API Test Automation Using API Collection

Modified on Thu, 7 Aug at 3:05 PM


TABLE OF CONTENTS

1. Overview

2. API Test Automation When API Details are Captured Using algoQA API Collection

3. API Automation Limitations 


1. Overview

This topic provides how to automate an API by leveraging algoQA platform when API details are captured from an API collection using algoQA API forms. To create API collection using algoQA API forms, click here.


Tip: Alternatively, if you wish to automate an API by leveraging algoQA platform when API details are captured from an API collection, such as Postman, install the Postman app for different operating systems, such as Windows, Linux and Mac by clicking here.

Upon installing Postman App, create an API collection and include all the necessary requests to perform user actions.


2. API Test Automation When API Details are Captured Using algoQA API Collection

  • User actions and HTTP Methods:
    API endpoints correspond to specific user actions, and different HTTP methods indicate the type of operation you want to perform on these endpoints.
  • Example:
    Consider the following example using user actions to access the profile and their corresponding HTTP methods, such as POST, GET, PATCH, OPTIONS and DELETE
APIHTTP Methods to call API 
LoginPOST
Create a profilePOST
Access the profile GET
Update the profilePATCH
Lists the supported HTTPS methods OPTIONS 
Delete a ProfileDELETE


Perform the following:

  1. Creating a Project: 
    • Name your project as "API Automation using algoQA collection."
    • Select "API Automation."
    • Click "Create" to initiate the project setup.
  2. Uploading an API collection:
    Click on upload icon to import collection.
  3. Executing the API Automation Test Cases
    1. Let us validate the HTTP method details to log in a user using the POST method, save it and click Send to execute it. Enter the URL, if required you can add parameters in Key and Value text boxes by clicking the plus icon, select the Authorization as Bearer Token in the Authorization tab and add the appropriate parameters. In the Body tab, pass the request body and click Send.


      Tip: If you have selected 'No Auth' in the Authorization tab, then you can provide Bearer token and the Authorization key in the Header tab. 

      You can find and confirm the execution status in green.
      • Understanding the example:
        In the provided example:
      • Endpoint: /api/login is the endpoint or URL where the login functionality is implemented.
      • HTTP Method: POST is used to submit user credentials.
      • Request Body: The username and password are included in the JSON file that is part of the request body.
        Similarly, you can configure PUT HTTP method is used to change an existing resource with new information, or make a new  if it’s not there
    2. Let us validate the HTTP method details to update user details, such as user_ID using the PATCH method, save it and click Send to execute it. Enter the URL, if required you can add parameters in Key and Value text boxes by clicking the plus icon, select the Authorization as Bearer Token in the Authorization tab and add the appropriate parameters. In the Body tab, pass the request body and click Send. You can confirm the execution status in green.
      • Understanding the example:
        In the provided example:
      • Endpoint: /api/users/{user_ID} is the endpoint or URL where the login functionality is implemented.
      • HTTP Method: PATCH is used to update user specific information.
      • Request Body: The user_ID and Job title are included in the JSON file that is part of the request body.
    3. Let us validate the OPTIONS method which is used to query a server to find out what actions or operations can be performed on a particular resource, save it and click Send to execute it. You need to specify the URL of the resource you want to query.  You can confirm the execution status in green.
      • Understanding the example:
        In the provided example:
        • Endpoint: https://cloud.iexapis.com/stable/stock/AAPL/quote?token=YOUR_API_KEY is the endpoint or URL 
        • HTTP Method: OPTIONS is used.
    4. Let us validate the HTTP method details to update user details, such as user_ID and using the DELETE method, save it and click Send to execute it. Enter the URL, if required you can add parameters in Key and Value text boxes by clicking the plus icon, select the Authorization as Bearer Token in the Authorization tab and add the appropriate parameters. In the Body tab, pass the request body and click Send. You can confirm the execution status in green.
      • Understanding the example: The DELETE HTTP method asks the server to delete a specified resource.
        In the provided example:
        • Endpoint:https://algoshack.net/apiautomation/project/deleteApi/17961 is the endpoint or URL 
        • HTTP Method: DELETE is used.
        • Request body which will be deleted is
          {
          "projectId": "15772"
          }
        • When the record is delete and 401 unauthorized error is displayed.

  4. If you are adding environmental variable for a particular API collection, it will be generated in a separate file named  TestDataEnv.json within your test cases.
    TestDataEnv.json is a configuration file used to store user-defined environment variables. It allows you to manage and access these variables from a single location. For more information on how to update environmental variables and generating a separate environmental file, see Updating Environmental Variables and Generating a Separate File.

  5. Generating the Test Automation Scripts 
    1. In the left panel, select the appropriate folder to view the sequence. Select the user actions and click the Generate Scripts button (To access side panel, refer to step 2 - 'Uploading an API collection' section). 
    2. If you wish to generate negative scenarios, you can upload a dataset in CSV format. Ensure that you select the same scenario that was created using the Follow Me feature. When you check the dataset option, this feature allows you to generate datasets that were uploaded recently. When unchecked, the system will generate default datasets. To access the 'Upload Dataset' option, click the More Menu option and select 'Upload Dataset'.
      In the API generate script screen, Select Request Name, Check Data Set option and click Generate Script. After generating the scripts, click More Menu () to view Download Data Set button.Upon clicking, system will create a template in the spreadsheet format for you to update your inputs. In this template, you can add Request URL, API header, API Request and API Output.
      When you upload a dataset for a negative test case and wish to generate a separate YML file, then refer to the article Options for Generating Test Data in a Separate YAML File.

  6. In the negative scenario verification, it ensures that the API enforces permissions by returning a 403 Forbidden status when an authenticated user tries to access a resource they are not allowed to access.
    Verify that an API returns a 403 Forbidden response when a user attempts to access a resource they do not have permission access, even if they are authenticated.
    Additionally, when you pass parameters in key and value as username and 'na' it will reflect in the Feature File.
    Note that while generating test cases for negative test data, in the script generation screen, click edit to view Data Generation tab. In this Data Generation tab, select the Yes option to view the parameters listed. Options available are URL, Params, Authorization, Header and Body. By default, all the options are selected. You can choose the options as required. Negative test cases are generated only for URL, Header and Body.
    Report will be generated
  7. If needed, you can rearrange the sequence with drag-and-drop functionality and click the Update Sequence button.
    If you wish to update the sequence in the left pane, then perform the following:


    Uncheck the 'Select All' check box if it is checked. You can use drag-and-drop functionality to rearrange the steps and click Update Sequence button.
    Note that the sequence updated for a particular collection in the script generation screen, it will reflect in the Create API screen. You can click back arrow and verify if the changes are reflecting.If you move to a different API collection without saving the changes after rearranging the request names, the system will alert you stating to update the sequence.
    Navigate to the Test Cases to access the Feature File. You can view all the generated files and delete the ones created on that specific day.
    A system generated Feature File can be viewed and downloaded.The system analyses the Test Cases and then generates the script.
  8. Downloading the Script
    Navigate to Test Scripts and click on download icon besides the desired script save in your local folder.
  9. Executing the Test Automation Script
    • Navigate to the same folder described in the previous step. Run the following command to trigger the script.
      mvn test
    • Build success message will be displayed and you can view the respective report.



3. API Automation Limitations 


Important Notice Regarding Backend Server Requirements

  • Our API Testing Platform is served over HTTPS and does not support testing APIs hosted on localhost or servers using session-based authentication (e.g., session cookies) in the following cases:
  •   When the backend server is running on localhost or behind HTTP without HTTPS.
  •   When session-based authentication relies on browser-managed cookies (such as Set-Cookie headers with session tokens).

This limitation is due to browser CORS (Cross-Origin Resource Sharing) and cookie security policies that:

  •  Block insecure http://localhost API calls from an https:// site.
  •  Do not send or accept cookies without proper cross-origin credentials (Access-Control-Allow-Credentials, secure cookies, etc.).

For testing such APIs, consider:

  • Hosting your backend on a secure public domain (with HTTPS).
  • Using token-based authentication (e.g., JWT) instead of session cookies.
  • If you attempt to test an API that relies on session cookies from a local or insecure origin, the request may fail silently or with CORS/authentication errors.










Was this article helpful?

That’s Great!

Thank you for your feedback

Sorry! We couldn't be helpful

Thank you for your feedback

Let us know how can we improve this article!

Select at least one of the reasons
CAPTCHA verification is required.

Feedback sent

We appreciate your effort and will try to fix the article