Behind Your App: The API

Behind Your App: The API

blog post publisher

Cătălin

Quality Assurance Specialist

5 min

Dec 12, 2022

An application programming interface (API) is a way for two or more computer programs to communicate with each other. It is a type of software interface, that offers a service to other pieces of software.

WHAT IS API TESTING, YOU MAY ASK?

API testing is a type of software testing that analyzes an application program interface (API) to verify it fulfills its expected functionality, security, performance, and reliability.

Think of API testing as something like a truck full of supplies that need to be delivered to your local store so you can access them. 
What the API does is that it allows the communication between what's behind an application/web page (in the truck) and what’s in front of you, the user interface (the supplies).

In order to do API testing, we need to know the scope of the program and we can obtain the information by asking the following questions: 

  • What endpoints are available for testing?
  • What responses are expected for successful requests?
  • What responses are expected for unsuccessful requests?
  • Which error message is expected to appear in the body of an unsuccessful request?

Answering those questions should give you a great understanding of what needs to be tested.

API testing can analyze multiple endpoints, such as web services, databases, or web user interfaces. You should watch for failures or unexpected inputs. 

For example, making a request calls as a normal user, but the request you are supposed to check is purposely created for admins only. This will always display error 403 forbidden

Response time should be within an acceptable agreed-upon limit, for example; APIs that are considered high-performing have an average response time between 0.1 and one second. At this speed, end users will likely not experience any interruption, but at around one to two seconds, users begin to notice some delay.

Also very important, the API should be secured against potential attacks. You can protect your API using strategies like generating SSL certificates, configuring a web application firewall, setting throttling targets, and only allowing access to your API from a Virtual Private Cloud (VPC).

TYPES OF API TESTING

  • Validation testing - includes a few simple questions that address the whole project.
  • Functional testing - ensures the API performs exactly as it is supposed to.
  • Load testing - is used to see how many calls an API can handle.
  • Reliability testing - ensures the API can produce consistent results and the connection between platforms is constant.
  • Penetration testing - builds upon security testing.
  • Fuzz testing - forcibly inputs huge amounts of random data, also called noise or fuzz, into the system, attempting to create negative behavior, such as a forced crash or overflow.

One of the tools  I prefer using is Postman; it's simple to use, and it gets the job done.

Postman is an API client that makes it easy for developers, QA specialists, and everyone using it to create, share, test, and document APIs. With this open-source solution, users can create and save simple and complex HTTP/s requests, as well as read their responses.

Example of API testing:

Let's say you need to test the login functionality and booking flow of different types of users who will have access to different parts of a booking webpage.

For this example, multiple types of access/users will be required for a better understanding:

  • Normal users will only have access to basic information and a simple booking flow;
  • Admin, which will be able to edit and create new events on the page as well as see the number of users that have an account on the page.

API testing verifies that the travel booking system is successfully communicating with the other companies and presenting the correct results to users in an appropriate time frame. Furthermore, it checks that the information is displayed according to the user permissions on the page. 

So, the normal user can only see the necessary information for the booking flow, while the Admin will be able to not only see but to edit, delete and overwrite data made by other users. Also, accept or decline bookings made.

The most commonly used calls in Postman are:

  • POST — add new data to the DB (database);
  • PUT — replace existing data from the DB;
  • PATCH — update some existing data fields from the DB;
  • DELETE — delete existing data from the DB;
  • GET — gets data from the DB and only displays it.

IN CONCLUSION

API testing plays an important role in any application. If it is not tested properly, it can create problems when performing requests from the BE (back end) and displaying them to FE (front end). It is a crucial and mandatory test in the software lifecycle. As QA specialists, we need to make sure that data is stored and shown properly on every call made by the app.
 

insights

pack knowledge

blog post image

Is your digital product ready for the European Accessibility Act (EAA)? Take the assessment to find out!

blog post publisher

Oana

Marketing Specialist

5 min

Mar 20, 2025

With the 2025 deadline approaching, ensuring your website or app meets accessibility standards is important. Our free EAA assessment helps you quickly check compliance and identify areas for improvement. At Wolfpack Digital, we specialize in making digital products accessible, user-friendly, and future-proof. Take the assessment today and ensure your platform is inclusive for all users!

blog post image

How Much Does Web Development Cost? A Complete Guide

blog post publisher

Oana

Marketing Specialist

10 min

Feb 26, 2025

Building a website is more than just designing pages—it’s about creating a functional, high-performing, and scalable digital presence that meets your business goals. Whether you're launching a simple business website, an e-commerce store, or a custom web platform, the cost and approach will vary based on complexity, functionality, and long-term needs.

blog post image

UX/UI Design: Collaborating with a Software Development Agency When You're New to the Game

blog post publisher

Cristian

Head of UX/UI Design

7 min

Feb 18, 2025

This guide will walk you through every stage of the UX/UI design process, from the initial conversation to launching a product you can be proud of. Understanding the design thinking process, which includes empathizing, defining, ideating, prototyping, and testing, is crucial for creating user-friendly products and solutions.

wolf
svg

Brief us and let’s work together