What is API Testing?

API testing is a type of software testing that involves testing application

programming interfaces (APIs) directly and as part of integration testing to
determine if they meet expectations for functionality, reliability, performance, and
security.

API testing can be performed manually or using automated testing tools. Some
common tasks that are performed during API testing include:
● Testing the functionality of the API to ensure it behaves as expected
● Verifying that the API returns the correct response for different input
values Checking for error handling and validation of input
Testing for security vulnerabilities
● Checking for performance and scalability of the API
● API testing is important because it ensures that the different components
of a system can communicate with each other correctly and that the
system can handle a large volume of requests.

API full form is an Application Programming Interface that is a collection of

communication protocols and subroutines used by various programs to
communicate between them.

How is an API Different From a Web Application?

An API acts as an interface that allows proper communication between two programs
whereas a web application is a network-based resource responsible for completing a single
task. Also, it’s important to know that “All web services are APIs, but not all APIs are
web”.

The difference between an API and a web application is that an API allows two-way
communication and web applications are just a way for users to interact through a web
browser. A web application may have an API to complete the requests.
Types of APIs
There are three basic forms of API –

1. WEB APIs

A Web API also called Web Services is an extensively used API over the web and can be
easily accessed using the HTTP protocols. A Web application programming interface is
an open-source interface and can be used by a large number of clients through their
phones, tablets, or PCs.

2. LOCAL APIs

In this type of API, the programmers get the local middleware services. TAPI (Telephony
Application Programming Interface), and .NET are common examples of Local APIs.

3. PROGRAM APIs

It makes a remote program appear to be local by making use of RPCs (Remote Procedural
Calls). SOAP is a well-known example of this type of API.

Few other types of APIs:

● SOAP (SIMPLE OBJECT ACCESS PROTOCOL): It defines messages in XML

format used by web applications to communicate with each other.
● REST (Representational State Transfer): It makes use of HTTP to GET, POST,
PUT, or DELETE data. It is basically used to take advantage of the existing data.
● JSON-RPC: It uses JSON for data transfer and is a lightweight remote procedural
call defining a few data structure types.
● XML-RPC: It is based on XML and uses HTTP for data transfer. This API is widely
used to exchange information between two or more networks.

What are REST APIs?

REST stands for Representational State Transfer, and follows the constraints of REST
architecture allowing interaction with RESTful web services. It defines a set of functions
(GET, PUT, POST, DELETE) that clients use to access server data. The functions used are:

● GET (retrieve a record)

● PUT (update a record)
● POST (create a record)
● DELETE (delete the record)

Its main feature is that REST API is stateless, i.e., the servers do not save clients’ data
between requests.

What is a Web API?

Web API Is simply an API for the web. It is an API that can be accessed using the HTTP
protocol. It can be built using Java, .nET, etc. It is implemented to extend the functionality of
a browser, simplify complex functions, and provide easy syntax to complex code.

The four main types of web APIs are:

● Open API
● Partner API
● Internal API
● Composite API

SOAP REST
 SOAP (Simple Object
REST (Representational State
Access Protocol) is a
Transfer) is a set of guidelines
protocol with specific
(architectural style) offering
requirements like XML
flexible implementation
messaging

Heavier and needs more Lightweight and needs less

bandwidth bandwidth

It defines its own It inherits security from the

security underlying transport

It permits different data formats

It permits XML-based
such as plain text, HTML, XML, JSON,
data format only
etc.

SOAP calls cannot be

REST calls can be cached
cached
Components of URL
Variables in Postman

○ Postman variables work in the same way as that of the programming variables. These are
the symbols capable of taking various values. You can store the values in variables and can
use it throughout in requests, environments, collections, and scripts.
○ Variables in Postman increase the user's efficiency to work and decrease the errors.
○ Variable-Use {{url}}
Variable Scopes

Variable scope is the boundary within which these variables can be accessed and executed.
The following variable scopes are supported by Postman, which is used for different tasks.
The narrowest variable scope is Local, and then next is Data, Environment, Collection, and
the broadest one is Global.
In case, the variable name is the same, in two scopes with a different value, then the value
of the narrowest variable scope will be used while running the request. Let's say the name
of both local and global variables is My Variable. Then Postman will use a local variable
value to run the request, as a local variable is the narrowest variable scope.

Let's see these variable scopes one by one:

○ Local Variables
These are temporary variables that will only function inside the environment they
were created in. When you change the environment, the variable will stop its access,
and an error will occur.
○ Collection Variables
These are independent of environments and are available for all the requests in a
collection.
○ Environment Variables
These are the most used variable scope in Postman. At a time, a single environment
can be active. They are bound to a specified environment used to execute the
request.
○ Global Variables
These are independent of environments and function outside the environment.
Users are not required to create an environment for global variables. Through global
variables, we can access data between collections, test scripts, requests, and
environments.
○ Data Variables
Data variables come from external CSV and JSON files to define data sets that you
can use while collections are running through Newman or the Collection Runner.
Passing Data With Your Request & Debugging

(https://httpbin.org/status/502) Path variable—-?-Query parameter (?name=Prachi)

Pre-request Script & Test Script
In Postman Scripts are the lines of code that allow you to automate an API test.

Builder or Request section

 ○ Untitled Request

'Untitled request' is basically the default request title you are working on. The title depends
on the type of request method you are working on, as shown in the image below.

○ HTTP request
This option opens a drop-down list of all the HTTP request methods, as shown in the image
like GET, DELETE, PATCH, OPTIONS, LINK, POST, COPY, UNLOCK, PURGE, etc. In general, we
mostly use POST and GET. We will discuss these requests in later chapters.

○ Request URL or Endpoint

This URL option is like any other browser URL. In this, we mention the link to where the
API will communicate with.
 ○ Params

This option is used to write the parameters of the request. These parameters include key
values and descriptions.

○ Authorization

The authorization process is required to access the APIs. This process verifies whether you
have permission from the server to access the data you want. We will discuss this as a
complete chapter later on.

○ Headers
An HTTP request header is the additional data that is required to send along with the
request. This header information is required for proper two-direction communication
between the client and the server.

○ Body

It lets you specify the data type that you need to send with a request. There are various
types of body data that you can send to match your API.

○ Pre-request script

These are written in JavaScript, and as the name suggests, these are executed before
sending the request. Generally, these scripts are for setting the environment and ensuring
that the request is running in the right environment.

○ Test scripts

It is executed during the request. It is also written in JavaScript. This helps you to ensure
that the API works as intended. Testing is important as it sets up checkpoints to verify
whether the response status is ok and retrieved data is as expected.
4. Response section
The API responses which are sent back from the server are shown in the response window.
These are generated after you send an API request to the server. As we have not sent any
request, so there is no response in our case.