How to test the REST API's effectively ( Complete )?
I want to know apart form verifying status codes ( 200, 400, 500 ) and json what else we can verify to make sure API's work as intended ? PS : I have little Idea about Schema validation as well. If anybody can help me with the good resources ( Blog, website ) etc It will be great. And I am looking for both manual and automation testing for the same.
I really like this question, it's something I've thought about a lot. Validation response codes and a JSON body is a good start, but like you said, there's a lot more that can be done.
I built an API testing tool Assertible (https://assertible.com), and have written a few blogs on approaching different ways to test/validate a REST API, these are some of the higher-value ways:
- Contract testing / schema validation - you briefly mentioned this one, but JSON Schema validation is a big one as it gives you way to test the entire nested response body to ensure every field is correct.
- Response time and performance testing - testing response times ensures that the API replies to the request in a decent time-frame. We use this at Assertible to ensure our Dashboard and website pages load quickly. This is more important on GET requests that it is on POST/PUT/DELETE.
- Testing malformed requests - this is an important one, actually. How does your API response when you send a malformed request? Try a method that shouldn't be allowed on a certain endpoint. Omit keys from POST bodies and see what happens. You'd be surprised how many APIs doesn't validate requst bodies.
- API security monitoring - Similar to the above point, try testing an HTTPS API over HTTP. Is any sensitive data exposed?
- Health checks and performance testing - This is more basic status code validation, but run very frequently (like 1 or 5 minute intervals). You can pick up brief outages that give you information on stuff you never even know happened!
Those approaches are all taken from various blogs I've written on Assertible:
Hope this is helpful!