API Testing: Do It Right and Automate

Software development in 2018 looks nothing like it did a decade ago. Developers have been driven to find faster and more efficient ways to produce a finished application. Customers demand better products, and market pressures mean get your apps out now or risk annihilation from competitors.

This means abandoning the waterfall method of software development where each part of a program was completed before the next was started, often leaving error identification (and subsequent delays) until the end of the cycle. Instead, developers are now embracing Agile development with its highly integrated production methodology, often releasing product in two-week sprints.

APIs Can Get Your App Market-Ready Faster

We live in a fast world. Enterprises that are big users of technology need to keep up with the pace of change demanded by their customers. This can put a high degree of stress on internal IT teams and lead to the inevitable coding errors and resulting delays in new product release.

An advantage is the ubiquitous use of APIs or Application Programming Interfaces. APIs allow nearly limitless possibilities for how applications can interact with each other.

However powerful the use of APIs can be, they also need to be put through a rigorous testing process. Unfortunately, this often places added strain on a company’s IT team that may not be familiar with the most effective testing methodologies.

“Often a client doesn’t know what KPI they should focus on or they don’t define it at all. Then they’d have no way of knowing what the metrics are for the data they’re gathering. But if you do it right, you get the right information back from the metrics to make improvements.”

Ashish Pandey, Optimus Information’s Technical Lead

API Testing Begins with KPIs

API testing can be the most challenging part of software and QA testing because APIs are complicated creatures, using protocols and standards not often seen in other forms of testing.
It’s critical to test all the components of the API – not just its UI or its functionality. Testing performance and security are just as critical.

To test properly, says Ashish Pandey, Optimus Information’s Technical Lead at the company’s location in India, it’s important to begin with Key Performance Indicators (KPIs).

Don’t Forget Security and Performance

In addition to defining your KPIs, you also need to focus on more than UI. Some customers, Pandey continues, concentrate on just the UI portion of the application and ignore testing the other components. Security and performance are two areas often overlooked and, if something breaks, it’s probably because key areas within the API were ignored in testing.

“When we test APIs for our clients”, says Pandey, “we generate a lot of data which gives us and our clients a clear summary of what might need to be improved in the future.” This can only happen when thorough testing is done and nothing is left to chance.

While Ashish admits that thorough testing of the UX is extremely important for the customer,  it’s the KPIs that measure the data that then determine the performance of the application. If there are problem areas turning up, they can be remedied in a matter of seconds.

Fail Forward Faster – Automation is Key to Proper API Testing

Proper testing of an API is accomplished by running test cases which are designed to uncover failures. It can be extensive and time-consuming – the opposite of what agile development tries to accomplish – so Optimus specializes in automating as much of a customer’s testing as possible.

It begins with the test cases, themselves, Pandey explains. “We take the customer’s test cases and analyze them to determine if they are ‘automatable’ or not. This makes it possible for us to suggest the correct technology stack with which the automated test could be performed.” In the future, the customer simply runs automated scripts to test different iterations of their applications, saving a great deal of time and money otherwise spent on manually writing the test scripts themselves.

iStock-870784968 API Testing: Do It Right and Automate

The Optimus Test Harness – Why No Company Should Test Without It

A further advantage for Optimus customers is the use of an open source test harness. Ashish Pandey is one of the creators of the Optimus test harness which uses open source components and is configured to test cloud-based applications.

Optimus estimates that 85% of its customers are technology firms that have cloud-based apps often undergoing testing as new iterations are created. Optimus has designed the harness to perform automated testing at different levels. “If we’re doing test automation at the UI level”, explains Pandey, “we have the ability to create automated test scripts for UI. We also have the capability to test at the full API level as well. In fact, our test harness is efficient enough that customers can perform a wide variety of testing on things such as execution of SQL queries to their database. We have built in to our harness APIs like SoapUI, WebSockets and others.”

Test Feedback in Hours (Sometimes While You Sleep)

What Optimus strives to do is provide customers with the sort of speed and agility that can be achieved through automation. “Many of our customers are into Agile development, so what they want is quick delivery of their app with feedback in a few hours,” says Pandey. “Some of them are also evolving with DevOps practices and they want results fast.”

Automated testing, he points out, means that if a customer has three or four hundred test cases to run and each test takes four hours to perform, automation allows Optimus to test while the customers are sleeping. “The next morning, they have the results in their hands, rather than having to wait several days,” Pandey concludes.

Understand and Implement the Right Methodology for Automated Testing

Optimus has one aim with its clients: to ensure that they implement the right thinking and methodologies around testing. Doing so will improve the customers’ UX, decrease errors and get the app to market faster and on time.

We understand Agile development, DevOps and automated testing and how the combination leads to rapid deployment of new, error-free applications at greatly reduced costs. We also know that this translates into powerful ROI for our customers.

To learn more about using API test automation to make your software better, faster and more secure, download our new eBook now.


More resources:

VanQ – Vancouver’s Local Software Quality Assurance Community Reaches 700+ Members and Counting

VanQ Software Quality Assurance group was formed over 10 years ago with a small community of local software developers and testers. This month we are celebrating a milestone as VanQ has now hit over 700 members.

Ed Dahl co-founded VanQ with the mission to build a strong local Software Quality Assurance community. Over the years the organizers have changed, but the mission has remained intact. Optimus Information took on carrying through this mission over two years ago and it has been a great way to connect with local and new software developers and testers. Our monthly Meetups bring out anywhere between 50 – 80 members with equal parts new and familiar faces. VanQ has proven to be a great way for new QA professionals to connect with seasoned professionals and become involved in this thriving community.

Over the years we have seen a number of great leaders, from a range of backgrounds and industries, share their ideas and experiences. We have also had a variety of sponsors join us in bringing the community together such as Hootsuite, Boeing – Aeroinfo Canada, Vision Critical, SOASTA and Mobify to name a few.

We have been able to capture a number of the Meetup presentations on video. Here are a few of our most recent Meetups. You can find the full archive at www.vanq.org.

Overview of the International Software Testing Qualifications Board (ISTQB)

For this Meetup, Gary Mogyorodi from the Canadian Software Testing Board in Toronto came out to speak with our members about the ISTQB, benefits of the ISTQB, Syllabi and Extension, the ISTQB footprint, the Canadian Software Testing Board, and the ISTQB Partner Program. Watch the complete presentation here:

Essential Skills for Test Automation & Load Testing

This past May, Alex Siminiuc, Freelance Tester with uTest.com, shared with us his thoughts on the skills needed for test automation and load testing. Alex has been a Software Tester since 2006 and actively blog’s here: test-able.blogspot.ca. Watch his complete presentation here:

Vision Critical’s QA Strategy: Prevention Rather Than Cure

Stuart Ashman, Vision Critical’s QA Director gave VanQ a presentation on how they attempt to ensure they ‘build it right’ as well as ‘build the right thing’. He goes through their process of using white box approaches, automation, risk analysis and strong critical and test thinking. Watch the full presentation here:

After taking the month of July off to enjoy some of the summer weather, we are gearing up for the next Meetup on Thursday, August 13, 2015. For this one we are excited to partner with Electronic Arts Games, TestDroid and the Vancouver Unity Games Meetup group for an exciting talk on ‘Driving Quality Through Test Automation of Mobile Apps and Games’. We will be hosting this Meetup at The Pint Public house. Join VanQ today and we hope to see you at the next Meetup: http://www.meetup.com/VanQ-Vancouver-Testing-and-Quality-Assurance-Group/

We are always looking for topic suggestions, speakers, sponsors and venue hosts. If you would like to get involved with VanQ get in touch with us.

Test Scenarios for Credit Card Payment Through a POS Application

Point of sale applications need to handle a wide variety of transactions like cash, debit cards, credit cards, gift cards and loyalty cards. Credit cards play an important role in payment for anything purchased. Below are some of the most important scenarios which should be tested with any credit card payment solution when integrated with a POS application.

Prerequisites

Credit Card Configuration: Includes configuration of card length, card range and card type (VISA, AMEX, MASTER etc)

Merchant Configuration: A merchant needs to be configured who is authorized to accept card type payments

Credit Card Processor Configuration: Credit card processor needs to be configured to process credit card payment (e.g. Mercury Payment System or Lynk, etc.)

Test Scenarios

Capturing Card Details: Following areas should be tested while capturing card details.

  1. Credit card number : Test card numbers using the correct length and range and card numbers that are outside the correct length and range.
  2. Expiry date: Test valid expiry dates, invalid expiry dates and invalid date formats.
  3. CVV number: Test valid CVV numbers , mismatched CVV numbers and blank CVV numbers.
  4. AVS code: Entering AVS details for configured numeric or alphanumeric formats.
  5. Card reader to capture card details: Test swiping of cards from both sides and chips.
  6. Encryption: Verify that captured card numbers are properly encrypted and decrypted.

Authorization: Once card details are captured, they are sent to processor to be authorized. Following areas need to be tested during authorization.

  1. Authorized amount: Test that the correct amount is being authorized.
  2. Receipt printing: Test that merchant and customer copies of the receipts and any vouchers print properly.
  3. Receipt details: Check that the receipts are printing the proper date, time, card details, authorized amount etc…
  4. Response code: Test that the correct response codes are being returned for approved, declined, on hold and all other transactions.

Settlement: Once the payment is done following things should be tested:

  1. Reprinting receipt: Test that you can reprint the receipt for a closed transaction.
  2. Void credit card’s payment: Check that you can void a payment before posting it and that after posting a payment voiding is not allowed.
  3. Verifying report: All information regarding each credit card transaction should be reflected in reports. Any adjustments made in closed checks should be reflected in the report.