Course objectives
After completing this course, students will be able to:
- Validate Business Logic: Write comprehensive functional tests for REST and GraphQL APIs.
- Automate API Workflows: Build "Chained" requests where data from one API is used in the next.
- Assess Performance: Conduct Load and Stress tests to find an API's breaking point.
- Secure the Interface: Identify common vulnerabilities like SQL Injection, Broken Authentication, and Sensitive Data Exposure (OWASP Top 10 for APIs).
- Build CI/CD Pipelines: Integrate API tests into automated deployment workflows using Newman or Maven.
Course outlines
- Module 1: API Functional Foundations
- API Anatomy: Understanding Endpoints, Parameters (Query/Path), and Authentication (Bearer Tokens, OAuth2).
- Postman Mastery: Environments, Variables, and Writing Tests in JavaScript.
- Negative Testing: Validating that the API fails gracefully with 400 and 500-level errors.
- Data-Driven Testing: Running one API test against 1,000 different data sets using CSV/JSON.
- Module 2: Advanced Functional Automation
- REST-Assured (Java): Building a professional framework using Gherkin-style syntax (Given/When/Then).
- Contract Testing: Using Pact or OpenAPI (Swagger) to ensure the Producer and Consumer stay in sync.
- Mocking & Stubbing: Using WireMock to simulate unstable or paid third-party APIs.
- Module 3: API Non-Functional Testing (Performance)
- Load Testing: Simulating expected user traffic using Apache JMeter or k6.
- Spike & Stress Testing: Identifying how the API recovers from sudden bursts of traffic.
- Latency Analysis: Measuring Response Time and Throughput against SLAs (Service Level Agreements).
- Module 4: API Non-Functional Testing (Security & Reliability)
- Security Scanning: Using OWASP ZAP or Burp Suite for automated vulnerability scans.
- Input Validation: Testing for Injection attacks and Schema compliance.
- Resilience: Introduction to "Chaos Engineering"—how the API behaves when the Database or Cache fails.
- Module 5: Reporting & Integration
- Dynamic Reporting: Integrating Allure Reports for visual API execution history.
- CI/CD Integration: Running API collections as part of the GitHub Actions or Jenkins pipeline.