Skip to Content

API Quality Engineering  


Request for price


Length: 5 day (40 hours)

 

Course objectives

After completing this course, students will be able to:

    • Validate Business Logic: Write comprehensive functional tests for REST and GraphQL APIs.
    • Automate API Workflows: Build "Chained" requests where data from one API is used in the next.
    • Assess Performance: Conduct Load and Stress tests to find an API's breaking point.
    • Secure the Interface: Identify common vulnerabilities like SQL Injection, Broken Authentication, and Sensitive Data Exposure (OWASP Top 10 for APIs).
    • Build CI/CD Pipelines: Integrate API tests into automated deployment workflows using Newman or Maven.

Course outlines

    • Module 1: API Functional Foundations
      • API Anatomy: Understanding Endpoints, Parameters (Query/Path), and Authentication (Bearer Tokens, OAuth2).
      • Postman Mastery: Environments, Variables, and Writing Tests in JavaScript.
      • Negative Testing: Validating that the API fails gracefully with 400 and 500-level errors.
      • Data-Driven Testing: Running one API test against 1,000 different data sets using CSV/JSON.
    • Module 2: Advanced Functional Automation
      • REST-Assured (Java): Building a professional framework using Gherkin-style syntax (Given/When/Then).
      • Contract Testing: Using Pact or OpenAPI (Swagger) to ensure the Producer and Consumer stay in sync.
      • Mocking & Stubbing: Using WireMock to simulate unstable or paid third-party APIs.
    • Module 3: API Non-Functional Testing (Performance)
      • Load Testing: Simulating expected user traffic using Apache JMeter or k6.
      • Spike & Stress Testing: Identifying how the API recovers from sudden bursts of traffic.
      • Latency Analysis: Measuring Response Time and Throughput against SLAs (Service Level Agreements).
    • Module 4: API Non-Functional Testing (Security & Reliability)
      • Security Scanning: Using OWASP ZAP or Burp Suite for automated vulnerability scans.
      • Input Validation: Testing for Injection attacks and Schema compliance.
      • Resilience: Introduction to "Chaos Engineering"—how the API behaves when the Database or Cache fails.
    • Module 5: Reporting & Integration
      • Dynamic Reporting: Integrating Allure Reports for visual API execution history.
      • CI/CD Integration: Running API collections as part of the GitHub Actions or Jenkins pipeline.



Download Outlines