Overcoming API Testing Challenges

How well does your team balance risk mitigation with ROI in your testing processes?

software-testing

Writing APIs to enable data sharing with a database or third-party service has become a common part of providing full-featured solutions. So, API testing, analyzing the business logic, security, and data responses between applications, has become integral to ISV operations.

April Dagonese, Senior Director, Product Growth at Foursquare, shares her insights into the challenges that ISVs face with API testing and prioritization.

Why is getting API testing right critical for software development/ISV teams?

Dagonese: API testing is always a critical aspect of developing high-quality, reliable software. If it’s more critical than ever in 2024 it’s because the technical complexity of our world continues to grow exponentially, and testing must expand alongside it. AI is an obvious example of this trend; while it can abstract away complex layers of software development, those layers still need to be understood well enough to test and troubleshoot.

What are some of the most important things to consider when planning API testing?

Dagonese: One of the big challenges of testing an API is anticipating all the different ways it could be broken or violated. You’re not just testing to make sure the API does what it’s supposed to do, you’re also trying to guard against the unknown. The best practice is to cast the widest net you can with testing. Basic contract testing ensures the API upholds the stated behaviors published in your documentation, and that should include error handling and testing edge cases like boundary value inputs and parameter combinations. You want version and regression testing to protect your own ability to modify the API. And you want to automate as much as possible to guarantee that your tests get written, updated, and executed while relying as little as possible on human memory or availability.

Where do most organizations struggle with API testing?

Dagonese: The most common struggle I see is taking the time to prioritize testing when it means having to say no to other work to do so. Testing is a risk mitigation strategy that must be prioritized, yet it is easy to forego when you’re focused heavily on getting a product to market or customers are demanding new features. How much testing an organization prioritizes is often a decision made at the leadership and planning levels. But individual engineers and teams can help by being vocal about risks and empowering leadership to make good decisions for the organization.

Are there particular types of testing that create more of a challenge?

Dagonese: Every type of testing can pose its own challenges. Integration testing across complex dependencies or environments takes a high degree of up-front investment to get right. Testing under heavy load often requires third-party services in order to be both efficient and realistic. Security testing requires fairly specialized knowledge in order to replicate real-world risks.

We never get the chance to test everything as well as we’d like, so the real challenge is in deciding what to prioritize and what risk to accept.

Jay McCall

Jay McCall is an editor and journalist with 20 years of writing experience for B2B IT solution providers. Jay is a cofounder of Managed Services Journal and DevPro Journal.


Zebra Workstation Connect
Jay McCall

Jay McCall is an editor and journalist with 20 years of writing experience for B2B IT solution providers. Jay is a cofounder of Managed Services Journal and DevPro Journal.