Applications which are built over cloud primarily utilize Web Services for integration with its web, mobile application and third party applications. The communication is mostly done via API functions executed in a secure environment. Payment gateways are the most common examples of such applications. And when we talk about a secure environment the need for an extensive test coverage over API’s begins. This is mostly done on the service provider side as its failure to function can lead to integration losses and breach of security.
Though there are many areas to be focused for testing these API’s, we can look in for some major ones.
Authentication
Almost every webservice now a days implements more secure authentication mechanism known as Two factor authorization (Commonly called as OAuth2). In verification of such authentication process, an authentication token is generated for valid inputs of user, if the inputs did not meet the required data then, the verification fails, for repeated failures the account is sometimes locked for a specified amount of time from backend. With a successful authentication of user an authentication token will be generated, this token is further used for validating the different available functions in the API of the AUT.
While designing tests for authentication the lifetime of generated token, response and valid/invalid inputs in request should be considered as major areas of focus. Boundary conditions in requests will help in verification of major areas of failures for API
Workflows
Now a days the applications built over cloud supports workflows and complex business scenarios. For testing such workflows API functions should be tested in the appropriate sequence as required in the workflow, it is always advisable to develop a framework which can support such sequences for a complete coverage of workflow. This will help in verification of the workflows of application as well as its response towards the requests been made. This way a majority of high level functionality will be tested and a considerable time will be saved for fixing defects.
Verification on Web-Interface
Cloud applications communicate through API’s and their output or results becomes visible in their web-interface in some cases. Examples like Facebook , whatsapp, Instagram etc. These applications communicate through webservices and their Desktop/PC/Mobile version takes the advantages of API functions to modify the content which is again visible as a result.
For testing such scenarios, an automation framework which can handle UI interface like Selenium, UFT, should be developed. This will in return help in reducing the manual efforts required for tests, further improving the release cycles.
