What is API Testing?

API testing involves testing application programming interfaces (APIs) and therefore, focuses on testing the business logic or the service layer of the application without interacting with the user interface of the application. API testing is done as part of integration testing to ensure APIs are functional, reliable, performant and secure.

Different Types of API Testing:

There are various kinds of API testing that you can perform, including:

• Functionality Testing: Functionality testing allows you to test the business logic of the application. For example, if a user makes an API call to the signup route, the functional test would validate that a new user is created and the necessary response with the user details gets returned from the server.
• Load Testing: Load testing allows you to ensure the APIs can handle the necessary load on the application. For example, if a thousand users are hitting the API at the same time, the load test would validate that the APIs are able to handle the load, and not break or take an unreasonable amount of time to return the response.
• Security Testing: Security testing allows you to ensure the APIs are secure and follow the necessary security guidelines. For example, a security test would validate that a user is not able to access the application data without going through the proper authentication process first. Another common example is ensuring that users cannot access the personal data of another user.
• Negative Testing: Negative testing allows you to ensure APIs are doing what they are specifically built to do, and are able to handle responding to invalid input appropriately. For example, a negative API test would ensure users are not able to enter an invalid email format, or register without entering an email, password, etc. 

Advantages of API Testing:

• Early application access: In most cases within the software development life cycle, APIs are created first, followed by the creation and integration of the UI with the APIs. This provides early access to the application functionality, allowing us to begin testing the business logic sooner and providing a greater opportunity to identify issues earlier on.
• Test speed and coverage: Often times, API testing can be performed a lot more quickly than browser testing. Specifically, when you start automating tests, API tests tend to run a lot faster than browser tests as you are skipping the interaction with the UI layer and jumping directly to the API layer. Due to the difference in test execution speed, building thorough API test coverage is usually preferred over building front-end tests since they can cover a lot more ground, more quickly.
• Language independent: API testing is programming language independent since the data is exchanged via JSON or XML. Therefore, you can use pretty much any programming language for test automation that can handle JSON or XML data.
• Easier to maintain: API tests are comparatively easier to maintain than front-end tests as business logic tends to be more stable than the UI, making API tests a lot less flaky and more reliable in comparison to front-end tests.

Now that we have covered the basics of API testing, let’s take a look at how we can do API Automation Testing using JavaScript. 

Dependencies

You will need to install Node.js in your machine before installing any of the dependencies below. The dependencies below will allow us to write API tests using JavaScript.

• SuperTest: SuperTest is built on top of SuperAgent, which is a HTTP request library. SuperTest adds an abstraction on top of SuperAgent to easily test API requests.
• Mocha: Mocha is a popular JavaScript test framework that runs on Node.js.
• Chai: Chai is an assertion library for browser and node.js that can be paired with any JavaScript framework.

Note: These libraries/frameworks can be replaced with an equivalent library/framework. However, for the purpose of this post we will be using the ones mentioned above.