EMBRACE API Testing

I am always looking for new ways to teach software testing, along with keeping my technical skills up to date. I decided to revisit my knowledge of APIs and API testing. In doing so, I came across a TestBash talk by Shivani Gaba on moving from GUI testing to API testing. I thought she explained it very well and it would be a useful watch for anyone new to the topic or revisiting. You can find it on the Ministry of Testing website — Moving from GUI to API. Testing Challenges Faces. Lessons Learned.

For me, Shivani broke down the complex and made it very simple. I liked how she shared her honest personal journey of being a little bit terrified of moving into API testing, saying she was familiar with testing the GUI level. However, over time Shivani explained by breaking it down — how you can get involved testing here. It is not as complicated as you may first think.

I reached out to Shivani to give this feedback and also, my intentions of sharing this on my blog with her permission. In the talk she talks about EMBRACE, which stands for endpoint, method, body, request/response headers, authorisation, codes and execution time. This has stuck in my head and I thought it would be a great way to teach other people. More people need to know about it!

Before we get into that. What is an API at all?

Examples of an API

Another example could be you need to get a dinner recipe from your friend down the road. You send your son to run quickly down the road to ask for the recipe, he retrieves the recipe and brings it back to you. Your son is acting as the API.

EMBRACE

Endpoint

An endpoint is a component of an API. I like to think of them as a bucket that has things in them. So for example, on Spotify you have a bucket full of albums. The bucket of the album is the endpoint.

In a more technical explanation, endpoints are the locations of the resources, and the API uses endpoint URLS to retrieve the requested resources. There are quite a few examples on this website. https://blog.hubspot.com/website/api-endpoint.

Methods

There are different methods that basically do different actions. So going back to a bucket of albums. You could get an album, create or update a new album, update an existing album or delete an album altogether.

GET — Read/retrieve response

POST — Create/update new resource

PATCH — Update existing resource

DELETE — Delete a resource

Body

A body, how I like to think about it, is a container. Like an envelope that sends the message. A request body is data sent by the client to your API. A response body is the data your API sends to the client

Request/response headers

There are headers that you need to think about.

Content type e.g. application/json

Authorisation — You have a key that you add to authorise that the API has permission to gain access to the data.

Authentication / Authorisation

I’ve added authentication here — providing the right identify, authorisation — do they have access for the data?

Code

These are the responses that you get back from the API. You can read more on this website https://developer.mozilla.org/en-US/docs/Web/HTTP/Status

1 xx Informational

2 xx Success

3 xx Redirection

4 xx Client Errors

5 xx Server Errors

Execution time

How long does it take for a response? If something is going to be taking a long time, then it will cause a lot of frustration.

Conclusion

References:

  1. Moving GUI to API testing by Shivani Gaba https://www.ministryoftesting.com/dojo/lessons/moving-from-gui-to-api-testing-challenges-faced-lessons-learnt-shivani-gaba?s_id=13075840
  2. Endpoint examples https://blog.hubspot.com/website/api-endpoint
  3. Codes https://blog.hubspot.com/website/api-endpoint

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store