From Zero to Hero: A GraphQL Testing Guide for Developers
By Grigori Trofimov
May 8, 2023
8 min read
Achieving simplified GraphQL testing can be possible if you employ test automation. Read on to find out how Parasoft SOAtest simplifies the creation, management, and orchestration of GraphQL tests.
Jump to Section
Testing GraphQL endpoints is as necessary as any other endpoint testing and automated testing is here to lend a hand. Let’s explore how to test GraphQL endpoints with test automation!
What Is GraphQL?
GraphQL is a query language for APIs that was developed by Facebook beginning in 2012 to solve a specific problem — with the rise of smartphones and mobile web browsers, using RESTful API calls was slow and inefficient, particularly on mobile networks. Multiple API calls to multiple endpoints took time, often returning either more information than was necessary, or not enough. The large amounts of data that were returned, combined with multiple API calls, resulted in a poor user experience.
When implemented into Facebook’s app for iOS in 2015, the tech world saw the advantages of the new technology, resulting in rapid adoption by many leading companies. In 2015, GraphQL was open sourced, and in 2019, the GraphQL Foundation was created to further develop the specification and reference implementations. Though originally designed with mobile computing in mind, implementation has spread to desktop and server computing. Adoption of GraphQL has expanded to include companies and organizations such as GitHub, Pinterest, Intuit, Coursera, and Shopify.
GraphQL vs. Traditional REST APIs
There are many advantages GraphQL can provide over traditional REST API interfaces. While every technology implementation has tradeoffs, GraphQL offers more flexibility in retrieving information. A single, well-written GraphQL query can return information that would require multiple RESTful API calls with HTTP requests. Researchers and developers have found that GraphQL calls return data sets that are over 90% smaller than using RESTful APIs to acquire the same data.
When using a RESTful API to retrieve data, you often have to make multiple API calls to get all the information you’re seeking. For instance, if you’re logging in to your bank, you first need to get your customer number. Once you have your customer number, you can get your account number. From there, you can get your account balance:
There’s nothing wrong with REST APIs, but multiple API calls are often slow, data heavy, and inefficient. In the example above, in order to get your bank account balance, you had to build a sequence of three API calls chained together, each a proper request and an entire response defined by the schema. A GraphQL request is leaner and more specific, dealing with only the three values of customer ID, account ID, and balance:
The example above might look trivial, but it shows how a request that would traditionally be accomplished with three API calls can be accomplished with just one using a GraphQL query. The best part is that it doesn’t require reimplementation of your existing functionality.
There are many additional pros and cons between REST and GraphQL, but it’s important to note that GraphQL and REST APIs are not mutually exclusive, and the adoption of one does not exclude the other. In fact, the two work quite harmoniously together.
When Should You Use GraphQL?
When deciding whether to use REST APIs or GraphQL, consider the complexity of your data and the flexibility you need in your queries and mutations. If your data is relatively simple and your API requires a well-defined, resource-based interface, REST APIs may be the way to go.
On the other hand, if you have complex data that requires flexible queries and mutations and you want to minimize over-fetching and under-fetching, then GraphQL may be a better fit.
It does require careful design to create GraphQL APIs and queries with the schema and type organization. REST APIs may be easier to design and query since you can separate individual data requests, but they can also take longer to run. Generally speaking, REST APIs are better for very complex queries, while GraphQL queries can offer more optimization and faster operation.
Additionally, if real-time data and multiple API versions are important for your application, GraphQL can provide these benefits, while REST APIs may require more effort to implement. Ultimately, the choice between REST APIs and GraphQL depends on the specific requirements of your project and the tradeoffs you are willing to make.
Use GraphQL when you want to create a simple and efficient interface for consumers that want to leverage your APIs. You may also want to leverage GraphQL to reduce the total traffic exchanged between your frontend and the backend like Facebook did for mobile traffic. If you want to retrieve all relevant data in a single query, GraphQL can do that very well.
Why You Should Write Tests for GraphQL
As with other functional testing, it’s important to test GraphQL APIs to ensure that the software’s business logic performs correctly. You need to verify that the queries, schemas, and any mutations behave and respond as expected. Writing and running tests helps developers and QA find errors early – before they get to production. It also ensures that you have sufficient test coverage for the API and application
How to Test GraphQL API Implementations
GraphQL is an abstraction layer that exists between the front-end systems and the backend APIs making it essential to do testing. GraphQL queries allow you to access multiple resources in the backend and aggregate that data together into a single meaningful response.
Backend APIs are typically granular because we want to create new, reusable building blocks for our applications. However, that doesn’t directly translate to our user stories or to the actions we want to be able to accomplish from the frontend. GraphQL is a way to simplify the interactions with your backend data by using an interface with schemas that describe the system behavior so you can get efficient data from your APIs.
Each of the GraphQL schemas map to functions. These functions will then make subsequent calls to the backend against your APIs, databases, and any other resources necessary to collect the data that was requested.
The functions will then assemble the necessary data into a response that will maintain the same shape as the request, making it very easy to understand which data is associated to which elements in the request.
Ask for what you need,
get exactly that.
Additionally, GraphQL can be set up to call multiple backend services as it assembles its query response. This reduces the total time that a consumer needs to spend navigating through API docs to understand and read what information is available from a call.
Types of Tests
A query test is a request for data from one or more database tables. A query can either be a request for data results, action on the data, or both.
A mutation test is a form of testing that modifies specific components of an application’s code to see if a testing tool can detect the changes. Mutation testing is typically used to conduct unit tests to see if a software tool can detect code that isn’t properly tested or has hidden defects that other testing methods don’t catch.
A load test is a type of performance testing that places your application or website under strain that resembles real-world conditions. Without load testing, your software could fail when it really counts. Load testing tools examine how your application performs during normal and high loads.
A security test is a form of testing that uncovers vulnerabilities, risks, and threats in a software application and prevents attacks from hackers. A security test identifies possible weaknesses of the system that could put your application, information, users, or company at risk.
Schema tests, also called mapping tests, are a form of software testing that validates objects of a front-end application with corresponding database objects. Schema tests are used to find unmapped objects in a database, like tables, views, or columns.
Automated Testing of GraphQL Endpoints
GraphQL is a powerful technology that allows your API consumers to access their information in a more efficient way. To make sure that the experience works the way you intend, you need to validate your GraphQL APIs. This is where test automation comes in.
There are many automation tools available to test your GraphQL APIs. In this case, I’m using Parasoft SOAtest, a widely used API testing solution that simplifies the often daunting challenge of validating your critical APIs across multiple technologies. It supports a wide range of message formats and protocols, including GraphQL.
GraphQL endpoints accept queries as strings and return JSON responses with the query results. This fits nicely with SOAtest, since queries can be made by REST clients to send the queries and validation can be done by existing JSON verification tools.
Consider the following simple example GraphQL query.
An expected return would be something like:
This same query can be created in Parasoft SOAtest via GraphQL Client in Literal or Form mode.
In SOAtest, the GraphQL queries are sent as a string named query. Responses are returned in JSON, which SOAtest is readily able to interpret and represent in its traffic viewer.
The returned values are expected. We need an automated way to verify these results. The SOAtest JSON assertor comes in handy here.
Verifying GraphQL Responses
SOAtest verifies JSON responses using assertions that are configured with its JSON assertor tool. Here’s an example check to see if the first name returned is a string “Luis” which we know is not a valid value.
Running the test again, the test fails.
As you can see, the testing of GraphQL is straightforward in SOAtest using already existing capabilities.
What about authentication? This is handled by SOAtest and the existing client authentication tools will work with GraphQL endpoints as well.
Why Parasoft SOAtest for GraphQL Testing?
The benefits that SOAtest brings to REST, SOAP, and other API testing remain the same for GraphQL. Designed to fit into existing testing infrastructure, Parasoft SOAtest accelerates testing that enables Agile development by helping testers work smarter with scriptless testing that facilitates collaboration across dev, test, performance, and security teams.
Parasoft SOAtest makes tests easy to create, manage, orchestrate, run, write, and analyze. Going beyond GraphQL, SOAtest’s support for over 120 message formats and protocols plus test generation aided by AI and machine learning is making API testing easier.
See GraphQL Testing in Action
Take a look at this video, where we show you how to use SOAtest to send GraphQL queries to APIs that have GraphQL implemented. If you find this helpful, share it with others!