How to test whether your API can handle anomalous HTTP responses.
Today I was exploratory testing my Service, which performs sequential HTTP requests that depend on the response of the previous request. I wanted to find out how our API would handle a variety of HTTP responses. I also wanted to see what would happen if things went wrong. What if the response contains an image? Or an error code? Or what if there was a timeout?
To answer these questions as quickly and easily as possible I ventured on to the web. With some effort, I found what I was looking for, and on the way I discovered a few tools that are just great for exploratory testing your API’s response handling. If you test or debug API’s on a regular basis, here are a few free tools you’ll definitely want to check out.
1. Requestb.in (HTTPS only)
What else is sent with my HTTP request? Could this be affecting the response?
Requestb.in provides you with a URL to which you can send your HTTP request. After sending your request, refresh the page to see what you really sent, including from which IP your traffic originates.
Unlike some tools, requestb.in also displays background headers and cookies that are sent along with your request, such as those added by the browser. This may explain unexpected region-sensitive responses, caching problems or issues with data encoding.
Can your API cope with a slow network?
A sketchy network signal is the single biggest issue for users of mobile devices. If the features using your API will be accessed by mobile users, network throttling is something you can’t afford to omit from your testing.
How does your service perform when the network is slow or patchy? Your humble browser developer tools can help you find out. The CSS Tricks site explains how.
How does my API deal with timeouts?
Timeouts are essential for testing Services that send sequential HTTP requests. My App allows a generous 30 seconds for the other API to get its data across, whereas many of the tools I came across could only manage a delay of 5 or 10 seconds. Thankfully a colleague of mine introduced me to Slowwly.
The great thing about Slowwly is that it can delay the response to any URL, so you can test with real data. Send your original request to the endpoint of your choice, and Slowwly delays the response for the time you specify.
HTTP Responses: Data Types and Routing
What happens if your request is redirected n times? What if the response contains gzip-encoded data? Or perhaps you want a response that reacts solely to your caching headers. Httpbin can generate all sorts of response types, data formats and traffic conditions.
Httpbin has a pretty neat list of options. If you’re new to API testing, this list provides a good overview of the input types your API may have to deal with in day to day use.
5. Postman Echo
Mocking API Responses and Error Codes
Postman Echo offers a wide range of endpoints that you can call from your API, each of which returns a specific response. For example, one endpoint returns your request headers or request cookies in the response body. Another address simulates an authenticated endpoint that can pass or fail your credentials.
The Postman Echo Utilities list even lets you choose which error code to return to your API. This is ideal for verifying whether your API handles all those different codes correctly, without having to reproduce the conditions leading to each code.
Free and Easy-to-Use API Testing Tools
With so many API testing tools available on the web, the choice can be overwhelming. What I like about these five web-based tools is that they are simple, straightforward and ready-to-use. There’s no complicated installation and no sign-up is required. Whether you’re developing REST Services or Mobile Apps, exploratory testing with these tools will help you deliver a robust and reliable API.