Testing Your APIs is Only Half the Story
It has become more and more common for software quality processes to span the entire lifecycle, from development through production monitoring. The job of building and maintaining quality software cannot end at user acceptance or the hand off to operations. It has to extend to reliability, availability, and performance in operations.
This is especially true for the APIs you're using.
The turbos have really kicked in for the API economy. And it’s no wonder. APIs are the central technology for applications built in the cloud, for mobile apps, and for third-party applications. If your application doesn’t have some reliance on third party APIs, it almost certainly is relying on your own APIs. As the API industry continues to boom, there are more conversations starting about API testing, governance, stability… Recent acquisitions of Mashable by Intel and Layer7 by CA indicate the new corporate need for API governance.
So what’s needed? We need to start treating our APIs as features because, in many ways, they are. We rely on them to power our applications, extend our business, engage our partners, and drive customer adoption. Here are some approaches to make sure that the APIs that are most important to you are reliable.
Performance planning and testing
Spend the time to map out your expectations around up-time and response time. Even if you have not exposed your APIs outside your own corporate infrastructure, their performance greatly affects your application’s performance (and, by extension, your user’s experience). Know how much load you are expecting, how many concurrent requests you have to handle, and how much data will be passed. Planning ahead for your performance needs ensures that you will do the right kind of testing and monitoring. Having a specific tool that targets API load testing can be more effective than using an application load testing tool that just tests the APIs as a by-product of normal load testing.
Testing methodologies for functional testing
There are a lot of alternatives for testing your APIs, just as there are a lot of alternatives for testing your application. Understanding the API’s definition and exercising its capabilities is as important as if it were any other piece of functionality in your application. There is no right or wrong way to approach testing so you need to determine whether it makes sense to automate your API tests in order to provide clean and repeatable regression tests during future development or perform manual testing of your APIs in order to attempt a variety of conditions and scenarios.
In many cases, the right answer is yes. J Automating regression tests allows you to focus more time and resources on exploratory testing – this is often the best way to approach feature testing so there’s no reason why it wouldn’t be equally valuable to test your APIs using the same approach.
Production monitoring is quickly becoming another arm of Quality Assurance. Many organizations have realized the benefit of not only reporting on production failures but also using production data to perform routine quality analysis of their software. And it’s no different with APIs. While there aren’t many options out there yet, this is a growing focus in the API community who are beginning to see the value in establishing SLAs and watching any production trends around usage and performance as an important extension of their testing efforts.
Building an API production monitor is similar to building an API test, although you probably want to limit the number of steps you perform in the test in order to reduce cost and improve reliability. Your biggest concern is probably how well does that API perform its basic tasks and how fast does it respond. AlertSite for API Monitoring allows you to take the same tests you built with SoapUI and upload them to use as production monitors. This gives you the added assurance that the tests that passed in your lab are also successful in production.
Of course, we’re at the early stages of this API boom and things will likely change as we progress, with more emphasis on governance and security over time. But even now, it’s an important responsibility for any API provider, whether internal or external, to ensure that their APIs are well-tested and monitored so the business can depend on the functionality they provide.