How are you testing your APIs?

APIs are a hot topic and SaaS providers to Enterprises of all sorts have been busy creating many different APIs to allow their customers to interact with and consume data.

Gartner have been covering this area and in October 2016 these are the players identified in their magic quadrant.


Most large organisations are now committed to Transforming their businesses to a digital landscape. They do this by using or building a platform to allow their stakeholders to work with them on their terms. APIs are a key part of this.

APIs typically allow machine to machine communication using industry standard protocols.  Well defined APIs free end users from the confines of using a default interface and allow controls and outputs to be integrated into their own user experiences ranging from dashboards to custom apps as well as help automating common functions and procedures.

Full lifecycle management of APIs (Managing Your API from Design to Implementation) is crucial to leveraging the full power of APIs. In the heat of delivery battle, One key thing that is often conveniently forgotten is ensuring the quality of the API endpoints long after their deployment.

Whether the API is restful that uses XML or JSON, or a SOAP-based XML container, you should build test scripts that check response time and accuracy of the service.  These Scripts should be reusable and form the basis of your regression test suite. 

Once you have established the responsiveness and the accuracy of the API, it is important to perform some additional tests on the system as well—API security testing, load testing and stress testing.

Security testing an API proves that the API and the underlying infrastructure can handle authentication, authorisation and prevent attacks such as DoS.

Load testing an API proves that the API and the underlying infrastructure can handle an expected number of simultaneous requests.

Stress testing an API tests the upper limits of simultaneous users by increasing the number of requests up to and beyond the theoretical capacity of the service.

There are a number of questions you need to answer when setting up API tests including:

  • Who is your end user, or target audience?
  • Why are they using your API?
  • What is the user trying to achieve with the API?
  • How critical is the API to your users?
  • What happens if the API is unavailable or unreliable?
  • How fast do users expect to receive feedback from the API?
  • How will you test each of these assumptions?

Once you have answered these questions you can build test cases for the API to verify the needs of each case are met.  

Depending on the answers to each of these questions, different types of tests might be necessary to validate the assumptions of each test case.  For example, submitting data to an API might only look for a “successful” response from the API while sending a query may elicit certain keywords or values in the response from the server.

The results of API testing also differ based upon the reason for testing.  There are many different times during the development process and even post production that you would want to test an API, and each of these instances may need to be setup differently.

Regression test suites are key to ongoing quality control. We at jEyLaBs use our own PowerToolz to test APIs. We have built APIs for our customers using the K2 platform and PowerToolz is perfect for testing K2. 

If you want to learn how PowerToolz is utilised by our customers, why not check out a PowerToolz webinar? Register at

%d bloggers like this: