SPEEDLOADS Mnemonic for API Testing
In my work, I do a lot of API and Web Service testing. Most of the Web Services we create are brand new; we collaborate on what the service should do, what type of technologies are used, and the standard we will be using i.e RESTful.
I have found using Mnemonics helps when working through our Acceptance Criteria and Acceptance Tests. I have a blog dedicated to Mnemonics and the different mnemonics I use when testing. Link to Mnemonic Blog
The mnemonics that are used for API testing that I could find on the internet, did not quite have everything I needed. So I decided to create my own mnemonic which covered a couple more important points I like to consider when creating, testing and discussing web services.
Without further ado, I give you my Mnemonic!
- Security Testing:
- Fuzzing, Invalid Input Attacks, Malicious Input, Injection Attacks, Cross-Site Scripting Attacks.
- What authorisations do you need to access the service?
- Performance & Load Testing:
- How much load can the service handle?
- What load should the service handle?
- What performance should the service handle?
- How are these endpoints reached?
- Is it a single endpoint or multiple endpoints?
- What values can be passed into each endpoint?
- Error handling:
- How does the service handle errors on the client and server side?
- What error messages are displayed?
- Does the service handle being offline? Will it self-heal and restart?
- Does it have a retry strategy?
- Is there documentation on how this service works?
- Is the documentation easy to read?
- Does it cover everything the service does?
- Does it follow the correct guidelines?
- Does the service do what the documentation says it does?
- What limits are set for each endpoint, max and min?
- Is there any request limits set?
- Are results returned dependent on a certain order i.e Ascending, Descending, Alphabetical?
- Automation Checks:
- Has the service got the appropriate limit of Unit, Integration and Acceptance Tests
- Does the date time returned need to be in a UTC format?
- Is there a specific date format that needs to be returned?
- Status Codes:
- Are the status codes returned appropriate HTTP status codes conform to the w3 standard?
- Can you confirm these statuses are returned? How?
You can get so much more out of mnemonics when you create your own to use in your day to day testing role.
Please feel free to critique, question or comment on my mnemonic.