How to test API

API testing

After reading “test API with Postman” series, you should be able to grasp the basic knowledge of the API and the functions Postman provides. But how to arrange tests and write Testcases for API still seems not very clear, so today I will write a post about how to test API properly.

Reminder of knowledge a bit: API is just a talking bridge between Client and Server. The API doesn’t do any business logic, it’s just a mail delivery guy, transferring information. So testing the API is testing the mail delivery guy? Or test what? Please allow me to answer: I use the API to test the business logic on the server side. See the example below for better understanding.


I want to check API update_profile including 2 fields Name and Birthday. Where Name field is required and must be greater than 4 characters. The Birthday field is optional.

How to handle Server and Client (may not be the same as your company):

1. User enters the Profile screen, edits the Name and Birthday fields.

2. User clicks on Update Profile button (The code in the client will check the condition of the Name field, if it is correct, then submit to the API, call the request, if it is wrong, the corresponding message will be displayed).

3. New information including Name and Birthday according to the mail envelope of the API docked to the Server.

4. Server reads the message and checks the condition again.

5. If the information Name and Birthday are both Valid, those two information will be updated to the Database.

6. The server returns information, called response, back to the client informing that it has been updated successfully.

7. User sees his Name and Birthday have been changed on the Profile screen. When we do API testing, we are testing steps 4, 5 and 6. So, with a single API, we will check 2 main parts:

  • Syntax Testing (Data Validation – step 4 + step 6)
  • Functional Testing (Test business logic – steps 5 and 6).

How to test API Syntax

This type will focus on the method that checks the condition: Accept with true data and Reject with false data or not. A few examples:

  • Leave the required field blank → In the Response there will be an error message, other information will not be updated. The server does not perform any business logic.
  • Leave the optional field blank → No errors at all, Server still executes business logic.
  • Fill in the information in the wrong format, for example, the time field is filled in again → In the Response, there will be an error message…

How to test API Functional

This type checks if the Methods that process data and perform a function are correct. Eg:

  • The price is X and the discount percentage is Y, the amount to be paid is X*(1-Y) or not → It is the test Method calculated with the parameters X and Y only. The business logic implementation may not save the result to the DB.
  • Is the Update Name field in the original example saved to the DB? → open the DB and check the result.
  • The request returns information of the users named “John” → Go to the DB to execute the Query and compare with the Response to see if the 2 results match or not

Test Scenarios

Finally, if we put the APIs together, will it fail somewhere? This place is the Test Suite, combining many Test Cases


There is a point to note here: “When calling an API to a serial flow, you need to be able to extract the value of the API 1 response and then push that value into the API 2 request”.

Notes of testing API:

1. When using Postman, let each case be a separate API, do not overlap test, then it is difficult to control and cannot create test cases for automation.

2. In order not to strain your eyes to check each response of individual cases.

What should testers do when receiving an API test request?

1. Read the API documentation: it can be in the form of an excel file, docs, swagger… To do this step you need to be very solid about what the API is, the components of the API, how the API works, and a solid understanding of the Technical. )

2. Read the project’s requirements and then write a checklist or testcase for those APIs according to the 3 contents I, II, III I mentioned above. You need to be very strong in Business Requirement.

3. Convert those test cases into scripts for tools, depending on the tools you use, postman or soapUI, rest-assured. You need to be strong in using tools to be most effective

Thank you for reading . For more articles about API testing , please go to link :

Leave a Reply

Your email address will not be published. Required fields are marked *

API testing

Test runner – API testing

Test runner – According to the previous post, you already know how to create simple tests for each API, but a project has too many APIs and too many different tasks, each task is a collection of several APIs how must be solved. Along with that is the management method that you think is applicable […]

API testing

API testing – API documentation

Postman, in addition to providing an API testing tool, also helps us to make API documentation extremely professional and easy. This API document can be shared by both the team and the client. Usually, the API is usually written by Dev on google sheets, but at a certain stage of development, the dev will be […]

API testing

API Testing – Postman pre request script

In the previous article, I wrote about test Response, now I will continue to write about Postman pre request script. Here are the steps when sending a request. The Pre-request part will be the part Postman will process before sending the request, and the test script to handle the returned response. So what can Pre-request […]