API Concepts
API Concepts:
Overview and Target audience:
The intend of this document is to provide the basics of API (Application Platform Interface) on how the communication between two different applications and software’s happen in real world. Since the growing world needs more connectivity between different software’s and which can be achieved simply through standard protocols. Many of the today’s manual testing job opportunities requires API knowledge, since API testing is no longer a skill. What happen if tester is supposed to test an integration and data flow between two different systems when Downstream or Upstream systems are not available? In such cases many of the issues will be undiscovered and will appear during late in the game. Which will cost too much to any project. To overcome this situation, testers needs to have understanding on how API actually works and how communication really happen. In below article you will find basics of API from tester’s point of view.
Introduction to API:
What is API? Where we use API? How it will help the application/Software?
API is abbreviation of Application Platform Interface (API). As the name suggest, it a messaging service used for data exchange between two or more different applications or within a same application with some pre-defined sets of protocol. To simplify this, let’s see in details what is API and how it works.
Consider a case where user is shopping online using any shopping. Let’s break this situation in two parts,
- Payment request sent by shopping site to bank
- Payment response sent by bank to shopping site
Shopping site can be built using any technology such as Java, .net and may be different than banks. How communication will happen in this case?
Now consider below situations:Considering above case, there has to be a simplest data exchange technique between two or more different applications/software. Or there has to be a common language understandable and producible by all types of programming platforms. API helps applications to understand the data that is being shared between applications situated in different servers or within different integrations.
- Case 1- Suppose there are two different applications A and B located in two different servers, also app-A is developed using JAVA programming language and app-B is developed using .net. What if there has to be a data exchange between such two different applications?
- Case 2- Let’s consider an application developed using integration of multiple COTS (Commercially off the Shelf) products. How data exchange will happen in such case between two different products in a same application.
When there has to be a data exchange between A and B in Case 1 mentioned above, there will be a Web service end point situated within these two applications. Consider a case where A is sharing data with B and B is supposed to consume that data. In this case, A will perform actions using JAVA code. The web service end point at A will convert processed out-put in commonly understood language which is generally XML. The data in XML format will be shared to B. B will receive the XML data and it will fetch necessary metadata from it and same will get consumed based on how code is designed. In the same manner data exchange will happen when A is requesting some data from B.
Web service end point is the code snippet that will convert JAVA input from source application, Convert it into language consumable by every programming platform and then send it to the target or client.
There are two different types of Web Services that are being used worldwide.
- Simple Object Access Protocol (SOAP)
- Representational State Transfer (REST)
Simple Object Access Protocol (SOAP)
SOAP defines the XML-based message format that Web service-enabled applications use to communicate with each other over the Web. Since, the heterogeneous environment of the Web demands that applications support a common data encoding protocol and message format. SOAP is a standard for encoding messages only in XML that invoke functions in other applications.
SOAP facilitates applications to call functions from some other applications, running on other operating system and programming languages. SOAP uses HTTP protocols for the data exchange over the web. Hence SOAP follows its own security. There are some predefined sets of protocols which every SOAP service should follow extensively. SOAP uses service interface to expose the business logic.
Some of the Advantages of SOAP are:
1. SOAP provides follows the HTTP protocols for the data exchange between two different applications
1. SOAP provides follows the HTTP protocols for the data exchange between two different applications
2. SOAP provides simple communication through the firewalls.
Disadvantages of SOAP are:
- SOAP only uses XML as communication media
- SOAP is a statefull protocol, which means it does retains any session information or status about each communication with partners during multiple requests.
- Since SOAP requires more bandwidth and resources, it is considered to be slow when compared with REST.
- SOAP cannot use REST
Representational State Transfer (REST)
REST is one of the most widely used and trending architecture type. In this type of web service, client application will access the Universe Resource Identifiers (URI) exposed by the server application and data exchange will takes place. So REST uses URI to expose the business logic. REST does not have any protocol or less protocols to follow, which makes it more durable and trending.
Some of the Advantages of REST are:
- REST can use SOAP web services because it a concept and can use any protocol
- REST does not follow too much protocols like SOAP
- REST requires less bandwidth and resources as compared to SOAP
- REST permits different data formats such as text, XML, HTML, JSON etc.
- REST is stateless architecture, which means server will not retain any request and it will treat every request newly.
When any data exchange is happening between two different systems based on REST architecture, it is responsibility of the server to reply back with the same messaging format. So when client is requesting any data in JSON , it is responsibility of server to give response in JSON.
Actions / Verbs:
HTTPS defines several sets of Verbs or Actions that indicates the desired action to be performed on a resource. The server can be configured to support any combinations of methods. Commonly used Verbs are GET, POST, PUT, DELETE
| Action | Description |
| GET | It is normally used to retrieve any information from the system. Nothing can be added or changed, It got no effect on data. Client will receive a ready only data using GET. |
| POST | It is used to create any new data or objects in the system. For example creating a user or creating a record for any metadata. Every POST method should create a new record in the database. POST verb also supports the action. |
| PUT | It is used only to create a new record or object in the system. With the help of PUT verb only creating action is possible. |
| DELETE | As the word suggest it is used to delete any data or object in the system. Every DELETE verb should have delete action in the database. |
Idempotent concept:
Idempotent is something no matter how many times you execute it, the result will be always the same. Meaning if we are doing same actions for multiple times and output remains the same each time. Simplest example will be multiplying any number by 1, will give same number every time. On the other hand Non-idempotent is something where first action will only give the output and rest of time user will get an error. For example, creating a unique ID for customer. When creating a user for the second time with same ID will give an error saying user is already present in the database.
Non-Idempotent action is – POST while rest are Idempotent.
Errors encountered during data exchange:
There are n numbers of possible errors that can occurs during the data exchange through web services. Sometimes server may go down or it will not respond on time or takes too much of time to respond. Let’s see some important errors and their error codes encountered in web services:
| Errors | Description |
| 400 Bad request: | The Web server thinks that the data stream sent by way is ‘malformed’ i.e. did not respect the HTTP protocol completely. So the Web server was unable to understand the request and process it. |
| 401 Unauthorized: | The request is not applied because lack of authentication of credentials for the target resource. |
| 403 Forbidden Error: | Accessing the page or resource you were trying to reach is absolutely forbidden for some reason |
| 404 Not Found: | Indicate that the client was able to communicate with a given server, but the server could not find what was requested. |
| 405 Method Not Allowed: | Indicates that the request method is known by the server but has been disabled and cannot be used |
| 500 Internal Server Error: | The 500 Internal Server Error is a very general HTTP status code that means something has gone wrong on the website’s server, but the server could not be more specific on what the exact problem is. |
Conclusion:
In this article, we have covered an overview of API concept. Also,
- Basic needs of Application Platform Interface in communication
- SOAP and REST are the two messaging protocols available today for communication between two different applications
- GET, POST, PUT and DELETE are the most common verbs used during API communication
Comments
Post a Comment