API Testing

API testing validates that APIs work correctly by sending requests and verifying responses — without going through the UI. It sits in the middle of the test pyramid and offers an excellent balance of speed and coverage.

What to test in APIs:

• Functionality: Correct responses for valid requests
• Error handling: Proper error codes and messages for invalid requests
• Authentication/Authorization: Security of protected endpoints
• Data validation: Input validation, data types, required fields
• Performance: Response time, throughput
• Integration: Correct interaction with databases and other services

HTTP methods to test:

• GET: Retrieve data
• POST: Create data
• PUT/PATCH: Update data
• DELETE: Remove data

Key validations per request:

• Status code (200, 201, 400, 401, 403, 404, 500)
• Response body structure (JSON schema)
• Response data correctness
• Headers (content-type, auth tokens)
• Response time

Popular API testing tools: Postman, REST Assured, Supertest, Playwright (API), curl

API tests are faster and more stable than UI tests. Many teams find that a strong API test suite catches 80% of bugs that E2E tests would catch, in a fraction of the time.