Application Programming Interfaces

Testing Tools

Functional testing of REST API's entails sending HTTP requests and checking responses so that we can verify that API's behave as we expect. REST uses HTTP for transport that specifies the request and response formats of API. TCP/IP, in turn, takes the HTTP messages and decides how to transport them over the wire.

cURL

cURL is a popular command line tool that usese its own HTTP stack and is available on all platforms.

Postman

Postman is a REST client that allows us to test REST API's. It allows us to create http request and generate the equivalent cURL commands we can use. It creates multiple environments for Dev, Test, Pre-Prod as each environment has different configurations.

GraphiQL

GraphiQL is a light weight electron based application for writing GraphQL queries and mutations.

Burp

Burp is a HTTP debugger that let us see the web traffic that goes between the client and the API. It runs as a proxy between the client and the server. This allows us to intercept the request and the reponse and modify them to create scenarios that are otherwise difficult to test without changing the client. It is a suite of tools that is mainly used for security testing but it can be very useful for API testing as well. Set up your postman to send request to Burp proxy and configure Burp to intercept client request and server response. Intercept request and response as shown below.

Wireshark

Wireshark allows for verification of some features of API, e.g., encryption, compression, etc., will require us to look a level deeper to see what is being sent and received on the network. Wireshark is a tool that monitors network interface and keeps a copy of all TCP packets that pass through it. Traffic is split by layers — HTTP, TCP, IP, etc. It also helps us to troubleshoot issues that require us to go deeper, e.g., TLS handshake.

JMeter

JMeter is a load testing tool which can help test the amount of load that can be placed on your API and make sure that quotas, limits and DoS attacks will not affect your other cutomers.

API Management Tools

MuleSoft

MuleSoft Anypoint helps enterprises integrate their api solutions allowing the full lifecycle of develop, deploy, manage, secure and reuse thirdpary API's from their marketplace.

Apigee

Google API Management helps manage the full lifecycle of API management.

Azure API Management

Microsoft API Management helps enterprises build API architectures on the Azure cloud. It helps streamline work across hybrid and muli-cloud environment with a single place for managing all your API's.

Useful Links

Other useful links to gather information from:

• DZone Refcard on RESTful Architecture
• Government of Canada Standards on API's
• API Authentication
• Backendless Architecture (Picture)
• Postman
• RAML 200 Tutorial
• yEd Image Editor
• Web API Design: The Missing Link (Apigee eBook PDF)
• GraphQL Java
• JSON Schema
• JSON Linked Data
• Best Practices
• Popolo Project Documentation

• Popolo Project Person
• Polypolo schema
• Java RDF Api
• SHACL RDF Schema