StarWest and Advanced Automation in Your API Lifecycle

  October 16, 2017

Last week I had the pleasure of attending StarWest, the premiere conference on software testing and quality assurance in the magical world of Disney. This allowed me to catch up on the latest trends in the industry, talk with lots of users in the software quality field, and mingle with industry influencers.

Generally, there were two takeaways for me. One was the consistent mention of ‘DevOps’, ‘shift left’, and test automation. The other was the more frequent use of APIs over recent years.

While DevOps and automation are by no means new concepts, this was the first year where these topics came up in absolutely every single conversation.  Every organization was in the process of embracing automation. Some companies were just beginning the journey, while others were well on their way to having good automated checks and balances as part of their continuous integration and continuous deployment processes.

When it came to APIs, everyone seemed to be vying for information on how to optimize API testing and development. The growth in API usage drove many of my conversations to what the latest best practices and tools for API testing are, and influenced my talk, “Advanced Automation in your API lifecycle.”  I received a lot of great feedback regarding my presentation, in which I discussed best practices for APIs as applications in each phase of the development lifecycle. These phases included: design, development, testing and maintenance.

I started by addressing the incorrect notion that APIs are a set of rules or definitions. After all, no one thinks of a web application as a set of pages. In the design phase, I stressed the benefits of mocking and prototyping APIs, specifically by using a common OpenAPI standard, also known as Swagger.  This allows for API design, collaboration, and review well before spending a lot of time and effort in blindly building APIs.

I then discussed the benefits a proper Swagger design phase would have in the development phase. By leveraging code gen functionality around Swagger, we would be able to speed up the development process. This ultimately helps minimize development time and beats the alternative where development happens in the dark against an API that many not even be properly designed or would require extensive rework.

The remainder of my talk then focused on API testing. First, I established that API testing interactions need to involve end-to-end scenarios. Validation of API responses should test data that is returned in XML or JSON nodes. Afterwards, I expanded that API quality goes beyond functional testing and needs to include API security and API performance testing. This way, global changes to your application would be safeguarded from introducing slower performance and security risks to future updates.

Finally, I addressed how API tests can and should be automated as part of the CI or CD process. These automated tests would provide instant feedback to developers that may unknowingly break API quality. This way, erroneous code can be corrected immediately. This beats the alternative where making a code change breaks the application and the error is found a week later during the testing phase. Typically when this happens, the error is reported back to the development team where it takes a lot of time to zero in on the root cause.

In conclusion, attending StarWest for me reinforced that advanced automation is vital to the success of any API lifecycle. Incorporating automated tests enables QA and Dev teams to speed up each phase of the process while ensuring better quality of the final application. My personal conversations at StarWest revolved a lot around the growing usage of APIs and how best to optimize their testing and development.  If you’d like to learn more about overall API quality approach, please see the following overview, or view my presentation slides below.