What is an API?
An API is a specification that acts as an interface for software components.
While most functional testing involves testing a user interface like a web page or a dot net form, API testing bypasses a user interface and communicates directly with an application by making calls to its APIs.
API functional testing allows you to test headless technologies like:
- JMS
- HTTP
- Databases,
- Web services.
This testing technique is sometimes called “headless” testing.
Most headless testing consists of bypassing the UI, sending a request directly to an application's backend or service, and receiving a response while validating the response to ensure things are working as we expect them to.
This simple example is often referred to as a client/server relationship.
A client makes a request by asking for a resource; the request then goes out and finds a server that can fill that request. The server locates the desired resource and sends a response back to the client.
What API Testing Tools Can I Use to Automate API Testing?
Since Selenium is just for browser-based testing, you may wonder which tool to use for Rest and Soap web service-based testing.
Here are some of the popular API testing tools that can be used for Rest and Soap Web Service Testing.
These automation tools are great because, many times, you can leverage one test script to help with API load/stress performance testing, API security testing, and penetration testing.
So let's get to it.
Although there are many great paid options, here are the top free testing tools you should check out for software testing.
Postman
Postman is a rest client that started off as a Chrome browser plugin but recently came out with native versions for both Mac and Windows. They have also recently come out with an AI assistant feature called PostBot.
At a high level, you can use it to send a post request to your web server, and it gives you a response back. It allows you to set up all the headers and cookies your API expects and then check the response when it returns.
- It can be used for both automated and exploratory testing
- Can be run on Mac, Windows, Linux &Chrome Apps
- It has a bunch of integrations, like support for Swagger & RAML formats
- Has Run, Test, Document, and Monitoring Features
- It doesn’t require learning a new language
To hear how Postman is used in the real world for testing video games, check out Amber Race's TestTalks episode on Testing Video Games Using API Automation.
CON: Postman's features have recently become paid options, although they still have a free plan. That's why more testers are migrating to tools like next on our lst Karate.
Karate DSL
Karate allows you to create a test to sequence calls to any web service (SOPA or REST) and assert that the responses are as expected. If you're a tester, this is a very tester-focused tool that doesn't require you to know how to code. This tool has become so popular that we have even created two free test guide courses to get you up to speed on it quickly.
Karate is known for being easy to read and, thus, very maintainable. This is an often overlooked aspect of choosing a test framework because test suites are used for continuous integration as long as the API is live in production.
- It has an easy-to-use human-like syntax
- Can run a test and generate reports like any standard Java project
- A test can be written without any Java knowledge required
- Tests are easy to write, even for non-programmers
Here is an example Karate script:
Feature: TestGuild search Scenario: Search for a keyword on testguild.com Given url 'https://www.testguild.com/' And driver When driver.get Then driver.findElementByCss('#s').input('automation') And driver.findElementByCss('.search-submit').click() And driver.waitForUrl('/?s=automation') Then driver.titleContains('automation')
Feature: TestGuild search Scenario: Search for a keyword on testguild.com
It currently has over 7.6k stars on GitHub.
Dredd
Dredd is an open-source API testing framework that validates API descriptions against backend implementations. It helps developers ensure their APIs work as intended by running automated tests based on API documentation.
By verifying that responses match the expected results, Dredd enhances the reliability and consistency of API deployments. Ideal for RESTful APIs, it supports various API description formats like Swagger/OpenAPI, API Blueprint, and RAML, making it a versatile tool for maintaining high-quality API services.
Also using Dredd for API testing ensures that your APIs adhere to their defined specifications.
It currently has over 4.2k stars on GitHub.
Step CI
New to our list is Step CI.
This open-source, self-hosted platform is designed to automate API testing across various languages and API types, including:
- REST
- GraphQL
- gRPC
Step CI offers versatility, allowing configurations via YAML, JSON, or JavaScript. Users can also bring their own test data or generate fake data for testing purposes. And you can perform other cool tests using it, like:
- Fuzz Testing
- Testing ChatGPT
- CO2 Testing
One of its standout features is running multiple tests concurrently without compromising performance.
For those with an OpenAPI specification, tests can be generated directly from it. For more insights, you should explore Step CI's official website, documentation, and GitHub repository.
It currently has over 1.4k stars on GitHub.
SoapUI
SoapUI is a headless functional testing tool from SmartBear software. It comes in two flavors:
- Free, open-source version
- Pro Version
Since the free version is open-source, you can actually gain access to the full source code and modify it as needed.
The free version lets you:
- You can easily create custom code using Groovy
- Drag and Drop Test Creating
- Can create complex scenarios
- Asynchronous Testing
- SoapUI’s Mock Service lets you mimic web services before they are implemented.
The SoapUI Pro version is user-friendly and has additional functionality, including a form editor, an assertion wizard for XPath, and an SQL query builder.
Listen to Mike Giller of Smartbear talk more about SoapUI:
TraceTest
New to our list in 2024 TraceTest takes a unique approach to API Testing compared to the other api automation testing tools open-source listed here.
The innovation it brings is that it utilizing OpenTelemetry and trace-based testing.
This tool is designed to significantly speed up the process of creating integration and end-to-end tests, claiming to reduce the time required from days to minutes. Here's how it differentiates itself from other API testing tools on our list:
- Integration with OpenTelemetry: Tracetest leverages OpenTelemetry to capture traces of API calls and their interactions within a system. This integration allows for a more in-depth analysis and testing of the API and the system's behavior.
- Trace-Based Testing: Unlike traditional API testing tools that may focus solely on the request and response, Tracetest uses trace data to assert the behavior and performance of the API and the underlying services. This includes the ability to assert on the timing of trace spans (e.g., ensuring a database span executes within a certain timeframe) and wildcard assertions across common types of activities (e.g., all gRPC return codes should be 0).
- No Need for Mocks or Fakes: Since Tracetest tests against real data and uses the actual traces of the system, there is no need for the cumbersome setup of mocks or fakes. This can lead to more accurate and reliable tests.
- Support for Multiple Test Triggers: Tracetest allows defining tests through various triggers such as HTTP requests, gRPC requests, and trace IDs. This flexibility accommodates a wide range of testing scenarios and requirements.
- Visual and Programmatic Test Creation: Tests can be built visually through the Web UI or programmatically via YAML, making it accessible for both developers and testers. Additionally, the Tracetest CLI and YAML-based test definition files support GitOps workflows and CI/CD automation.
- OpenTelemetry Instrumentation Analysis: Tracetest not only tests APIs but also analyzes the quality of OpenTelemetry instrumentation across the system. This ensures adherence to standards and can help improve observability practices.
- Comprehensive Trace Analysis and Validation: Beyond simple API testing, Tracetest offers features for detailed trace analysis and validation, enforcing OpenTelemetry rules and standards. This can be crucial for systems relying heavily on distributed tracing for observability.
Tracetest's unique value proposition lies in its integration with OpenTelemetry, trace-based testing approach, and comprehensive features that go beyond traditional API testing, offering a more holistic view of a system's behavior and performance.
It currently has over 859 stars on GitHub.
HttpMaster Express
HttpMaster describes itself as a web development and test tool to automate the testing of websites and services. It can be used to test RESTful web services and API applications. HttpMaster also allows you to monitor API responses.
- HttpMaster project offers global options to customize your API request
- Parameter capabilities enable you to include dynamic data with your request
- You can use request chaining to leverage request items to include some data from the previous request with the next request
Rest- Assured
Rest-Assured is an open-source Java Domain-specific language (DSL) that simplifies manual testing of REST service. It simplifies things by eliminating the need to use boilerplate code to test and validate complex responses. It also supports XML and JSON Requests/Responses. This is probably the best-known tool to test rest API.
- Removes the need to create boilerplate code required to interact with a rest service
- Support BDD Given/When/Then syntax
- Integrated seamlessly with Java projects
- Probably the standard for programmatically creating a rest API testing tool script
If you use Java and want a REST API web services library you can use in your framework, Rest-Assured is a good choice. Bas Dijkstra recently also created a C# version.
Johan Haleby, creator of Rest-Assured, shares tips and tricks for getting started with REST testing with Rest-Assured.
RoboHydra Server
Are you looking for API integration testing tools?
RoboHydra is a testing tool for HTTP-based clients (i.e., software that makes HTTP requests). Instead of connecting your clients-under-test to the real server, you connect them to RoboHydra and make RoboHydra respond with whatever you need for each request.
To use RoboHydra to perform, say, navigating to testguild.com and searching for “API automation testing,” you'll need to create a simple proxy server with RoboHydra and then write a test script to perform the search.
- You can test many different kinds of clients
- Written in Javascript, runs under Node
Pyresttest
PyRestTest is a Python-based REST testing and API micro-benchmarking API testing tool.
- You can write your test scripts in basic YAML or JSON config files; no code is needed
- Returns exit codes on failure
- It only works on Mac and Linux
it's easy to get started. All you need to do is install pip install pyresttest
Then Create a YAML test file that, for example, the test will check if the GitHub API returns a 200 status code when requesting public repositories.
--- - config: name: "GitHub API Test" timeout: 5 headers: {'User-Agent': 'PyRestTest'} - test: name: "Get public repositories" url: "https://api.github.com/repositories" method: "GET" expected_status: [200] And run the test: resttest.py https://api.github.com github_api_test.yaml
Airborne
Airborne is an open-source Ruby-based framework built on top of RSpec. RSpec is a popular behavior-driven development (BDD) testing framework in the Ruby ecosystem. Airborne simplifies testing RESTful APIs by providing a set of convenient methods and matchers for making HTTP requests and validating responses.
Key features of Airborne:
- Works with Rack applications like Sinatra and Grape
- Works with APIs written in Rails
- Easy to use: Airborne provides a simple and readable DSL (Domain-Specific Language) that makes it easy for developers and testers to write tests.
- JSON support: Airborne is designed with JSON in mind, making it easy to parse, validate, and manipulate JSON response bodies in your tests.
- Built on RSpec: As Airborne is built on top of RSpec, you can leverage the full power of RSpec matchers and its BDD-style syntax.
- Custom matchers: Airborne includes a set of custom matchers to validate API responses, such as checking the presence of specific keys or validating the types of values in JSON objects.
- Extensible: You can easily extend Airborne by adding custom matchers or using existing RSpec plugins to enhance your API testing experience
To use, all you need to do is use the following gem files
gem install airborne gem install rspec
Then create a test file github_api_spec.rb:
require 'airborne' describe 'GitHub API' do it 'retrieves public repositories' do get 'https://api.github.com/repositories' expect_status(200) expect_json_types('*', id: :integer, name: :string, full_name: :string) end end And then run the test: rspec github_api_spec.rb
It currently has over 1.1k stars on GitHub.
Citrus Framework
I'm unsure why more folks aren't aware of the Citrus Framework. Citrus is an open-source framework that can help you automate integration tests for virtually any messaging protocol or data format. It has nice test results reports as well.
- Works with REST, SOAP, HTTP, JMS, TCP/IP, and more
- Create tests using Java or XML
- Mature – has been around a while
For more info on Citrus and integration testing, check out API Integration Automation Testing With Citrus Framework.
ZeroCode
ZeroCode describes itself on GitHub as a community-developed, free, open source, microservices API automation and load testing framework built using JUnit core runners for HTTP REST, SOAP, Security, Database, Kafka, and much more. Zerocode Open Source enables you to create, change, orchestrate, and maintain your automated test cases declaratively easily.
Here are some benefits of using ZeroCode:
- ZeroCode is built on JUnit core runners (no plugins needed)
- Just your IDE or any JSON editor is enough to drive the tests
- Very easy to write tests – as simple as Postman REST-Client
- You can still do BDD, but without syntax overhead
- Performance testing – Load/Stress generation is quite easy, and existing tests can be reused
- Efficient Reports – You can do a fuzzy search as well as filter by any text, and track by author
It currently has over 815 stars on GitHub.
Katalon Studio
Katalon Studio is an all-in-one test automation solution that supports web, mobile, and API testing. It offers comprehensive features and a user-friendly interface, making it suitable for beginners and experienced testers. Katalon Studio can be used for headless testing to ensure your RESTful and SOAP web services' functionality, reliability, performance, and security.
Some benefits of Katalon Studio are:
- It's not open-sourced, but it is free
- It’s a complete package and framework. So it is easy to install and get working
- Small learning curve
- It has functionality that allows you to test web services and REST APIs
Listen to my interview with Raghav Pal to discover more about Katalon Studio.
JMeter
As you might already know, JMeter was developed for load testing, but many testers also use it for functional API testing and as an API load testing tool as well.
Some benefits of JMeter are:
- Can leverage one script for both API and API Performance testing
- JMeter has been around a while, so it's time-tested
- Easily integrated into CI/CD environments
Tavern
Tavern is a pytest plugin, command-line tool, and Python library for automated testing of APIs. It's designed for testing RESTful APIs. It uses the powerful pytest testing framework to create a simple, concise, and flexible way to write API tests. Tavern allows you to create automated API tests in YAML format, making them easy to read and maintain. Additionally, since Tavern is built on top of pytest, you can leverage pytest's advanced features and plugins to enhance your API testing experience.
-
- Simple, concise, and flexible YAML-based syntax
- Very simple to get started
- Highly customizable for complex tests
- Supports testing RESTful APIs as well as MQTT-based APIs
It currently has over 967 stars on GitHub.
Chakram
Chakram is a REST Javascript API testing tools framework with a BDD testing style and fully exploiting promises. So you can use it for
- HTTP Assertions
- Chakram fully exploits javascript promises
- BDD formatting and hooks
- Very extensible
It currently has over 908 stars on GitHub.
If you read this far, you might ask yourself, “Can't you also use some of the more popular browser automation testing tools for API testing?” The answer is YES, for instance.
Playwright for API testing
You can do API testing using Playwright, although Playwright is primarily designed for end-to-end testing of web applications. Playwright is a Node.js library that automates browser actions, making it perfect for testing web applications in multiple browsers, including Chromium, Firefox, and WebKit. However, you can also use it with other libraries to perform API testing.
Here's an example of how you can perform API testing using Playwright, along with the “axios” library to make API requests:
First, install the required libraries:
npm init -y npm install playwright axios
Create a test file, e.g., api_test.js, and import the required libraries:
const { chromium } = require('playwright'); const axios = require('axios');
Define an async function to perform the API testing:
async function testAPI() { // Launch a browser instance using Playwright const browser = await chromium.launch(); const context = await browser.newContext(); const page = await context.newPage(); // Navigate to the target API URL (replace with your API URL) const apiUrl = 'https://api.example.com/data'; // Use axios to make an API request const response = await axios.get(apiUrl); // Check the response status and data if (response.status === 200 && response.data) { console.log('API Test Passed:', response.data); } else { console.error('API Test Failed:', response.status, response.statusText); } // Close the browser instance await browser.close(); } testAPI();
Remember that this is just one way to perform API testing using Playwright. Playwright is a versatile library that can be combined with many other libraries and frameworks to perform more complex API testing.
On-Demand API Testing Training
What about API testing using Cypress — sure!
Cypress for API Testing
Just like Playwright, Cypres is a popular end-to-end testing framework for web applications. Although Cypress is mainly designed for browser automation and testing web applications, it also provides functionality for testing APIs using the cy.request function.
Here is an example of how that would look
describe('API Test', () => { it('GET request', () => { // Replace with your API URL const apiUrl = 'https://api.example.com/data'; // Make a GET request using Cypress cy.request(apiUrl).then((response) => { // Check the response status and data expect(response.status).to.equal(200); expect(response.body).to.have.property('data'); }); }); });
Top API Testing Tools Recap
I think software testers need to embrace APIs this year, which is why I have so many sessions at this year's Automation Guild to help. Check them out now.
These are the top tools I’ve come across, but tons of SOAP and REST API test tools are popping up everywhere, so I’ll definitely add to this list as time passes.
If one of your favorite API test tools is not listed, please let me know, and I’ll add it.
Regularly following yours blog and reading the articles, it helps to me more passionate about the automation tools and motivates to try and use the tools.
Thank you :)
I’m a big fan of Soap UI. In my latest project I have used it successfully for load testing – what I liked about that was I was reusing my functional tests for load testing. I also used the Pro version for pen testing – again, getting some reuse from my functional tests. It is possible to add security tests with the open source version but I find it a lot more cumbersome.
Great insights related to the API testing tools by Mr. Joe. These will definitely help to deal with API testing. In addition to the mentioned tools, I would like to add the tool named Testing-Whiz. This is a code-less test automation tool for web, API, database, mobile apps, etc. This tool helps you to test whether your application communicates and accesses functions correctly from the Web by effectively verifying the behavior of web services connected to them.
Thanks Patrik – is testing-wiz open source? I left out paid options in favor of open sourced solutions for this list
Hi Tony – I agree I really like SoapUI and have been using for a long time myself
I’m a fan of post man to test out my understanding of contracts and creating collections. My favorite API automation tool is Gatling. It’s marketed as a load testing tool, but it lends itself well to integration/end-to-end testing too. I’ve completely tested business flows from login to cart checkout at the API layer via automation with Gatling.
Hi Joe,
Nice list! It appears I’ve got new things to try out :)
Do you now Restlet Client? It’s a visual tool that lets you create and execute test scenarios. See https://restlet.com/modules/client/
It’s not open source, but offers a lot of features for free (same model as Postman).
JMETER should be on the list. We currently use it for Automated API test.
Great list ! But Joe, is HTTP really master open-source ? It does seem to have a free edition – but appears to be closed-source + commercial.
Very good info about all open source tools..Thanks Joe
Great collection of resources Joe. Thanks for that! Postman is great and simple to use.
I feel you miss powershell on the list
+ 1 line just to import your wsdl
+ 1 line to just send in your request and get your output
+ Installed on all (windows) machines so reusable quickly by all people in your company
+ Easy to learn (google: Powershell API testing)
+ very fast (as you just do all stuff from commandline no UI overhead)
– The scripting language from powershell maybe less easy to learn with cmdlets
https://restlet.com/
Missing Insomnia, https://insomnia.rest/
Cross platform, open source. Beautiful UI.
Thanks for this information……
I need one more help from admin and viewers
little bit I have confusion “Which tool should I use for API testing”
Thanks
Thanks for the tutorial!
I have one question:
Web Services testing is (part of / one type of) API Testing – Am I right?
Why API Testing is called differently (from Web Services Testing).
For me, API Testing is equal to Web Services testing (i did this with Soap UI).
Thanks!
I have put example Ruby code for testing a REST API in my GitHub project:
https://github.com/BurdetteLamar/RubyTest/blob/master/examples/rest_api/RestAPI.md
Hey, we use https://www.runscope.com/ for API testing, because of some limitations we are planning to replace it.
For UI we use Selenium with JAVA. I am searching for API testing tool which provide software-as-a-service.
Please suggest me a good suitable tool for API testing which also has Report generation.
Missing a lot of non-restful Agile and BDD tools including cucumber, fitnesse, and Nested Objects (nestedobjects.com).
Try out zerocode(https://dzone.com/articles/rest-api-testing-using-the-zerocode-json-based-bdd) library to avoid all the boiler plate code in the name of BDD.
Only you need to focus on the request and response contract structure. Rest of the processing is taken care by the framework. No feature files are needed. Simple and light weight library created using Google Jackson and Apache http client. Very very efficient and easy.
I want to test API by POSTMAN tool. But, now i don’t have a website to get API key and values to test. Has Anyone may help me or show me how to get API key from a website ? Thanks a lot !
Does this help you: https://www.youtube.com/watch?v=5rhckGD9sQA
My 2 favorite tools are Karate & Rest-Assured. Nice combo! Thanks for sharing the list.
Hi,
Nice article, can any one suggest me the best tool for security testing.. i am already aware of Readyapi tool.
Dear All,
Please go through Katalon Studio it is great Functional and API Testing tool.
It is free tool.
More user Friendly and great UI for Use.Great Forum where you can discuss your Query
Great Article, I suggest to take a look at Restbird,
https://www.restbird.org
a promising tool for Rest API testing, similar as Postman but for more fexible and powerful. I’m a big fun of its docker deployment and you can store everything in local file system.
Simply pull the dock and test drive
docker pull restbird/rest
I really want to thank you for yet another great informative post, I’m a loyal visitor to this blog and I can’t say how much valuable tips I’ve learned from reading your content. I really appreciate all the hard work you put into this great blog.
Thanks – appreciate that!!
You might consider adding ReqBin to your list – an online API testing and prototyping tool.
With this tool you can test your API by sending REST, SOAP, and HTTP API requests to the server right from your browser, and check the server responses. You can share and discuss your requests online; embed ReqBin widget with request examples on your website; see detailed request timings from different locations. Reqbin has built-in JSON, XML, HTML and CSS validators; 256-bit SSL encryption for all transmitted data.
TIA
Nice, I really appreciate the effort you made to share this knowledge, Thanks for the valuable article. I also went through another article, which is about ‘SoapUI Pro vs. Open-Source Load Testing: Which is Better?’ . I’ll attach the link here for reference – https://softwaretestingboard.com/blogs/soapui-pro-vs-open-source-load-testing-which-is-better/#axzz6euorNEq8