Test Automation Forum

Welcome to TAF - Your favourite Knowledge Base for the latest Quality Engineering updates.

Celebrating our 2nd Anniversary!

Test
Automation
Forum

(Focused on Functional, Performance, Security and AI/ML Testing)

Brought to you by MOHS10 Technologies

Test
Automation
Forum

Focused on Functional, Performance, Security and AI/ML Testing

API Testing – An approach to shift-left ideology

API Testing-Testautomation forum

Introduction

Software delivery teams have always faced multitude of challenges in an ever-changing landscape of tools, technologies & practices. Teams must constantly upgrade themselves in this multi-dimensional landscape as software development processes transitioned from traditional models to Agile & DevOps.

The constant focus for the teams during this transition has been to have a potentially shippable product at end of every iteration. As iterations became leaner and thinner, releases became more frequent and reduced the distance between the user aka operations and the development teams. During this period of frequent releases, teams had to constantly adapt to having releases over several months to fortnights to days and more so hourly in certain industries.

Over this long journey from past 2-3 decades, during which Software teams have significantly evolved & adapted to changes, the only constant which has remained unchanged through this enduring expedition has been Software Quality, which defines if a customer stays with you or walks out of the door.

I would also like to bring your attention towards how applications have matured over decades. Software teams have constantly enhanced the architecture from being monolithic to distributed, services oriented and microservices to support user experience, customer needs, availability and security. Hence, our focus today is at intersection of two very important changes we have seen in our industry over the decades – Software development processes & Technology.

Today, in this article we will not only look at one of the many different strategies which teams follow to drive quality mindedness, but also understand how we can achieve it. So, lets dive in – One of the important strategies we are talking about today is Shift-left ideology. Software teams come up with great jargons and you will hear many more as you read!  The idea here is Software teams reduce the risk of finding failures as much by testing early, which in turn reduces overall of cost of quality among the various other benefits.

Before going any further, let’s look at Martin Fowler’s Test pyramid. On a side note, I am a huge fan of Egyptian pyramids, since they are humanity’s one of the greatest inventions and their solid architecture has stood the test of times. So, in my view a strategy built around Test pyramid is so much relevant even today as we will see that this approach will help us build a solid approach to Software Quality. Our focus here is going to be on one of the components in Test pyramid – Service or API layer.

We will look at one such approach for API layer – API testing and will specifically look at how an open source testing tool – Karate can help us achieve this goal. Interesting name for a tool isn’t it! Anyone who masters this tool will henceforth be called ‘The Karate Kid’…Just kidding! I would like to take this opportunity to thank founders of this tool for making easy it easy for Software teams.

So, what’s an API??

In Service Oriented Architecture (SOA), an Application Program Interface (API) is a way for various applications to communicate with each other using a common language, often defined by a contract. Examples of these would be a Swagger document for RESTful services or a WSDL for SOAP services.

APIs represent building blocks that developers can use to easily assemble all sorts of interactions without having to rewrite an interface every time they need machines to communicate. Additionally, since APIs have contracts, applications that want to communicate with each other can be built in completely different ways, if they communicate in accordance with the API contract. This allows different developers from different organizations in different parts of the world to create highly distributed applications while re-using the same APIs.

We won’t dwell too much into types of APIs, but primarily web services/API development falls into either REST or SOAP based on the architecture style followed by Software teams. In this article, we focus on REST since it primarily relies on HTTP protocol and more widely followed.

Let us consider a basic example – A REST based application would have a client send a HTTP request to an endpoint with either of 4 basic actions – GET, POST, PUT & DELETE (CRUD) and server responds back with a status and specific content type as we see below:

Testing the service layer APIs in above example instead of UI takes us a step towards our Shift-left ideology. But as applications tend to get more complex based on several factors – functional demands, scale, architectural style like microservices etc., we start looking much deeper and the concepts of mocks & stubs will take us more closer in our journey to Shift-left ideology. [will discuss more about it in my upcoming articles]

Now that we understand what’s API…Let’s see what & how to test it!

One can perform automated API testing to test the application at the API level, design test cases that interact directly with the underlying APIs instead of UI and gain numerous advantages, including the ability to test the business logic at a layer that is easy to automate in a much stable manner. The API tests allow you to test application logic at a level that unit tests cannot. The best way to approach API testing is having an API contract in place. A contract is a blueprint [will discuss more about it in my upcoming articles], which will enable software teams to develop code and tests in parallel – referring to shift left approach I was talking about earlier.

Test approach for APIs can vary too, some of most common types of tests include –

  • Specification : Contract
  • Functional : Component, Scenario
  • Performance
  • Security

Teams can pick from plethora of tools available based on their need – Rest assured and Karate DSL are two commonly used frameworks. Here, we are going to discuss how to achieve API testing using Karate DSL framework. Few of the aspects which stood out during framework evaluation:

  • Support to Rest API services and other protocols
  • Out of box features – Setup, ease of use & learning curve etc.
  • Hooks to JavaScript and Java
  • Support for continuous integration
  • Support for mocks
  • Reporting
  • Online support

Karate DSL

Karate DSL – A open source tool to combine API test automation, mocks and performance test into a single unified framework. Following key features:

  • Follows BDD syntax (popularized by Cucumber)
  • Easy learning curve
  • Saves development efforts – Step definitions are pre-defined
  • Powerful JSON & XML assertions
  • Standard Maven structure to integrate tests with CI and run in parallel
  • Reporting is intuitive – Integration with Cucumber plugins
  • Embedded Java/JavaScript engine – Helps build a library of reusable functions
  • Built-in configurations for switching across environments (QA, Staging etc.)
  • Support for multiple protocol – SOAP, HTTPS/HTTP etc.

        Reference: https://github.com/intuit/karate

Maven – A uniform build automation tool used primarily for Java projects. API test framework uses it to install dependency software, build test codes, run test cases and construct the test results

Junit4/5 – A testing framework for the Java programming language. API test framework uses it as test runner, define test category, test priority, data provider etc.

Cucumber – A BDD (behavior-driven development) framework. It allows expected software behaviors to be specified in a logical language that customers can understand

Basic setup

Karate DSL provides wide selection of features required to test APIs out of the box. Designing a framework approach is key to success of any automation and solely depends on your application under test. Design considerations should be made in tandem with inputs from the development team, since the contract definitions are core to creating a successful API test approach. [will discuss more about it in my upcoming articles]

As with any test automation, framework is key element in API tests. Framework design should follow these three basic principles – tests should be reusable, maintainable and extendable. For an API test it means, team should consider, primarily:

  • API design practices
    • headers, request, status code
    • http methods
    • parameters, request payloads
    • response attributes, data types
    • content types
  • Developer tech stack
  • Security
  • Performance
  • Error handling
  • Test data

Test Features

Karate DSL follows BDD style construct, which is easy to build, read & maintain. I will not dwell much into technical details of the code in this article as every team can develop guidelines and principles and the Karate GitHub has collection of examples. Here is a basic sample:

Reference: https://github.com/intuit/karate

Following best practices can be recommended for better outcomes:

  • Outline of scenario identified by tags – #smoke, #regression etc.
  • Setup the pre-requisites of script – headers, end points, environment, global parameters etc.
  • Action the API to get a response – GET, POST etc.
  • Assertions – This is one of the most important section to validate the actual results against the expected
  • Examples – Setting up test data for the feature

Source code control

Software teams should source control test code and test beds as any other application code. This makes the code easily accessible to wider team and helps to have quality control checks in place. Karate DSL tests can be version controlled and maintained in Git repositories.

Continuous Integration & Deployment (CI/CD)

To maximize the benefits of automation, one of the key success criteria is integrate automation tests with build pipelines for faster feedback cycles. The key benefits of integrating the Karate API tests with build cycles are:

  • Faster execution
  • More robust  & consistent
  • Can be configured to any environment – dev, test, prod etc.
  • Can be configured to various types of tests – smoke, regression etc. or test beds

Software teams primarily use CI tools like Jenkins for deployment pipelines. We can use Jenkins to:

  • Configure & execute Karate API tests
  • Integrate with deployment jobs to verify build quality
  • Configure Cucumber plug-ins to generate intuitive test results for Karate API tests
  • Configure dashboard to display build status
  • Configure notifications to emails & chat bots

Conclusion

I think it is now safe to conclude that Shift-left approach is one of the key success factors in how we build quality mindedness into our software teams to keep our customers happy in one of the most dynamic and exciting periods of our times.

API automation is a very important step in this journey towards quality mindedness and setting up a right framework like Karate DSL, a right process like continuous integration with tools like Jenkins and a right feedback loop will help us get one step closer to our goals. But more importantly, it is vital that every team learns from their problems, experiences and solutions. It is the journey, not the destination that matters!!!

Thanks for going through this article. Let me know what do you think. Will be more than glad to see your comments.

Stay tuned for the next article!

Total Page Visits: 1695
5+
Share

2 thoughts on “API Testing – An approach to shift-left ideology”

  1. vasagamsp@gmail.com

    Well written article! API testing, it’s need, importance and the tools used are nicey explained
    Looking forward to reading the series to this article!

Comments are closed.

Submit your article summary today!

[wpforms id="2606"]

Thank you for your interest in authoring an article for this forum. We are very excited about it!

Please provide a high level summary of your topic as in the form below. We will review and reach out to you shortly to take it from here. Once your article is accepted for the forum, we will be glad to offer you some amazing Amazon gift coupons.

You can also reach out to us at info@testautomationforum.com