Thanks to visit codestin.com
Credit goes to www.scribd.com

Scribd
Upload
5 views3 pages

### REST API (Representational State Transfer API)

Uploaded by

Nguyễn Anh Quân
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
5 views3 pages

### REST API (Representational State Transfer API)

Uploaded by

Nguyễn Anh Quân
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 3

### REST API (Representational State Transfer API)

- Architecture Style: REST is an architectural style for designing networked applications. It’s
stateless, meaning that each request from a client to a server must contain all the
information the server needs to fulfill that request.
- Data Format: Primarily uses JSON, but it can support a range of data formats including
XML, HTML, YAML, and plain text.
- Protocol: Mainly uses HTTP/HTTPS for communications.
- Performance and Scalability: Caching can be implemented easily, generally offering good
performance and scalability.
- Operations: Utilizes standard HTTP methods like GET for retrieval, POST for creation, PUT
for updates, DELETE for deletion, and PATCH for partial updates, which are intuitively
mapped to CRUD (Create, Read, Update, Delete) operations.
- Popularity: RESTful APIs have gained widespread adoption due to their simplicity, ease of
use, and convention-based rules.

### SOAP API (Simple Object Access Protocol)

- Architecture Style: SOAP is a protocol with a strict standard specification, primarily used for
enterprise-level web services.
- Data Format: Exclusively uses XML for data messaging.
- Protocol: Can operate over HTTP/HTTPS, SMTP, TCP, and more, making it highly flexible
in terms of transport.
- Performance and Scalability: Tends to be heavier and slower due to its reliance on XML,
which can be more verbose than JSON.
- Operations: Action operations are tightly defined using WSDL (Web Services Description
Language), which provides a machine-readable description of how the service can be called,
what parameters it expects, and what data structures it returns.
- Security: Offers built-in security and transaction compliance features like WS-Security,
which adds a layer of security above standard web protocols.

### GraphQL

- Architecture Style: GraphQL is a query language for APIs and a runtime for executing
those queries by using a type system you define for your data.
- Data Format: Typically uses JSON to return data, but unlike REST, it allows clients to
specify exactly which data fields are needed.
- Protocol: Works over HTTP/HTTPS, but is not limited to any specific protocol.
- Performance and Scalability: Allows for highly customizable queries. This can improve
performance by not overfetching data, as clients can specifically ask only for what they need.
- Operations: Instead of multiple endpoints, GraphQL uses a single endpoint through which
the queries (for fetching) and mutations (for writing data) are sent.
- Flexibility: Self-descriptive schema and tailored queries provide strong flexibility and power,
enabling rapid development and iteration of API landscapes.

### Detailed Testing of REST APIs

- **Manual Exploratory Testing**: Using tools like Postman or Insomnia, you can interactively
explore API endpoints by changing request parameters, headers, body content, and
methods to see how the API reacts to various inputs.
- **Automated Functional Testing**: Write scripts that send HTTP requests to your API
endpoints and assert the expected behavior - HTTP status codes, response bodies,
headers, and response times.
- **Load and Performance Testing**: Use tools like Apache JMeter or Gatling to simulate
multiple users or high loads on your API to see how it performs under stress. It is crucial to
measure response times, error rates, and throughputs.
- **Security Testing**: Test for vulnerabilities such as SQL injection, Cross-Site Scripting
(XSS), and authorization issues with tools like OWASP ZAP or Burp Suite.
- **API Documentation Testing**: Ensure that the API documentation stays accurate and up-
to-date, correlating with the implemented API behavior.

### Detailed Testing of SOAP APIs

- **WSDL Verification**: Validate the WSDL (Web Services Description Language) file which
is the formal contract between the client and the service. Tools like SoapUI can help you
automatically create test suites from a WSDL file.
- **SOAP Message Validation**: Test the SOAP messages for both request and response to
make sure they adhere to the schema defined in the WSDL.
- **WS-* Standards Compliance**: Many SOAP APIs make use of standards like WS-
Security, WS-ReliableMessaging, etc. These should be rigorously tested to ensure they're
implemented correctly.
- **Automated Regression Testing**: Capture standard operations and create test suites that
can be run regularly to ensure that new changes do not break existing functionality.
- **Fault Handling**: Test for proper fault handling by sending invalid requests and verifying
that the SOAP API returns the correct SOAP fault.

### Detailed Testing of GraphQL


- **Query and Mutation Testing**: Since GraphQL deals with specific queries and mutations
that return what the client requests, tests must be written to reflect the various possible
combinations of queries, mutations, and nested objects.
- **Validation Rules Testing**: GraphQL APIs often come with validation rules. This can
include input validations, query depth limitations, etc., to prevent misuse of the API, such as
overly complex queries that could lead to DoS attacks.
- **Resolver Testing**: Resolvers are functions that resolve a value for a type or field in a
schema. Testing individual resolvers can help to ensure that they're functioning correctly
independent of the GraphQL query layer.
- **Performance Benchmarking**: Measure the performance of responses, particularly in
cases where there is likely to be data over-fetching or under-fetching. Performance testing
should also consider batched requests.

### General Best Practices for API Testing (Across all types)

- **Environment**: Test in an environment that simulates production as closely as possible


without risking production data.
- **CI/CD Integration**: Automate the testing process and integrate it into your CI/CD
pipeline to run tests on every push or deployment.
- **Version Control Tests**: Keep your tests version controlled and maintain them along with
your API code.
- **Monitor and Log**: Use logging and monitoring tools like Splunk, ELK Stack, or
Prometheus for API testing in production and pre-production environments to catch and
diagnose issues early.
- **Test Caching**: If your API implements caching, ensure that it works as expected by
verifying that data is appropriately cached and evicted.

You might also like