hello all welcome to part 4 of API testing training Series in this session I am going to explain the different advantages of Performing API testing so let's get started so what are the different advantages we get by performing the API testing we already have the UI testing right software testers generally perform the UI testing where user interface of the application is available while we are performing testing for example if I take you to this particular application as you can see on this page there are several UI elements like this buttons Xbox will send all using this UI elements we can perform testing I can type HP here and click on search button and I can see that a hyperlink with this image and all were displayed on the UI and I can confirm that this particular test got passed but still why we have to perform API testing already UI testing is there but still why we have to perform API testing and what are the different advantages we get okay by performing the API testing apart from the UI testing okay so let's let me explain them in detail okay so when I compare UI testing with API testing guys with the help of API testing coverage test coverage will be more okay test coverage will be more I'll explain you okay so for every small action okay this is an example guys uh just to support this statement like testing apis will give you more test coverage than UI testing uh to prove that these are these an example for every small action on the application there is an API in the complex applications okay uh that means if I take you to one website like amazon.com Etc like this okay this is a very complex application guys amazon.com you know right the people a lot of people use around the globe and a lot of functionality features are there in this amazon.com I'll right click somewhere and inspect here and uh I'll go to the network tab and clear out so guys here the requests keep on coming you see these are the under the network tab you see I didn't do anything else but still okay some API requests are going off okay some APA requests are going on you see without my intervention but what if I type something you see the moment I type something some results came and for that you see some suggestion apis are coming here okay if I say am okay some other suggestion API came for each and every small action but small activity also in the complex applications like Amazon okay we are getting this API calls are happening here each and everything is a API call this using suggestion API call is happening here okay that means in complex application what happens generally is for every small action that we take on the application just by typing a small letter also there is an API call going on okay a request is being sent to the API request is being sent to the server of the application okay but in UI testing we don't go to that minute level right we generally don't test that the A and then you know right kind of things we generally don't do but in case of API testing we test each and every small action that is happening okay with the help of this API call so if you are testing apis that means all the small uh for small actions whatever the API calls are there all these actions you are testing one by one okay so testing apis will give you more test coverage than UI testing okay this proves that next one is very important guys earlier testing if you want to perform the testing early okay you just don't want to wait for the developers to give a UI UI built application to you it not all always happens right especially when you go to Agile scrum uh let's go to one of the project most of the projects in the market nowadays use agile sdlc model uh methodology right agile scrum projects there most probably right so 95 of the projects in the market use agile sdlc model under that they use from methodology uh to get the things done okay so how the agile scrum Works generally so here the development I am testing in agile scrum methodology following projects will generally happen in the form of iterations guys this first iteration then second iteration and third iteration then fourth iteration then fifth iteration and so on okay the process will continue here each and every iteration we generally call in agile scrum as a Sprint okay as a Sprint guys okay we generally call this iteration as a Sprint which has a duration of one to four weeks most of the projects will have the duration as four weeks uh two weeks sorry okay two weeks in the two weeks whatever the work that is assigned what are the requirements that are assigned at the beginning of the Sprint need to be completely developed and tested by the team by the end of the Sprint again here some other work will be assigned it should be completed here okay within two weeks the work has to be completed what if so here both the developers testers okay all the people have to do the work let's say the developers uh let's say two weeks means how many days guys uh 10 days okay one day today 10 working days remaining all weekends three four five six seven eight nine iron ten total ten working days are there okay total 10 working days are there so let's assume that developers generally take five days of time one two three four five in five days they have to develop all the requirements okay and give it to the testing team okay remaining five days the testing team has to work let's assume that okay testing team has to test here developers have to work yeah testers have to work let's assume okay so they have uh developers have to give the application for testing here but what happens here is developers may have completed the work in five days but the UI part is not ready user interface is not ready the code is developed code is written for the application but UI is not ready as you can see every page has a UI right for example if I take you to space this particular page has a UI this such functionality the code for the working of the search functionality and search button everything is written by developers but the problem is the user interface like this text box field and the search button and when I click on that the search results that is not ready again the UI developers okay UI developers again have taken let's say uh one two three more days okay three days they have taken five days were taken by developers to write the code three days UI developers have taken to integrate this code with the user interface graphical user interface and finally the testing team is only left with how many days for testing two days can the testing team can complete this work testing in two days if they wait for the UI to be ready no so to solve this problem so where two weeks of duration is there and all so what generally happens in the project C is complex projects is after the development code is ready okay instead of waiting for this UI which generally takes three more desktop would be ready okay instead of waiting for the UI of the application to perform testing the software testers will not wait for this three days okay they want complete five days okay they want a complete five days to perform testing so they will not wait for the UI to be ready rather they will ask the developers to give the apis since the code is ready okay creating the apis application programming interfaces for that code and giving to the testing team it's possible guys okay just in within with this five days now testing team got this apis okay they don't have to wait for the US so testing team till this UI part is ready they'll start testing the apis okay they'll start testing the apis indirectly when you are testing the API application functionality is being tested on the top of that once the UI is added you will perform the UI testing the functionality is working fine on the top of that UI is working fine so in two days they can do the UI testing and in the three days they can do the API testing okay this API testing plus UI testing will complete the testing okay they got the five days for testing here so early testing is possible with the help of API testing okay if the developers have written the code but UI is not ready let's just don't have to wait for the UI rather they can do early testing by taking the apis of this code written by developers and once the API is tested automatically the functionality will be indirectly tested on the top of the functionality you are integrating the UI okay along with the UI again you will check the UI checklist and all and complete the testing in five days so this is how Okay early testing is possible guys okay earlier testing is possible we can test way before the UI is ready we don't have to wait for the developers to integrate the UI with the code rather using the apis we can uh start the testing a bit earlier okay so and also if you have already tested API right uh testing uh testing using UI you see for example search functionality is there okay if I give HP here and click on search button inspector here for example inspect here and go to the network Tab and clear this stuff no apis are there the moment I click on this button you see and API request is being sent this API if I am this API request if I have tested it before this UI is ready if I if I check this API request where search HP and I I got the response okay I got a proper response with the uh this particular product in the search search results here without the help of this UI okay I'll be using the tools like Postman guys okay I'll use the tools like Postman for this kind of testing okay when the UI is not ready assume that this UI is not there okay so this is the API call that is happening let's copy this APA call let's copy this API call and uh let's open the postman tool once I'll show you how early testing is possible assume that this UI user interface is not ready developer has provided you this uh APA request API okay request API URL developer has provided to you okay fine now what we'll do here is uh here I'll click on place and uh say this is uh most probably uh post I guess uh the request method is get get method okay so let's use a geta and give the URL and uh yeah that's it and click on the send button guys the moment I click on the send button what is happening I am getting a response saying 200 okay I got a response also you see I got the response okay search HP uh somewhere here the product also will be coming guys okay the product also will be displayed in the search results uh we can see the preview review here this is uh because you cannot see you can you can do this guys okay and HTML you can do that and uh you can find out whether the product is coming in this response or Not Here There is no UI here okay so this kind of testing if if this is working if this request and uh response is coming correctly that means the internal functionality that is uh developed by the application developers okay by writing the code is working fine so later what's happening on the top of this you are simply integrating the UI that means functionality is already working fine so that means if you have found any defects in the app during the API testing guys there will be a fixed way before the UI is ready and again you don't have to you see uh the testing will become so faster here you are testing because already API testing as part of API testing we have done the functional testing and again you don't have to do a detailed functional testing here simply you will focus more on the UI UI layer where whether the user interface is correct or not and all those stuff rather than just focusing on the functionality okay functionality will be so strong by the time UI testing comes okay because in API testing only functional testing is done that's what I am into convey okay okay these are another advantage of Performing the API testing guys okay okay so more test coverage earlier testing is possible and also same application but on different platforms using same apis no need to rework this is another uh advantage of the apis case okay this is not the advantage of the API testing this advantage of the APS okay same application but on different platforms use same apis so what happens here when you are uh for example you have an application which is available not only on web but also on mobile and desktop okay let's say you have an application which is on web mobile and desktop okay three three platforms it has now let's say you are you are the person who are going to test this particular application on different platforms so now instead of testing the application separately on different platforms before that if you have performed API testing let's say let's say you have performed API testing of the functionality of this application which is available on different platforms if the apis are working for fine automatically these applications which are the same application which is on different platform also will work fine the functionality will work fine because web UI apis same web UI apis are being used in Mobile UI APS because it is the same application the same the apis which are used in web and mobile are used in desktop UI so if you are testing the apis okay if you are testing the apis of the application ultimately most of the testing that need to be done on web mobile and desktop different platforms is already completed okay you just need to check the UI of this particular application in addition but functional device okay same apis are being used if if there is a problem with login here the problem with the login will also be there here okay we'll be testing the login related API and if it is working fine in in web mobile and desktop it will work fine because login API is working fine so that's what I mean to say only UI party you have to take care of okay it will reduce your time of testing also examples for some applications which are available on different platforms MS office if you take guys it's available on it will come in your Windows machine it comes in it comes in uh you see like uh online MS Office 365 online is there okay if a mobile also we have this application MS Office applications are there as mobile apps okay they use the same apis guys okay in order to test this each and every application uh instead of testing them in different platforms first first you test the apis of this applications guys that will reduce lot of time for you even WhatsApp application also comes into the same category so hope you guys guys how I hope you guys understood like how API testing is uh okay is making your job easy okay why people prefer API testing okay before moving to the UI testing and what are the different advantages you already are experiencing faster time to resolution guys okay what is the faster time to resolution means uh if you report the defects directly related to API endpoint instead of UI right okay uh it is very easy for example even though the UI is ready okay even though let's say in this application the UI part is ready okay assume that in this application the UI part is ready and somehow when you clicked on HP and clicked on the this particular button uh you are not getting a proper product let's assume that okay you're not getting a proper response uh proper output here so instead of reporting that as a UI level defect uh you have to report that you have to investigate why why you are not getting for example HP product is not coming here some other product is coming let's say okay when I give HP here I click on search button assume that here instead of HP product you are getting some uh Apple product let's say so so how to investigate this problem so right click inspect go to the network tab this out and give HP and click on search button and check the API case okay check the API what request is being sent what response you are getting in the response whether you are getting this uh HP or different thing you check if the problem is there at the API level okay if the problem is at the API level so when you are reporting the defects don't report the defects as a UI okay inform that the API is getting a wrong response okay whatever the underlying API the search button is using right it's getting a wrong product in the response because of the this API response is giving a wrong product the UI is displaying the wrong product here okay so it's not a UI defect okay it's not a UI layer defect it's a API layered effect so you have to mention that okay so by mentioning that what happens is by mentioning that what happens is uh since the API part is not working there is no problem in the uh what you call UI level coding okay UI level coding there is no problem API level coding only okay the server side API level coding only there is a problem so the appropriate development team will work faster in fixing the defect automatically when this is fixed the root root cause is analyzed and we found that API layer itself uh the code is written wrong and it's displaying the wrong search results in the uh uh your in search results so in that case the appropriate developer development team will immediately fix that effect and uh you don't have to do any changes on the UI okay so faster time to resolution faster time to fixing the defects is possible if you can differentiate UI defective with the API defect okay so that's the thing some some developers will be writing the code at the UI level some people will be writing the code at the API level so just to differentiate that for example if you take the mobile application mobile application developers will be there they will be writing the code for the mobile okay to work this code will be actually interacting with the apis and then working internally but you're saying how to differentiate that uh whether that the core the code problem there is a defect in the mobile application code or mobile application layer code or the API layer code so by just checking the API if you are checking the API you don't have to confuse the different type of developers you can report the defects to the appropriate developers okay so the people who are giving you the apis there is a mistake in the API means you have to report the effect against that API which is not working if you fix that effect automatically UI layer will be automatically representing the same and the faster time to fix will happen here in this case okay that's another advantage of Performing the API testing easier test maintenance what is easier test maintenance when you are testing the UI guys for example when you are testing the UI for example if any functionality changes okay for example here instead of login button uh logging instead of login button some continue button game let's say tomorrow or okay the UI changes okay the um may change or instead of having these two Fields there are three Fields coming for login tomorrow okay whatever may be the reason guys Okay so for small changes in the UI the UI testing will change but okay you have to maintain the UI UI right uh UI for UI you will be creating the test cases so you have to modify your test cases here but internally whatever the API is there that will not change so often okay so test maintenance is very easy apis won't generally change ways okay the UI layer which is on the top of the API will uh will change but not apis so lesser maintenance guys easier maintenance because once you create the aps the same apis will be there they will not change because unlike UI UI lot of changes will happen and because of that you have to modify the test case and all but in case of API testing maintenance is very less okay so for faster testing is faster testing means API testing takes less time for example in order for the UI testing to happen here I have to give HP and click on the search button the page has to load the UI but in API okay if I click on send button immediately I'll get the response in seconds in milliseconds I got the response okay if if you together collect hundreds of test cases uh as part of UI and as part of API and uh compare how much time and also if you automate also for example you automated the UI testing and uh you UI test cases and API test cases and run them in very less time you'll get the results from API testing not from the UI test UI testing will take hours while APA testing automation of UI or API testing uh automation of UI testing takes hours okay to give the results whereas automating the API just take minutes guys so within minutes you'll get the results so faster okay for faster testing we can go for API testing but that doesn't mean that UI testing is bad after perform uh I'm only focusing on the advantages of the API testing but after API testing we definitely perform the UI testing guys okay uh this these are the advantages we are getting by performing the API testing and it is also reducing the efforts that we put in the UI testing that's that's what I can say and other thing is bypassing the UI layer validations or restrictions okay bypassing the UI layers validations or restrictions there are some cases where uh uh UI layer will restrict you to do something okay uh UI layer will restrict you to do something uh if you talk about security testing or whatever the thing or uh kind of stuff okay um this kind of things will happen for example if I put a what is that guys okay if I try to give a payload here for example okay a vulnerability payload that hackers will generally give like uh single code or one is equal to one hyphen hyphen like this kind of uh payload okay this is a payload that generally hackers will use guys Okay click on continue uh so you see it's not uh this application is not actually restricting here for example if it is restricting then what is the case kind of thing you have to see uh let's go to Amazon .com we should not be doing this kind of stuff but uh just for the case I am showing sign in and here I am giving yeah I'm giving this one and uh continue okay we can simply they are saying that we cannot find but some cases right uh this is a this kind of code is not allowed kind of thing will come okay for example if I give uh some script here let's say I'll give some script okay alert alert Arun okay like this kind of script I'll give script click on this what's happening it's searching a it's doing a search it's not allow but it's allowing the application is not good okay let's go with Amazon .com amazon.com so this application is not that much uh okay taking care of this kind of script so I'll give the script JavaScript code I'm trying to run in the search box field click on this what's happening let's see uh what's Happening Here is here also searching is happening but what's happening is the script is encoded okay you see here in the URL script alert Arun here percentile to F is coming instead of slash slash is ignored here okay they got somewhat encoded here also same thing guys okay if I have searched for that instead of script it's not executing as it is you see the JavaScript is not getting executed as it is it's converted guys okay but uh some some kind of symbols are added here and because of that the script is not working here okay and if it is if if this particular script got executed means you will get an alert guys okay you'll get an alert with the motor as a text okay so there was a website uh what was the website guys okay uh I just need to remember that website where uh the script is not encoded and uh it works fine okay okay let me find it out uh I'll find it out now okay I got it guys uh that is demo dot testify.net okay let's go to this website let's see whether it's working fine or not so it can't be reached the problem with this site maybe it is down today let me try it again test fire test fire the best website to show you guys but uh so simple guys what happens right the site is not working today that's okay okay let's not worry much so what happens generally is when you provide this kind of JavaScript code inside the boxes like the search boxes on this demo.testify.net right and alert will be coming that means JavaScript is directly running on the that JavaScript is directly running on the application which is a problem because tomorrow what the hacker will do is hacker will simply say you got hacked okay instead of alert message uh you you got hacked like this message they will put and uh they will somehow run the script inside the search box field and you'll get an alert that means this website is not encoding okay it's it's running the JavaScript as it is without encoding if it is encoded right this script will not run for example this application is not running the script okay so that's why you're not getting any alert here okay so here also uh when I'm doing this uh this application is also not giving an alert that means it is taking care of it's handling the security problem so the UI part is handling the problem here here the URL layer is handling the problem by encoding so what if I bypass what if I have I can bypass so API testing can bypass that okay so maybe what we'll do here is uh we'll send that particular script in the API while performing the API right as a okay whatever the API that is whatever the API that is for this for example search APA is like this uh and uh I'll say HP here HP here there is a button guys HP Network clear click on search this is the API request okay this is API request is a get and here search is happening here you see HP is here okay so what we do is in the API layer we can bypass the UI okay bypass the UI from the UI it's handling right I'm not getting any alert if I do script right if I give script tags here if I give script uh alert you got hacked or something like this okay uh then uh Slash script I will say okay so if I give this kind of thing on the UI UI is taking care of that and you see it's handling it properly okay so so but it is displaying here it should not be displayed like this okay it should stop actually uh but uh that's okay but here what I will do is instead of HP I'll give that script okay and click on send so I am bypassing the UI here okay I'm bypassing the UI and seeing what kind of uh things are coming okay whether the alert is being displayed or not like what exactly is happening okay in the HTML code I will see whether any alert got displayed on the page like that I can bypass using the API we can bypass the UI guys okay so we can bypass the UI okay so I can give more examples guys but that will go very deep so let's not worry about that uh using apis we can bypass the UI okay some cases guys uh some cases there will not be any possibility to pass uh some values okay like price or something we cannot change tax information we cannot change in the application but uh using API we can change the tax information if possible and all those kind of testings can be done so by passing the bypassing the UI layer validations or restrictions okay bypassing the UI layer validations are restrictions okay so here uh for example a better example I can give for bypassing guys okay so if I go to the register and here if I give some invalid email address invalid email address and click on continue easy telling us to send a request is a is the API request sent to the server no from the client side only validation is stopping but what I will do here is for this API request I can send this invalid email address I can bypass the UI and send this invalid and email address still to the server request can be sent to the server with invalid email address but here when I try to give the invalid email address here and click on the continue button the UI layer is stopping me okay a request is not sent to the server guys okay you can see that a right-click inspect here go to the network tab hear this stuff and click on continue button you will not see any API request okay you see API request is not happening here because the client side us is uh restricting us to send this in invalid email address to server but what I will do is API testing is whatever the API request is there in that I'll I intentionally provide this invalid email address and hit send button here and see what is the response I am getting from the server okay so for every small thing we should not contact the prime minister right we should only for example there is a problem in our locality where uh the dust whatever the maintenance like ghmc people or whatever the okay so uh you know right uh the people are not throwing the wastage in a proper place and all you want to complain it you cannot complain to the prime minister right prime minister here is server okay so who you need to complain that problem to that uh people are throwing uh some dust around your whole house or something because of which different things are happening so local people local politicians are people you have to complain not to the Prime Minister here here the same thing is happening guys okay here same thing is happening when I when I enter this and click on continue button the the problem is reported to the local people not to the Prime Minister okay by not sending the request to the server server is the prime minister for each and every small thing we should not approach the server but here using API we can bypass that okay we can bypass this restriction in the UI and still hit a request and send all the res uh here in the body we can send the email with invalid format and click on send request will be sent to the server okay server has to process it that means we are unnecessarily disturbing the Prime Minister that is possible so sometimes we do that guys okay so despite of bypassing the UI what should happen in this case guys here email address when in the UI side it is restricting here if the same email address if I send from API what the server should respond server also should have the validation mechanism even though the client is able to handle this okay and by not sending the request to server but if I bypass that the UI part and still send this request to the server the server should be able to process this request and give a proper error message stating that invalid email address okay still it should be there but using UI we are restricting some API request to server we are not making the server too busy okay so by passing the UI layer validations or restrictions is possible with the help of the API testing to see whether server also has validations written for verifying whether the valid email address are invalid email addresses being properly followed okay that's what is the thing so these are the different advantages guys uh that I wanted to explain in detail okay just to just to conclude guys just to revise as a summary or something uh testing apis will give you more test coverage more test coverage than UI Discovery UI testing coverage okay earlier testing is possible you don't have to wait for the UI to be integrated with the code written by the developers okay before the UI is ready uh the apis of the code that is already developed by the developers can be tested with that will give more time for testers okay earlier testing is possible for testers and more time for testers with possible same application but on different platforms use maps if you simplate as the apis which are common across different platforms the more uh you don't have to do much testing across this different platform uh same application which is available across different platform because login if it is working here will also work here here also because of the API okay faster time to resolution that is another Advantage okay so instead of reporting the defects from the functional level from the UI level you you simply state that effect is at the API level so that the appropriate development team can easily fix that effect okay so you're you're finding the root cause and uh which is resulting in faster time to fixing easier test maintenance UI will keep changing on the UI part but apis the on the background which generally don't change okay so uh maintaining them updating them is not so much so much required in APS whereas updating the test cases is required in UI faster testing so when when you automate this API testing and UI testing and run them UI testing will take hours because they have to load the user interface on the pages and then sometimes the network will be slow and the pages will load slower and it will take lot of time uh to uh to Auto uh for the automation of this UI or testing of this year to be done but apis are not like that they don't have any UI guys right as I show you right and I click on send button email response in some seconds milliseconds okay so much faster uisr so faster testing is possible with the help of API testing so bypassing the UI layers validations are restricted last time I told you right in the register page uh the client-side uh validations are there where the requests are not being sent to the server if I provide invalid email address okay invalid format email address but still I can send an invalid format email address via the API by bypassing the UI okay these are the different advantages of Performing the API testing so by doing this bypassing we can see whether server side validation is also there or not okay not only client side but also server side also some problem came but even server has to handle it right so if in case we are bypassing and then by passing the UI and hitting the server also server should be able to even hackers will do the same thing as okay they will try to bypass the UI and try to send this kind of things and see what's happening and they'll take advantage of the things okay so these are the different advantages of Performing the API testing so that's all for this session guys in the next session I am going to cover another topic on the API testing for you till then see you bye bye