# API Testing

API testing ensures that APIs work correctly, perform well, and are secure. It involves testing the API endpoints, data formats, and business logic.

## Types of API Testing:

### 1. Functional Testing

- Tests API functionality against requirements
- Verifies correct responses for valid requests
- Checks error handling for invalid requests

### 2. Load Testing

- Tests API performance under load
- Measures response times and throughput
- Identifies bottlenecks and scalability issues

### 3. Security Testing

- Tests authentication and authorization
- Checks for vulnerabilities (SQL injection, XSS, etc.)
- Validates data encryption and secure transmission

### 4. Integration Testing

- Tests API interactions with other systems
- Verifies data flow between components
- Checks third-party API integrations

### 5. Regression Testing

- Ensures new changes don't break existing functionality
- Runs after code updates or deployments

## API Testing Tools:

- **Postman**: GUI tool for API testing and documentation
- **Insomnia**: REST client for API testing
- **curl**: Command-line tool for HTTP requests
- **pytest** (Python): Framework for API testing
- **Rest-Assured** (Java): DSL for REST API testing
- **Newman**: Command-line runner for Postman collections

## Testing Strategies:

### Unit Testing

- Test individual API endpoints
- Mock external dependencies
- Focus on business logic

### Integration Testing

- Test API with real databases and services
- Verify end-to-end functionality
- Test data persistence

### Contract Testing

- Define API contracts between services
- Ensure API changes don't break consumers
- Use tools like Pact or Spring Cloud Contract

## Test Cases Examples:

- **Positive Tests**: Valid requests with expected responses
- **Negative Tests**: Invalid requests with proper error responses
- **Edge Cases**: Boundary values, empty inputs, large payloads
- **Security Tests**: Unauthorized access, malformed tokens
- **Performance Tests**: Response times under load

## Best Practices:

- **Automate tests**: Use CI/CD pipelines
- **Test all HTTP methods**: GET, POST, PUT, DELETE, PATCH
- **Test status codes**: Verify correct HTTP status codes
- **Validate response format**: Check JSON/XML structure
- **Test pagination**: For list endpoints
- **Test rate limiting**: Ensure proper throttling
- **Document tests**: Keep test cases documented

## Python API Testing Example:

```python
import requests
import pytest

def test_get_users():
    response = requests.get('https://api.example.com/users')
    assert response.status_code == 200
    assert isinstance(response.json(), list)

def test_create_user():
    user_data = {'name': 'John', 'email': 'john@example.com'}
    response = requests.post('https://api.example.com/users', json=user_data)
    assert response.status_code == 201
    assert response.json()['name'] == 'John'
```

## Mocking and Stubbing:

- **Mocking**: Simulate external dependencies
- **Stubbing**: Provide canned responses for testing
- **Tools**: unittest.mock, responses, httpretty

## Continuous Integration:

- Run API tests in CI pipelines
- Test against staging environments
- Monitor API health and performance
- Generate test reports and coverage metrics
