If you have not tested an API then starting to test an API can feel quite daunting as you may feel that you need strong technical skills for this type of testing. You can, however, start to test your API easily and then learn technical skills to test the API.
An API is an application programming interface and is used to interact with an application. It is an interface to the application that we are testing just as the user interface (UI) is an interface is.
An easy way to start to test an API is to use the Interceptor on Postman. Postman is an API testing tool that has a free plan. The Interceptor captures API requests in Postman where you can explore them and test them. Once you have captured the requests in Postman you can learn skills to test them.
To use the Postman Interceptor you need to install the Postman desktop app and then follow the instructions to install the Interceptor: https://learning.postman.com/docs/sending-requests/capturing-request-data/interceptor/
The Interceptor can help you start to test your API by capturing the requests made by the API calls that you want to test. First you need to capture the API calls in Postman:
- In chrome navigate to the page that makes calls to the API that you want to test. In Postman click on capture requests->via interceptor. Choose a collection to save the API requests to, then click start capture.
- On your web page make the user actions that invoke the API calls that you want to test
- In Postman click on Stop.
You should now see a list of API requests in Postman. There will be more requests than the ones that you are interested in.
Postman will have intercepted the authorisation that the request requires so each request should run if you click on Send. I would work through the requests to see what each one does and how it works. If your API has documentation it will help you understand what each request does and how to use it. When you are doing this you are starting to test your API.
It will probably be best to start your exploration of the API with understanding authorisation as the authorisation on the request you intercepted will expire after a period of time. The API’s documentation will explain how authorisation works for the API.
Once you have intercepted requests in Postman you can then explore the API by doing things like seeing what happens when you change a parameter. When you change the values for an API parameter it is, in many ways, like changing the values you enter in a text box. The testing techniques that you know from testing via the UI can be used for testing an API. You will build on your knowledge as you test the API.
By using Postman Interceptor you can start to test your API quickly and without deep technical knowledge. To develop your API testing skills further you could take courses from the API path at the Test Automation University.