How do you test a backend API?



  • I was applying for QA position and the SDET asked me this question:

    How do you test a backend API?

    In the interview.

    I wasn't sure I answered it correctly. Just wondering if I can get some input from someone.



  • How you approach testing an API depends on a lot of things. Will the API be a public API that will be consumed by some external people/systems, or is it a part of a larger product's infrastructure? API is a general term that is sometimes used to describe anything from a COM interface, to a DLL or JAR you can reference, to a REST web service. Different approaches can be applied to testing these different things.

    Often, if the API is part of your infrastructure you can test it pretty thoroughly through unit testing and the use of the product that consumes it.

    If it is an externally consumable API then you need to be much more thorough because people could use it in different ways than you might expect and send data in much different formats, etc. It also usually needs to make sense, be intuitive and be well documented if it is externally consumable. You would also need to be more cautious about what is private and public, which may not be as important for an API that is only used by a single product.

    Testing an API nearly always requires you to create some sort of consumer for testing purposes. You have to be able to interact with the API. The consumer is usually very simple - or an existing tool - and driven by automated test cases and not manual user interaction, although I have seen cases where people created a complex GUI app for testing purposes, and cases where the testing was still mostly manual through exercising that app.

    If the API has dependencies, you may choose to mock those dependencies out so you can more thoroughly test all of those interactions and hit all of the positive and negative code paths. For instance, if the API interacts with a database and has the ability to create, modify and delete data you may want to mock the interaction with the database to more easily test cases such as deleting a record when it does not exist, or when it is the final record, or when it is unable to be deleted because of dependencies or even when the connection to the database is unavailable - you can then see how your API would handle these situations.



Suggested Topics

  • 2
  • 2
  • 2
  • 6
  • 2
  • 2
  • 2
  • 2