Some consideration in defining testing scope for an API:
- Output value based on input parameter
- Output value based on incorrect/missing parameter
- API behaviour when there is no output or expected to return nothing
- Whether API trigger another event/process
- Whether API modifying certain resources
Scenario 1: Output Value based on Input Parameter
This test scenario will test API functionalities based on API Specifications. Example: function add(int x, int y). We can test that API by passing any int value, then validate the return value.
Scenario 2: Output Value based on Incorrect/Missing Parameter
This test scenario will test API functionalities by passing incorrect/missing parameters against API Specifications. Example function add(int x, int y). We can test that API by passing x value only, or passing x value as double, then validate the behaviour of an API (eg: will it return an error message?)
Scenario 3: API behaviour when there is no output or expected to return nothing
This test scenario will test API functionalities boundary. One of the boundary need to consider is no output expected. Example, function search(String keyword). We can test that function with non-existence keyword, then observe API return value (eg: return empty result, etc).
Scenario 4: Whether API trigger another event/process
This test scenario will test API functionalities that will trigger another event/process. Example: function backup() to execute backup shell script on server. We can test that API, and then validate whether backup script are executed after API call.
Scenario 5: Whether API modifying certain resources
This test scenario will test API functionalities that modifying certain resources (eg: creating new file, deleting file, updating file. Example: function export(Date startDate, Date endDate) will export data for certain period in CSV. We can test that API and validate if intended resource modification (eg: CSV file is produced) successfully executed.
Beside these 5 factors, there are many other factor that’s good to be consider:
- API performance
- To check API performance during high load to the API Server.
- Output / Response
- To check how application behaviour when the output/response from API does not according the specifications (unstructured data), etc