how do you implement api
My PROCESS TO IMPLEMENT API First of all 1. Checking API Contract An API is essentially a contract between the client and the server or between two applications. Before any implementation test can begin, it is important to make sure that the contract is correct. a. Endpoints are correct, b. Resource correctly reflects the object model (proper JSON/XML structure used in response), c. There is no missing functionality or duplicate functionality, d. Relationships between resources are reflected in the API correctly. Since I have verified the API contract, I am ready to think of what and how to test. 2. Creating test cases I mostly create the following test case groups: a. Basic positive test (happy paths) b. Extended positive testing with optional parameters c. Negative testing with valid input (trying to add an existing username) d. Negative testing with invalid input (trying to add a username which is null) e. Destructive testing (sending null, empty string, integer or other types, odd date format, deleting necessary parameters) f. Security, authorization, and permission tests (sending valid or invalid access tokens to permitted or unpermitted endpoints) 3. Executing test cases For each API request I need to verify some items like: a. Data accuracy: Check the request and response body whether those are as written on API documentation in terms of data type and data structure. b. HTTP status code: For example, creating a resource should return 201 CREATED and unpermitted requests should return 403 FORBIDDEN, etc. c. Response headers: HTTP server headers have implications on both security and performance. d. Response body: Check valid JSON body and correct field names, types , and values - including in error responses. e. Authorization checks: Check authentication and authorization f. Error messages: Check the error code coverage in case API returns any error g. Response time: Implementation of response timeout 4. Test flows We need to implement the next test flow if previous flow is success: a. Single-step workflow: Executing a single API request and checking the response accordingly. Such basic tests are the minimal building blocks we should start with, and there’s no reason to continue testing if these tests fail. b. Multi-step workflow with several requests: For example, we execute a POST request that creates a resource with id and we then use this id to check if this resource is present in the list of elements received by a GET request. Then we use a PATCH endpoint to update new data, and we again invoke a GET request to validate the new data. Finally, we DELETE that resource and use GET again to verify it no longer exists. c. Combined API and UI test: This is mostly relevant to manual testing, where we want to ensure data integrity between the UI and API. We execute requests via the API and verify the actions through the UI or vice versa. The purpose of these integrity test flows is to ensure that although the resources are affected via different mechanisms the system still maintains expected integrity and consistent flow.
