Articles
Youtube Content
Courses
Contact
API Testing Checklist
Make a list of the different APIs that exist in the organization, speak to stakeholders, and prioritize them
Check that the APIs that exist are properly documented, written in a way that is easy to understand, and contain information such as:
overview and purpose
quick start guide and tutorials
an example/sample of every call, every parameter, and responses for each call(errors included)
user journey
authentication and authorization
rate limits
code samples for commonly used languages
schemas
Define the types of tests that you want to run:
Positive scenarios return a valid response
Invalid requests return the correct error message
Missing or invalid authorization token
Missing required parameters
Unsupported methods for endpoints
Invalid path/url
Invalid, incomplete or missing request body
Incorrect field names in request body
Error Handling
Schema match
Workflow and data persistence
Response time
Specific standards and regulations that it should meet
Response Payload - valid JSON body, correct field names, types, and values
Response Headers
Application state before and after API call
Security and authorization
Invalid inputs
Injection attacks
Parameter tampering
Unhandled HTTP methods
Business logic vulnerabilities.
Authentication Expiry
Rate Limits
Content-Type Validation
Validate user inputs
Take a look at this detailed API security checklist
This Penetration checklist covers some great tips
Evaluate and select an API testing tool.
Think about the types of tests that you will want to perform and if there are any specific needs that the tool will need to meet.
Tools will also vary based on if you want to only execute them manually vs using an automated script.
With API test automation you will also have to decide on a programming language and select tools within that language.
Sign up for Newsletter
Full Name
Full Name
Email
Email
SUBMIT