Shades of ‘API Testing’
2 min readSep 4, 2024
Below is a summarized detail about the diversity and differences that distinguish under the umbrella of API testing.
- Smoke Testing — conducted upon the completion of the development to validate if the developed APIs are working without any failures or breakpoints. (Based on the instance, sometimes this is considered a Build Verification test.)
- Functional Testing — conducted against the functional requirements delivered by the business to compare the expected results against the actual results.
- Integration Testing — conducted as an end-to-end test after combining several API calls to mostly verify the business flow/user flow and data transmission flow, which involves a chain of API interactions.
- Regression Testing — conducted to ensure that the implemented new feature or the bug fixes made have no impact or have not broken any existing behaviors and functionalities of the API.
- Fuzz Testing — conducted as a negative testing approach, by injecting the negative inputs (invalid data, unexpected data, null data) to attempt crashing the API to identify the vulnerabilities within the API
- Load Testing (Performance) — conducted by simulating different loads (expected load) to observe, analyze, and calculate the capacity of the API.
- Stress Testing (Performance) — conducted by deliberately exposing the API to high loads (higher than expected load) for a period of time to verify;
- if the API can sustain stability and function normally without any failure or delay. - Spike Testing (Performance) — conducted by deliberately exposing the API to unexpected high loads (higher than expected load) in different time intervals to verify;
- if the API can sustain the stability and function normally without any failures or delays,
- if the API can recover after the sudden spike/burst of high load without any failures or delays - Security Testing — conducted to analyze all the possible external threats and to proactively ensure its security.
- UI/UX Testing — conducted to verify the fetched data has been displayed accurately and properly.