API Testing

Parasoft’s comprehensive enterprise-grade API Testing solution simplifies the complex testing that’s vital for business-critical APIs and API-driven applications.

  • Designed from the ground up to simplify the testing of GUI-less APIs
  • Generate extensible, reusable, easily maintainable tests with 100% coverage
  • Design sophisticated tests without scripting or coding
  • Automate continuous regression testing with sophisticated validations
  • Broad native support for platforms, technologies, protocols

Intelligent Test Creation and Automated Validation

With APIs, testing a broad range of conditions and corner cases is critical, so automation comes to the forefront. The creation and execution of simple automated tests with limited or manual validation might have sufficed for internal given web services that were used internally (e.g., via SOA), but more sophisticated and extensive automation is required to be confident that APIs are robust enough to meet business expectations. You need a level of automation that gives you a comprehensive set of functional test cases that can be repeated in a systematic manner. Parasoft provides an intuitive interface for automating complex scenarios across the messaging layer, ESBs, databases, and mainframes: Defining automated test scenarios across the broad range of protocols and message types used in APIs: REST, WADL, JSON, MQ, JMS, EDI, fixed-length messages, etc.
  • Automating rich multilayer validation across multiple endpoints involved in end-to-end test scenarios.
  • Parameterizing test messages, validations, and configurations from data sources, values extracted from test scenarios, or variables.
  • Defining sophisticated test flow logic without requiring scripting.
  • Visualizing how messages and events flow through distributed architectures as tests execute.

Change Management for Test Assets and Environments

Continuously evolving APIs helps organizations stay a step ahead of the competition while responding to business demands. Yet, this frequent change presents significant quality risks if the automated test suite fails to keep pace with the evolving API. Parasoft meets this need with Change Advisor, which enables users to assess the impact of changes to existing tests and then quickly update existing tests (or create new ones) in response to the identified change impacts. This means that you can vastly reduce the amount of time required to ensure that your tests don’t fail due to expected changes…or overlook critical new functionality.

Service Virtualization for Simulated Test Environments

Parasoft Service Virtualization creates simulated test environments that provide anytime, anywhere access to the behavior of dependent resources that are unavailable, difficult to access, or difficult to configure for development or testing. “Dependent resources” might include mainframes, mobile app front-ends, databases, web services, third-party applications, or other systems that are out of your team’s direct control. Service virtualization can be used in conjunction with hardware/OS virtualization to access the environments you need to test earlier, faster, or more completely. In the context of API testing, service virtualization can be applied in two key ways:
  • To simulate access to the dependent resource behavior (e.g., from a mobile app, database, legacy system, or third-party service) that you need in order to thoroughly validate your API.
  • To simulate the behavior of your APIs, creating a test environment that API consumers can develop and test against without impacting your production environment—or to enable development and testing to begin before APIs are completed.

Extensive Performance Testing

Due to the highly-exposed nature of APIs, there’s a high potential for unpredictable and often volatile traffic volumes. To determine whether your API will satisfy SLAs in the event of the erratic or surging demand that APIs commonly face, it’s essential to ramp up the scope of performance testing. In addition to the using Parasoft’s load testing capabilities to reuse your existing test assets to verify application performance and functionality under heavy load, you can also use Parasoft’s service virtualization capabilities to create simulated test environments that help you test against different performance scenarios that would otherwise be difficult to create in the test environment.

For instance, you can easily set performance conditions (e.g., timing, latency, delay) to emulate peak, expected, and slow performance—perhaps to help you plan for cloud bursts or determine how the API might respond when someone is accessing it from China. You can also configure various error and failure conditions that are difficult to reproduce or replicate with real systems—for instance, if your APIs rely on Amazon Web Services, you can easily simulate a scenario where AWS is down. This ability to rapidly configure a broad range of conditions in dependent systems is essential for determining if your APIs provide reasonable responses—or at least fail gracefully—under exceptional conditions.

Service virtualization also facilitates performance testing by enabling you to “virtualize” any connections to third-party systems. This reliably eliminates the risk that your stress tests might impact services you aren’t permitted (or budgeted) to barrage with test messages.


Extensive Security Testing

Considering APIs’ increased attack surface area, a multi-faceted security testing strategy is essential for ensuring that development has built the appropriate level of security into your application. Parasoft’s solution provides extensive security testing capabilities, including:
  • Executing complex authentication, encryption, and access control test scenarios.
  • Generating a broad range of penetration attack scenarios involving parameter fuzzing, injections, large payloads, etc.
  • Running penetration attack scenarios against your existing functional test scenarios.
  • Monitoring the back-end during test execution in order to determine whether security is actually compromised.
In addition, Parasoft’s Service Virtualization can help you take your security testing to the next level:
  • It provides rapid ways to emulate attack scenarios as well as emulate different security behaviors of dependencies. This lets you derive more value from your existing functional test scenarios (since you can run them vs. different security scenarios that would otherwise be difficult to configure and unfeasible to test against).
  • It enables extensive security testing to be performed without a security expert. Existing test scenarios can be easily executed against a broad set of preconfigured security scenarios.
  • It helps you isolate and zero in on your APIs response to various attack scenarios and different security behaviors of dependencies.

Rapid Browser-Based Creation and Management of Test Assets

Parasoft’s browser-based Continuous Testing Platform (CTP) provides an integrated platform for creating, managing, and executing test environments and tests. It unites test environment management (test environment setup, visualization, validation, and provisioning), service virtualization (virtual asset creation, configuration, and deployment), and API testing (test creation, management, and execution).

From this intuitive UI, you can add, configure, and manage test scenarios for REST and SOAP APIs. The test configuration interface is designed to help new users rapidly define a core set of tests. In addition, you can review, modify, and extend the team’s existing library of Parasoft test assets.

This library of tests can be used in two main ways from Environment Manager:

  • Automated provisioning during testing: You can configure a test job, then associate an environment context with that test scenario so that the appropriate environment is always provisioned before that test job is run. The job execution history stores the associated test environment settings and variables along with results, enabling complete traceability.
  • Automated testing during provisioning: Test scenarios can be automatically executed when a specific test environment is provisioned. For instance, you can configure functional test scenarios to execute whenever your functional testing environment is provisioned–or your security test scenarios to execute whenever your security test environment is provisioned.