Parasoft has always had one core mission – simplify test automation – and this is evident in the entire Parasoft tool suite, from static analysis to environment simulation with service virtualization. But the idea of simple has never been more present than in the most recent release of SOAtest. In this release, we removed the complexities associated with API testing by creating a simple and elegant solution to help organizations not only get started with API testing but also lay the foundation for a scalable and maintainable API testing strategy.
A simple statement: make it easy
Our CEO Elizabeth Kolawa had one simple guideline as we discussed developing this new revolutionary test automation idea. She said, “make it easy.” That simple statement turned into a deep analysis of the current challenges associated with testing in the modern era and led to a key realization: the tools in the software testing industry have not been focused on simplicity for the agile world.
Agile is primarily a development-focused activity. In its most basic terms, agile is a software development methodology where typical SDLC activities that would traditionally span over the duration of a project are broken down into much smaller pieces called sprints. Typically, a sprint is 2 to 3 weeks and in a Sprint, development activities are focused on new features and enhancements.
One sprint looks something like this:
A sprint starts with the design and creation phase, where the new functionality is split up into user stories, scoped, and then development immediately starts building something. At the end of the sprint, there may or may not be release activities, but no matter what, feedback is obtained and then another sprint begins and the process repeats itself over and over again.
Agile allows organizations to turn on a dime because the feedback collected during each sprint can be applied to the next sprint and help to guide, shape, and focus the project. This works great for development, but if you look at the test portion of the sprint, it starts to get complicated.
Test does not get access to test the new features and enhancements until well into the Sprint, and for logical reasons. The testing team needs to wait until the development team has built the full functionality, so test is always a little bit behind development right from the beginning.
Test can’t keep pace with development
This problem only intensifies as the sprint continues, due to the most common testing technique used to validate the application, which is by manually interacting with the user interface. This is known as UI testing and it’s the most common testing practice because it’s easy to use – it’s easy to associate actions in the UI with the user story, it’s easy to scale across a large body of testers, and because of record and playback functionality, it’s easy to do an initial round of automation.
But there are many problems with UI testing:
- There are hidden costs that stem from the inefficiency of UI testing. The most fundamental challenge with UI testing is the amount of time it takes for development to fix defects when given a UI test as a reproduction. Typically, as a tester begins the defect discovery process, they start with exploratory testing (methodically searching the application searching for unexpected behavior). When they find a defect, they need to reproduce that for development, which involves writing up “steps to reproduce.” When development receives these instructions, they need to find the version of the application that test is using, stand it up, and go through the steps exercising the UI. If the defect reproduces, they then have to associate that defect with the underlying code to determine the root cause. Development starts working on a fix which requires them to tear apart the application, fix the defect, and then re-build the application before QA can start testing again. This further delays the software delivery process and slows down the whole pipeline.
- UI testing doesn’t comprehensively test an application. Testing at the UI layer validates an application’s process flow end-to-end, but doesn’t necessarily test the entire breadth of the system’s internals. Often when new functionality is introduced into an application, it requires changing or updating existing interfaces. Some of these components may not be accessed when using the new functionality but present significant risks to the organization if they are not tested.
- Test doesn’t have access to the code so is difficult for them to map the actions that they are performing in the UI to the underlying source. As a result, the tests that get built do not provide complete API coverage. Quite often things get missed. When it comes time to run the full regression cycle, critical defects may be uncovered. Often, this late cycle defect-detection leads to significant release delays and raises the total cost of testing.
- It’s difficult to maintain UI automation. A main reason why test struggles to keep pace with development is because too much time is spent managing broken UI tests. In fact, up to 80% of testing time is spent either manually executing the UI tests or fixing automated UI tests that have broken as result of application change.
Typically, they will be able to validate the new features and capabilities, but fall short of complete test coverage.
This is frustrating for a lot of testers, but it’s not their fault. It is just the nature of the beast given the capabilities that exist in the tooling market. The dangerous part is that without these quality practices, defects are leaking into production and eroding the perceived benefit gained from agile.
What about API testing? Can it save agile?
The analysts and industry agree that API testing can more precisely pinpoint the root cause of defects than UI testing because API tests are closer to the code, easier to automate, and more resistant to application change. Also, API tests offer a better form of defect reproduction and communication between development and test because the test artifact represents the convergence of those two areas.
In a recent blog I explored API testing, what it is, and how to build a comprehensive API testing strategy. You can read it to get more information about this extremely effective testing practice.
Testing at the API layer is a great practice for agile specifically, because it enables testers to validate functionality given the compressed timeline, and API tests are highly reusable. Additionally, API tests have the following advantages:
Lower time-to-defect remediation when compared to UI tests
If an API test fails, you can be pretty darn sure you know approximately where to look in the code. Developers love getting API tests from test because they can execute them directly against their application without having to hook up the entire environment. And they can continuously rerun them as they are starting to fix the defect.
The lower time-to-defect remediation means that in general, development can fix a bug faster when provided an API test vs UI test. When considering the time frames involved in agile, this is exactly what we need. Once a defect is discovered, an API test is provided to development, which they can use to find, fix, and validate the defect, all without having to rebuild the entire application, which saves a tremendous amount of time. This is exactly the kind of speed we need for agile
API tests are “automation ready”
APIs represent the invisible communication that takes place behind the scenes of an application. The invisible nature of the communication helps the automation process. There is significantly less complexity involved in getting an application to the point where you can start interfacing with it at the API level than would be required to stand up an application in its entirety so you could operate at the UI level.
As a result, API tests can easily be run in automation at earlier stages of the SDLC. Most of my customers run them at the same time they are running their unit tests as a function of code check-in. These API test runs can also be associated with the bug tracking system in a much easier way so that when defects are resolved, the accompanying API tests can easily be handed back and forth between development and test. This significantly reduces the overall handoff process because instead of filing the defect, providing the steps to reproduce, and then waiting for a new build from development, testers can receive notifications from the bug tracking system that a defect has been resolved and see the automated test cases that validate the resolution. Those API tests can easily be built into a regression suite and reused over and over.
API tests are more resilient to change than UI tests
As a part of our research, we saw that 80% of development time was spent on managing and updating UI tests that had broken as a result of change. Change is a big time killer when it comes to agile, but because of the increased code check-ins and shortened time frames introduced with agile, change is constant.
If an organization has exclusive reliance on UI testing, application change can be devastating because many of the test cases that have been built to validate critical functionality simply stop working. One of the main principles of agile is the ability to turn on a dime, which means that UIs and functionality are changing all the time and the burden of supporting and maintaining those tests can become overwhelming for test teams. On the other hand, API tests don’t even see the UI. APIs also have specific versioning capabilities built in, that allow testers to maintain stability as the application is undergoing change. Additionally, APIs are defined with the service contract that can be leveraged to update test cases as the application undergoes these changes.
API tests can save agile by giving an organization the ability to easily test an application at the earlier stages of development as well as provide an effective communication mechanism between development and test that is highly resistant to change. Organizations that adopt API testing as a fundamental piece of their testing strategy can leverage the agility they provide to really get ahead of the testing challenges.
So why aren’t organizations API testing?
Even with all of the benefits that come from API testing, the industry is still focused on UI testing. We believe this is because testers don’t know how to test the API and/or don’t know how their application is using the APIs. It’s not immediately apparent where to get started API testing an application, and understanding how to assemble all of the “puzzle pieces” together in a meaningful way requires domain knowledge of the application. Since organizations still tend to leverage a centralized testing practice, testers need intimate knowledge of all the different application interfaces and know how to stitch them together properly. It’s not a trivial task.
API testing is still considered no man’s land. In a recent survey, we asked a series of developers and testers who is responsible for API testing in their organization.
- 70% of testers said that development is responsible for API testing.
- Why? “The development team created the APIs and as they were built they should have also built API tests to validate that they work as described”
- 80% of developers said that test is responsible for API testing
- Why? “We created these APIs to be externally facing and documented them with a service contract. The testing team should come in and validate that the APIs work as described”
As you can see, there’s some confusion as to who is ultimately responsible for API testing. We’ve been interested in solving this problem. We believe that API testing is the responsibility of both developers and testers, in different forms, but it is this disconnect that leads to low API test coverage.
Testing at the API level requires specialized skills and tools in order to get comprehensive test coverage. It’s not intuitive. There are tools that exist in the market that are trying to help organizations build an API testing strategy, but the vast majority of them require a high degree of technical expertise to build comprehensive API tests. Additionally, testers still need to understand how the APIs work, which requires domain knowledge. As a result, organizations tend to do the bare minimum for API testing, which is the opposite of what we need for agile.
Artificial Intelligence for Test Automation
Why AI, why now? The only way to solve this industry problem is to build tools that take the complexity out of API testing. We have been working in the software test automation space for three decades, and in that time, we have amassed a lot of data to help us understand what’s required for building a comprehensive API test. Today, artificial intelligence is helping us leverage that expertise to simplify the challenge of API testing for testers across the industry.
The Smart API Test Generator
The new Parasoft SOAtest Smart API Test Generator was built from the ground up to help take the complexity out of API testing. The Smart API Test Generator is a plugin for Chrome that uses artificial intelligence to convert manual UI tests into automated API tests, lowering the technical skills required to adopt API testing and helping organizations build a comprehensive API testing strategy that scales.
So how does it work?
Converts UI activity into Automated API Tests
The Smart Generator monitors background traffic while you’re executing manual tests, analyzes that traffic, and uses artificial intelligence to automatically build a meaningful set of API test scenarios. When building those API tests, the Smart Generator first identifies API calls, then discovers patterns and analyzes the relationships between them, so it can generate complete API testing scenarios, not just a series of API tests.
Reduces the Learning Curve to API Testing
The Smart Generator provides testers with an easy place to start building API tests, so they don’t have to touch the difficult activities associated with manually building API tests, i.e. finding the correct service definition, understanding the data payload, or running a test over and over again to understand the relationships between requests and responses so you can start building assertions.
Instead, the Smart Generator does all of this heavy lifting automatically, based on activity it observes while the tester is using the UI. This helps novice users get a greater understanding of API testing in general because they can map the activities they performed in the UI to the API tests that were created, and build a greater understanding of the relationship between the UI and the underlying API calls, helping drive future API testing efforts.
Helps Users Build Comprehensive API Testing Strategies
Although API testing is one of the most effective software testing practices, many organizations haven’t successfully adopted the practice because it requires specialized skills and tools. To help organizations adopt a comprehensive API testing practice, Parasoft SOAtest provides visual tools that are easy to adopt, enabling API testing beginners to start creating powerful API scenarios in less time than with other tools. The Smart Generator bridges the gap, bringing novice users into the API testing world
So what does this mean?
Agile development helps organizations deliver quality software to market faster, but without needed technology to help organizations fully test their applications at speed, the risks associated with accelerated delivery erode Agile's potential benefits. Now is the time for organizations to get smart about API testing.
A solid API testing strategy will allow organizations to get the most value out of their agile transformations. To make this a reality, testing tools should work for us, and the latest release of Parasoft SOAtest does just that. SOAtest's new Smart API Test Generator lowers the complexity associated with API testing, lowers its adoption barriers, and helps organizations bring in a manageable, maintainable, and scalable test strategy. Try it for yourself!