top of page

Test Design & Coverage for REST-API

Updated: Jun 14, 2021


  • Introduction To API’s

  • API Testing Approach

  • Useful Checklist To Follow

  • Common Mistakes To Avoid

  • Best Practices

  • Real-Time Example


Before diving deeply. First, we have to make sure these three things are there in our hands

  • API’s functionality documentation

  • Tool to test an API (Postman/Swagger/Fiddler)

  • Dedicated environment

API’s functionality documentation helps us to understand the business logic and also the importance of the API. Having this document, we get an idea as to what are the different technologies used for particular SUT(System Under Test).

Tools to test an API One should have knowledge of the tool and what varieties of features it offers that makes it the perfect tool for testing the API. Choose the tool wisely based on your comfort (Personally I recommend Postman).

Dedicated Environment This is important as the changes/issues don’t affect the QA environment and the teams working on it.

Introduction to API’s

An API stands for Application Programming Interface.

An API will simply state the set of rules for the communication to happen between the systems/services.

API Testing

The purpose of API Testing is to check the functionality, reliability, performance, and security of application programming interfaces.

It mainly concentrates on the business logic layer. API testing helps us to find more vulnerabilities that can be missed in the functional testing (UI level).

Why do we have vulnerabilities in API?

  • Flaws in the Business logic

  • No A to Z validation

  • Unhandled Exceptions

  • Not filtering the user input

API testing approach

API Testing Approach is a predefined strategy or a method that the QA team will perform.

This helps to better understand the functionalities, testing techniques, input parameters, and the execution of test cases and also will help testers for better coverage.

The following points will help tester for API testing approach

  • Understanding the business logic and functionalities of each and every API