Lack of access to all application components is the biggest barrier to excellent API testing, and cultural issues make it the hardest one to conquer, said Spencer Debrosse, solution architect manager for Parasoft, at DeveloperWeek in San Francisco recently.
Ensuring API integrity is difficult in today's complex application cloud, on-premises and hybrid environment scenarios, said Debrosse. At Parasoft, an API test and development solutions vendor, he spends his days discovering businesses' software development problems. In this interview, he describes the API testing issues he's encountered and how automation and a DevOps team approach can address them.
What makes testing APIs challenging?
Spencer Debrosse: When you're building an application, you're not just using your own APIs or your own internal applications. Instead, you have to address a wide variety of endpoints and APIs and databases. We see lots of industry-specific, third-party API integration. For example, in the hospitality and airline industry, Sabre is common; in retail, credit card/address API verification is common.
If I integrate with Facebook or integrate with other applications, how can I tell if those APIs are in the state that I need them to be in, are available on my release schedule and are going to be functioning the way that I need?
That's really why availability's a constant problem, because we have all these pieces that are moving. Developers, as well as testers and QA architects, need to get all those pieces in sync for the test release test schedule.
How does a business's organizational structure hamper API testing?
Debrosse: Access to internal resources can be a challenge. Frequently, all of these different systems are politically controlled by different groups. If I'm a developer using a public API, I'm usually working in an organizational environment containing lots of groups that I rely on. It's not just my own development effort. Also, IT resources are used by many groups, all demanding access. There could be other internal teams that have access to/control over the applications I rely on. Many financial organizations face internal testing bottlenecks associated with mainframe access, for example.
Learn more about the value of API management
Discover how to make the most of APIs
In another example, as a developer, I may rely on a database maintained by a DBA on a separate team. Or I could rely on an API maintained by a different group of developers (and these developers may or may not be part of my organization). This disconnect between who needs an API for testing and who controls the API means that my test environment will commonly be a bottleneck in my development or QA process.
Is testing APIs more difficult from the availability standpoint than testing software, or are there no differences?
Debrosse: The increased focus on mobile development and interconnectivity of applications means that testing in just about any application development project will rely heavily on API integration. So, more API testing is being done than in the past, and that adds another layer of work for quality assurance teams. Otherwise, there is little difference in resource availability problems for API and application testers in modern development.
How are development organizations addressing this API test problem?
Debrosse: From a process standpoint, they're using DevOps to provide more collaboration and fewer constraints for API testers. DevOps, in particular, facilitates test-driven development, where testing is done more frequently and earlier. From a business perspective, test-driven development means less risk.
Which technologies drive API testing improvements?
Debrosse: Increased test automation reduces pressure on API testers, who are being asked to do more as the speed of the software development lifecycle (SDLC) accelerates. It means that bugs are identified quickly and early in the SDLC when they are likely less expensive to correct.
Automation gives DevOps teams speedy access to resources. For example, managers and high-level individuals in an organization have to monitor the health of development projects. They have to make decisions about, say, when the quality impact of not removing a defect or bug in an application is worth delaying a release. Manually digging for that information is so time-consuming and haphazard.
Automation also can help ensure that our test environment is available and ready before a set of regression tests are executed. Technology like service virtualization is critical for this type of automation.
With automation testers, we can perform a large number of validations very quickly at an early stage in the SDLC. This means we can identify problems at a stage when they're very cheap to fix. In other words, automation allows us to 'shift left.'
In this case, it takes two to tango.
Debrosse: Yes. Automated test-driven development systems help manager quickly capture enough data to make intelligent business decisions. A DevOps culture can remove the debilitating environmental constraints that prevent an organization from automating processes.