REST API testing common issues

Question

I have recently started testing rest based web services. I am wondering what are common issues faced while testing them.

I generally look for

1. response status (http code is among 200/400/500)

2. response headers (cache control, response type, content length )

3. if expected fields / values are present in json response.

I want to know what else to look for and issues in general while testing rest based web services

Answer 1

This is actually a very broad question but, here are the things that I look for while testing rest API's:

1. Response codes, Response headers
2. Check if Authentication/Authorization is correct based on user privileges
3. Check to see if the supplied value can break the output
4. Intentionally pass different Data-Type values to see if proper handling is done or not
5. Use load testing tools to see how many concurrent requests an API can handle

Again these are just a few things that will depend on the type of API you are building. Feel free to add more as you progress.

Answer 2

There are many, but let me share a few that aren't even specifically API issues but a full API integration test will help find it.

We did an integration API test where a publisher's product listing endpoint was hit, and then we randomly picked 100 of those products. Every few weeks we would find a bunch of bad product ID's. How was it possible? They would update the database but the product listing endpoint was cached and had bad information for hours until it was refreshed automatically.

Another time we found an e-commerce company in Brooklyn that, on average, had 3,500 products out of their 50k+ were missing a category. This meant 3,500 products not showing up if you browsed by categories, and potential lost sales.

We have a whole case study of this stuff on our website. Weird and unexpected stuff happens all the time. Test for everything and catch as much as you can. Every object in the payload should be verified, it may seem like overkill but there are platforms that can do all that work for you.

Answer 3

Here are suggestions based on my experience while testing Restful APIs.

1. Make sure that you are validating proprietary headers if you are using with your APIs.
2. Confirm that you are including correct location header in the response so that Rest API caller can use that for verification or for subsequent calls.
3. Check that location header protocol is correct ie as per your design. (http/https). It's very important for subsequent calls.