Scribd Logo
Upload

Welcome to Scribd!

  • 388 views

    API Test Cases

    Uploaded by

    Jovi Van Shannon Belnas
    The document describes 60 test cases for testing APIs. The test cases cover various categories like HTTP method tampering, protocol tampering, authorization testing, payload testing, input validation, response time validation, automation, and data driven testing. The objective is to validate APIs by executing them under different conditions including valid, invalid, empty inputs and payloads as well as boundary values. It also aims to test error handling, response formats and performance.

    Copyright:

    © All Rights Reserved
    Download as XLSX, PDF, TXT or read online from Scribd

    API Test Cases

    Uploaded by

    Jovi Van Shannon Belnas
    388 views6 pages
    The document describes 60 test cases for testing APIs. The test cases cover various categories like HTTP method tampering, protocol tampering, authorization testing, payload testing, input validation, response time validation, automation, and data driven testing. The objective is to validate APIs by executing them under different conditions including valid, invalid, empty inputs and payloads as well as boundary values. It also aims to test error handling, response formats and performance.

    Copyright

    © © All Rights Reserved

    Available Formats

    XLSX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    The document describes 60 test cases for testing APIs. The test cases cover various categories like HTTP method tampering, protocol tampering, authorization testing, payload testing, input validation, response time validation, automation, and data driven testing. The objective is to validate APIs by executing them under different conditions including valid, invalid, empty inputs and payloads as well as boundary values. It also aims to test error handling, response formats and performance.

    Copyright:

    © All Rights Reserved
    Download as XLSX, PDF, TXT or read online from Scribd
    Download as xlsx, pdf, or txt
    388 views6 pages

    API Test Cases

    Uploaded by

    Jovi Van Shannon Belnas
    The document describes 60 test cases for testing APIs. The test cases cover various categories like HTTP method tampering, protocol tampering, authorization testing, payload testing, input validation, response time validation, automation, and data driven testing. The objective is to validate APIs by executing them under different conditions including valid, invalid, empty inputs and payloads as well as boundary values. It also aims to test error handling, response formats and performance.

    Copyright:

    © All Rights Reserved
    Download as XLSX, PDF, TXT or read online from Scribd
    Download as xlsx, pdf, or txt
    You are on page 1of 6

    TEST CASE ID API TEST CATEGORY TEST SCENARIO DESCRIPTION

    API_TC_01 API HTTP method/HTTP Execute the API by using the valid API HTTP method
    VERB TAMPERING

    API_TC_02 Execute the GET API by changing the API HTTP method
    to other than GET method (HEAD, POST, PUT, DELETE,
    OPTIONS, TRACE, HACK)

    API_TC_03 Execute the POST API by changing the API HTTP


    method to other than POST method (HEAD, GET, PUT,
    DELETE, OPTIONS, TRACE, HACK)

    API_TC_04 Execute the PUT API by changing the API HTTP method
    to other than PUT method (HEAD, POST, GET, DELETE,
    OPTIONS, TRACE, HACK)

    API_TC_05 Execute the DELETE API by changing the API HTTP


    method to other than DELETE method (HEAD, POST,
    PUT, GET, OPTIONS, TRACE, HACK)

    API_TC_06 API PROTOCOL Execute the API by using the correct defined protocol
    TAMPERING/STRICT
    TRANSPORT SECURITY

    API_TC_07 Execute the API by changing the protocol (http instead


    of https)
    API_TC_08 Execute the API by changing the protocol (https
    instead of http)
    API_TC_09 API PARAM Execute the GET method API by using valid parameter
    values

    API_TC_10 Execute the GET method API by using invalid


    parameter values
    API_TC_11 Execute the GET method API by using empty
    parameter values
    API_TC_12 Execute the POST method API by using valid parameter
    values

    API_TC_13 Execute the POST method API by using invalid


    parameter values
    API_TC_14 Execute the POST method API by using empty
    parameter values
    API_TC_15 Execute the PUT method API by using valid parameter
    values

    API_TC_16 Execute the PUT method API by using invalid


    parameter values
    API_TC_17 Execute the PUT method API by using empty
    parameter values
    API_TC_18 Execute the DELETE method API by using valid
    parameter values

    API_TC_19 Execute the DELETE method API by using invalid


    parameter values
    API_TC_20 Execute the DELETE method API by using empty
    parameter values
    API_TC_21 API AUTHORIZATION Execute the API by using a valid access token
    API_TC_22 Execute the API by using expired access token
    API_TC_23 Execute the API by using empty authentication
    API_TC_24 Execute the API by using tampered access token
    API_TC_25 Execute the API by using no access token
    API_TC_26 Execute the API by using a different authentication
    type other than mentioned by developer
    API_TC_27 Execute the API without access token authentication
    API_TC_28 Verify the API’s behaviors with different levels of
    authorization
    API_TC_29 API PAYLOAD Execute the POST method API with proper
    payload/body data
    API_TC_30 Execute the POST method API with improper
    payload/incorrect body data
    API_TC_31 Execute the POST method API without payload/empty
    body data
    API_TC_32 Execute the POST method API with increased size of
    proper payload/body data
    API_TC_33 Execute the POST method API with partial
    payload/partial body data (i.e., one of the field will
    not be supplied in body parameters)

    API_TC_34 Execute the POST method API by specifying


    payload/body data input with minimum required fields

    API_TC_35 Execute the POST method API by specifying


    payload/body data input with more fields than
    specified by the developer

    API_TC_36 Execute the PUT method API with proper


    payload/body data
    API_TC_37 Execute the PUT method API with improper
    payload/incorrect body data
    API_TC_38 Execute the PUT method API without payload/empty
    body data
    API_TC_39 Execute the PUT method API with increased size of
    proper payload/body data
    API_TC_40 Execute the PUT method API with partial
    payload/partial body data (i.e., one of the field will
    not be supplied in body parameters)

    API_TC_41 Execute the PUT method API by specifying


    payload/body data input with minimum required fields

    API_TC_42 Execute the PUT method API by specifying


    payload/body data input with maximum fields

    API_TC_43 Execute the DELETE method API with proper


    payload/body data
    API_TC_44 Execute the DELETE method API with improper
    payload/incorrect body data
    API_TC_45 Execute the DELETE method API without
    payload/empty body data
    API_TC_46 Execute the DELETE method API with increased size of
    proper payload/body data
    API_TC_47 Execute the DELETE method API with partial
    payload/partial body data (i.e., one of the field will
    not be supplied in body parameters)

    API_TC_48 Execute the DELETE method API by specifying


    payload/body data input with minimum required fields

    API_TC_49 Execute the DELETE method API by specifying


    payload/body data input with maximum fields

    API_TC_50 API ITERATIONS Execute the API for 1 iteration


    API_TC_51 Execute the API for multiple iterations (50, 100, 500,
    1000)
    API_TC_52 Execute the API continuously for multiple iterations to
    check for API throttling

    API_TC_53 Execute the API beyond the SLA limit defined in API
    gateway manager where API throttling is defined
    API_TC_54 RESPONSE HEADERS Execute the API with all available methods (GET,
    TESTING POST, PUT, DELETE)

    API_TC_55 API DATA DRIVEN Execute the API using CSV data, for data driven testing

    API_TC_56 Execute the API using JSON data, for data driven
    testing

    API_TC_57 API RESPONSE TIME Execute the GET method API as per API documentation

    Execute the POST method API as per API


    documentation
    Execute the PUT method API as per API documentation

    Execute the DELETE method API as per API


    documentation
    API_TC_58 API INPUT

    API_TC_59 API INPUT If your API expects numbers in the input, try to send
    values such as negative inumbers, 0, and large digit
    numbers

    API_TC_60 API AUTOMATION Create monitors and auto schedule API test execution
    everyday and publish API test report
    TESTING TECHNIQUE WHAT TO VALIDATE FOR
    POSITIVE (i) Validate data accuracy in response body i.e., the response payload is well-
    formed (schema validation)
    (ii) Validate HTTP status codes returned
    (iii) Validate response time i.e., the API service responds within an expected
    timeframe
    (iv) Validate error codes in case API returns any errors
    NEGATIVE Validate if the reponse error payloads contain the correct error messages, correct
    error status code and no access or API details are provided to the user

    NEGATIVE Validate if the reponse error payloads contain the correct error messages, correct
    error status code and no access or API details are provided to the user

    NEGATIVE Validate if the reponse error payloads contain the correct error messages, correct
    error status code and no access or API details are provided to the user

    NEGATIVE Validate if the reponse error payloads contain the correct error messages, correct
    error status code and no access or API details are provided to the user

    POSITIVE (i) Compare the whole response body content with the expected information
    (ii) Compare each attribute value of the response
    (iii) Compare matching with regular expression
    NEGATIVE Validate if the reponse error payloads contain the correct error messages, correct
    error status code and no access or API details are provided to the user
    NEGATIVE Validate if the reponse error payloads contain the correct error messages, correct
    error status code and no access or API details are provided to the user
    POSITIVE (i) Compare the whole response body content with the expected information
    (ii) Compare each attribute value of the response
    (iii) Compare matching with regular expression
    NEGATIVE Validate if the reponse error payloads contain the correct error messages, correct
    error status code and no access or API details are provided to the user
    NEGATIVE Validate if the reponse error payloads contain the correct error messages, correct
    error status code and no access or API details are provided to the user
    POSITIVE (i) Compare the whole response body content with the expected information
    (ii) Compare each attribute value of the response
    (iii) Compare matching with regular expression
    NEGATIVE Validate if the reponse error payloads contain the correct error messages, correct
    error status code and no access or API details are provided to the user
    NEGATIVE Validate if the reponse error payloads contain the correct error messages, correct
    error status code and no access or API details are provided to the user
    POSITIVE (i) Compare the whole response body content with the expected information
    (ii) Compare each attribute value of the response
    (iii) Compare matching with regular expression
    NEGATIVE Validate if the reponse error payloads contain the correct error messages, correct
    error status code and no access or API details are provided to the user
    NEGATIVE Validate if the reponse error payloads contain the correct error messages, correct
    error status code and no access or API details are provided to the user
    POSITIVE (i) Compare the whole response body content with the expected information
    (ii) Compare each attribute value of the response
    (iii) Compare matching with regular expression
    NEGATIVE Validate if the reponse error payloads contain the correct error messages, correct
    error status code and no access or API details are provided to the user
    NEGATIVE Validate if the reponse error payloads contain the correct error messages, correct
    error status code and no access or API details are provided to the user
    POSITIVE Perform authorization checks
    NEGATIVE Perform authorization checks
    NEGATIVE Perform authorization checks
    NEGATIVE Perform authorization checks
    NEGATIVE Perform authorization checks
    NEGATIVE Perform authorization checks
    NEGATIVE Perform authorization checks
    SECURITY Perform authorization checks

    POSITIVE Send valid json in payload/body, as per API document i.e., the request payload is
    well-formed (schema validation)
    NEGATIVE Send invalid json in payload/body

    NEGATIVE Dont use json in payload/body i.e., payload/body is empty

    NEGATIVE Send valid json in payload/body by writing more fields in the payload which are not
    expected by database/server
    NEGATIVE Send valid json in payload/body by writing less fields in the payload which are not
    expected by database/server

    POSITIVE (i) Compare the whole response body content with the expected information
    (ii) Compare each attribute value of the response
    (iii) Compare matching with regular expression
    POSITIVE (i) Compare the whole response body content with the expected information
    (ii) Compare each attribute value of the response
    (iii) Compare matching with regular expression
    POSITIVE Send valid json in payload/body, as per API document i.e., the request payload is
    well-formed (schema validation)
    NEGATIVE Send invalid json in payload/body

    NEGATIVE Dont use json in payload/body i.e., payload/body is empty

    NEGATIVE Send valid json in payload/body by writing more fields in the payload which are not
    expected by database/server
    NEGATIVE Send valid json in payload/body by writing less fields in the payload which are not
    expected by database/server

    POSITIVE (i) Compare the whole response body content with the expected information
    (ii) Compare each attribute value of the response
    (iii) Compare matching with regular expression
    POSITIVE (i) Compare the whole response body content with the expected information
    (ii) Compare each attribute value of the response
    (iii) Compare matching with regular expression
    POSITIVE Send valid json in payload/body, as per API document i.e., the request payload is
    well-formed (schema validation)
    NEGATIVE Send invalid json in payload/body

    NEGATIVE Dont use json in payload/body i.e., payload/body is empty

    NEGATIVE Send valid json in payload/body by writing more fields in the payload which are not
    expected by database/server
    NEGATIVE Send valid json in payload/body by writing less fields in the payload which are not
    expected by database/server

    POSITIVE (i) Compare the whole response body content with the expected information
    (ii) Compare each attribute value of the response
    (iii) Compare matching with regular expression
    POSITIVE (i) Compare the whole response body content with the expected information
    (ii) Compare each attribute value of the response
    (iii) Compare matching with regular expression
    POSITIVE (i) Validate data accuracy in response body i.e., the response payload is well-
    formed (schema validation)
    (ii) Validate HTTP status codes returned
    (iii) Validate response time i.e., the API service responds within an expected
    timeframe
    (iv) Validate error codes in case API returns any errors
    LOAD TESTING Developers has to rate limit/time-frame defined of the APIs usage per user/per
    access token generated, to improve the application security and performance
    THROTTLE TESTING Developers has to rate limit/time-frame defined of the APIs usage per user/per
    access token generated, to improve the application security and performance ;
    throttling can be applied at user level/minute OR IP-address level/minute

    Validate the response time, response code and response description


    Limit requests (Throttling) to avoid DDoS / brute-force attacks.
    RESPONSE HEADERS (I) Ensure that the response headers doesnt contain access-control-allow-origin set
    TESTING to *
    (ii) Ensure that the response headers doesnt contain access-control-allow-
    credentials set to TRUE
    (iii) Ensure that the response headers doesnt contain access-control-allow-methods
    set to * OR all HTTP methods (GET, POST, PUT, DELETE, OPTIONS, TRACE)

    (iv) Ensure that the response headers doesnt reveal server versions or server header
    details
    (v) Ensure that the response headers doesnt reveal server names
    (vi) Ensure that the response headers doesnt reveal the server details in the x-
    powered-by field
    FUZZ TESTING (i) Validate data accuracy in response body i.e., the response payload is well-
    formed (schema validation)
    (ii) Validate HTTP status codes returned
    (iii) Validate response time i.e., the API service responds within an expected
    timeframe
    (iv) Validate error codes in case API returns any errors
    FUZZ TESTING (i) Validate data accuracy in response body i.e., the response payload is well-
    formed (schema validation)
    (ii) Validate HTTP status codes returned
    (iii) Validate response time i.e., the API service responds within an expected
    timeframe
    (iv) Validate error codes in case API returns any errors
    RESPONSE TIME TESTING Validate response time i.e., the API service responds within an expected timeframe

    RESPONSE TIME TESTING Validate response time i.e., the API service responds within an expected timeframe

    RESPONSE TIME TESTING Validate response time i.e., the API service responds within an expected timeframe

    RESPONSE TIME TESTING Validate response time i.e., the API service responds within an expected timeframe

    INPUT TESTING Use the proper HTTP method according to the operation: GET (read), POST
    (create), PUT/PATCH (replace/update), and DELETE (to delete a record), and
    respond with '405 - Method Not Allowed' if the requested method isn't appropriate
    for the requested resource.

    FUZZ TESTING Validate the query parameters for input data range (negative numbers, 0-9)
    (INTEGERS)

    CONTINUOUS TESTING (i) Validate data accuracy in response body i.e., the response payload is well-
    formed (schema validation)
    (ii) Validate HTTP status codes returned
    (iii) Validate response time i.e., the API service responds within an expected
    timeframe
    (iv) Validate error codes in case API returns any errors

    You might also like