Shades of ‘API Testing’

Hirosh Tharaka
2 min readSep 4, 2024

--

Below is a summarized detail about the diversity and differences that distinguish under the umbrella of API testing.

  1. Smoke Testing — conducted upon the completion of the development to validate if the developed APIs are working without any failures or breakpoints. (Based on the instance, sometimes this is considered a Build Verification test.)
  2. Functional Testing — conducted against the functional requirements delivered by the business to compare the expected results against the actual results.
  3. Integration Testing — conducted as an end-to-end test after combining several API calls to mostly verify the business flow/user flow and data transmission flow, which involves a chain of API interactions.
  4. Regression Testing — conducted to ensure that the implemented new feature or the bug fixes made have no impact or have not broken any existing behaviors and functionalities of the API.
  5. Fuzz Testing — conducted as a negative testing approach, by injecting the negative inputs (invalid data, unexpected data, null data) to attempt crashing the API to identify the vulnerabilities within the API
  6. Load Testing (Performance) — conducted by simulating different loads (expected load) to observe, analyze, and calculate the capacity of the API.
  7. Stress Testing (Performance) — conducted by deliberately exposing the API to high loads (higher than expected load) for a period of time to verify;
    - if the API can sustain stability and function normally without any failure or delay.
  8. Spike Testing (Performance) — conducted by deliberately exposing the API to unexpected high loads (higher than expected load) in different time intervals to verify;
    - if the API can sustain the stability and function normally without any failures or delays,
    - if the API can recover after the sudden spike/burst of high load without any failures or delays
  9. Security Testing — conducted to analyze all the possible external threats and to proactively ensure its security.
  10. UI/UX Testing — conducted to verify the fetched data has been displayed accurately and properly.

--

--

Hirosh Tharaka

BSc(Hons), CSM®, ISTQB® (CTFL, CTAL-TTA, CTAL-TM) | Technical Writer | Technical Tester (QA Lead)