API Testing Checklist
Make a list of the different APIs that exist in the organization, speak to stakeholders, and prioritize them
Check that the APIs that exist are properly documented, written in a way that is easy to understand, and contain information such as:
overview and purpose
quick start guide and tutorials
an example/sample of every call, every parameter, and responses for each call(errors included)
authentication and authorization
code samples for commonly used languages
Define the types of tests that you want to run:
Positive scenarios return a valid response
Invalid requests return the correct error message
Missing or invalid authorization token
Missing required parameters
Unsupported methods for endpoints
Invalid, incomplete or missing request body
Incorrect field names in request body
Workflow and data persistence
Specific standards and regulations that it should meet
Response Payload - valid JSON body, correct field names, types, and values
Application state before and after API call
Security and authorization
Unhandled HTTP methods
Business logic vulnerabilities.
Validate user inputs
Take a look at this detailed API security checklist
This Penetration checklist covers some great tips
Evaluate and select an API testing tool.
Think about the types of tests that you will want to perform and if there are any specific needs that the tool will need to meet.
Tools will also vary based on if you want to only execute them manually vs using an automated script.
With API test automation you will also have to decide on a programming language and select tools within that language.
Sign up for Newsletter