There are few things worse than publishing a new strategy based on APIs just to find out that the tech solution is failing and the way to avoid this is simply - thorough testing.
Every software industry professional knows that thorough testing is an important success factor in any software development project. Still the lack of sufficient testing is a common cause for quality and behaviour issues when releasing new software. The reasons for this are often underestimated testing requirements combined with squeezed timelines and deadlines just around the corner.
Everyone in the software industry have seen the results of this situation from time to time, and so we have developed a kind of acceptance for this and also a readiness to handle incidents in production environment. But - this is NOT the expectation from the crowd outside of the IT industry. This is one of the reasons why testing has to be made one of the top priorities when exposing APIs to a potentially large crowd of users or selected business partners. They will not accept the same type of flaws that might previously have been accepted and handled by your internal staff or IT/ICC organisation.
Put yourself in the position of your target group
Again – exposing APIs is a lot about putting yourself in the position of your target group and ask yourself some questions:
- What are the most important factors for them when using your API?
- How can you make sure that your APIs perform to this expectation?
To me the answer is testing and a design first approach. Start with your API design aimed at fulfilling the requirements of your users, devops your APIs and verify requirement fulfillment through testing. When you plan the testing of your APIs, make sure to cover all aspects of intended usage – performance, security, visualization (can you find and understand your own APIs?) and persistence. Maybe you can even apply the test driven development approach in a wider perspective for your APIs? Define your test cases based on the requirements from your target group, devops the APIs and run the test cases.
First of all you need to perform tests to make sure that the required and designed functionality is in place. Let us just call this functional testing. These are scenarios to verify that the designed functionality is in place and can be used and accessed as anticipated. Put yourself in the role of a future API user, design test case and verify that you can access the APIs and the data as intended. To a software tester this is really standard procedure, but you need to make sure that this testing is applied also to APIs.
Have you tested performance?
An important matter for application users that is sometimes overseen by developers (or at least at a low priority) - is performance. When exposing APIs to a potentially very large user base, this must however be made a top priority. This is why API design and testing must include performance measurement and testing.
As for interfaces I read a funny quote the other day that said ”A graphical user interface is like a joke – if it needs to be explained it is a bad one”. Maybe this can't be directly translated to an API interface, but there is certainly something there. A nicely designed and visualized API should be self explanatory and understood by most software developers of today. A badly designed and visualized API will require explanations and an extensive documentation. These factors have to be put into perspective and tested if you want your API implementation to be successful. This is why usability scenarios need to be made part of your testing scheme.
Security was brought up by myself in one of the previous blog posts which mentions that there should (in my view) be several aspects to security. As performance is covered already in this blog post, let us instead focus on penetration protection and making sure that the right data reaches the correct recipient. You need separate test cases for this verification. If you are exposing potentially sensitive data through your private APIs, you really should consider using external expertise to make sure that you are covered and has the right level of protection for potentially harmful access of that data.
When it comes to how technically perform your testing and set up your test cases, there are certainly people more skilled than me and you find interesting reading just an Internet search away. If you prefer to speak to someone local on this topic, my brilliant colleagues are just a phone call way.
So to summarize....
- Testing is an important part of your successful API implementation.
- Make sure to test every aspect of the potential API usage and put yourself in the seat of your target audience.
- Do the functional testing properly, but don't forget the usability, security and performance perspectives.
- Use your existing test resources or seek external knowledge and assistance if required.
Other API Ready posts:
- API Ready Model Step 1 - Strategy and Organisation
- API Ready Model Step 2 - Design
- API Ready Model Step 3 - DevOps
- API Ready Model Step 4 - Visualize
- API Ready Model Step 5 - Security
- API Ready Model Step 7 - Monitor
- API Ready Model Step 8 - Infrastructure
- API Ready Model Step 9 - Analyze