So, you’re interested in reaping the rewards of API and automation, but you don’t know where to start? Have you heard people using the term “API” and wondered what it is? Maybe you have a vague idea, but you still have no clue what to do with one?
You’ve come to the right place! We pulled together this terminology to help you gain a basic understanding of web services and web API, which will also help you grasp the major concepts of API Testing.
An application programming interface (API) is a connection between computers or between computer programs. It is a type of software interface, offering a service to other pieces of software. A document or standard that describes how to build such a connection or interface is called an API specification. A computer system that meets this standard is said to implement or expose an API. The term API may refer either to the specification or to the implementation. Source: Wikipedia
Representational state transfer (REST) is a software architectural style that was created to guide the design and development of the architecture for the World Wide Web. REST defines a set of constraints for how the architecture of an Internet-scale distributed hypermedia system, such as the Web, should behave. The REST architectural style emphasizes the scalability of interactions between components, uniform interfaces, independent deployment of components, and the creation of a layered architecture to facilitate caching components to reduce user-perceived latency, enforce security, and encapsulate legacy systems. REST has been employed throughout the software industry and is a widely accepted set of guidelines for creating stateless, reliable web services. Source: Wikipedia
Hypertext Transfer Protocol (HTTP) is an application layer protocol in the Internet protocol suite model for distributed, collaborative, hypermedia information systems. HTTP is the foundation of data communication for the World Wide Web, where hypertext documents include hyperlinks to other resources that the user can easily access, for example by a mouse click or by tapping the screen in a web browser. Source: Wikipedia
Hypertext Transfer Protocol Secure (HTTPS) is an extension of the Hypertext Transfer Protocol (HTTP). It is used for secure communication over a computer network and is widely used on the Internet. In HTTPS, the communication protocol is encrypted using Transport Layer Security (TLS) or, formerly, Secure Sockets Layer (SSL). The protocol is therefore also referred to as HTTP over TLS, or HTTP over SSL. Source: Wikipedia
HTTP defines methods to indicate the desired action to be performed on the identified resource. What this resource represents, whether pre-existing data or data that is generated dynamically, depends on the implementation of the server. Often, the resource corresponds to a file or the output of an executable residing on the server. Source: Wikipedia
There are four different types of HTTP methods which basically tell the API what you’re trying to do with your data. You can either:
HTTP header fields are a list of linefeed-separated HTTP data being sent and received by both the client program and server on every HTTP request. These headers are usually invisible to the end-user and are only visible to the programs and backend people maintaining the internet system. They define how information sent/received through the connection are encoded (as in Accept-Encoding), the session verification and identification of the client (as in browser cookies, IP address, user-agent) or their anonymity thereof (VPN or proxy masking, user-agent spoofing), how the server should handle these data (as in Do-Not-Track), the age of the document being downloaded, among other things. Source: Wikipedia
HTTP provides a general framework for access control and authentication. This page is an introduction to the HTTP framework for authentication and shows how to restrict access to your server using the HTTP “Basic” schema. Source: MDN Web Docs
Now that you’re familiar with the key terminology related to API, you’re one step closer to being able to leverage the full power of automation!
Pro Tip: Speedscale allows you to stress test your APIs with real world scenarios. Collect and replay traffic without scripting. Run Traffic-based API tests for Integration, Performance, and Chaos testing. Click here to learn more.