragmented and modularized, and systems become more open, APIs play an even more pivotal role in facilitating smooth flow of mission critical transactions across systems. Therefore, it is critical for QA teams to assure the quality, security, reliability and superior performance of APIs, which is fundamental to customer delight and business success in an always-connected digital world.

Parikshit Chakraborty works as an API Automation expert with TCS Assurance Services Unit. He has an experience of 8 years in various facets of Software Test Automation and has expertise in the domains of automation frameworks development in UI, API and E2E tests for large scale enterprise environments. He also has expertise in tool development for automating security testing. He has presented white papers at Next Gen Testing Conferences, India Chapter at Trivandrum, Kerala and Sri Lanka Chapter at Colombo. One of the white papers was published in the December 2015 edition of The Tester journal of BCS (British Computer Society). Apart from this, he was selected for conferences at Bilbao-Spain and ICTSS 2015 New York. He also received the best white paper award at BTD 2015 conference at Brussels-Belgium.