Top API Testing Examples You Need To Try Today
API testing is the process of verifying the functionality, performance, and security of application programming interfaces (APIs). Effective testing of APIs ensures that data flows properly between systems and that services respond as expected under various conditions. It plays a vital role in delivering stable and high-performing applications.
APIs have progressed significantly from their initial middleware roots, emerging as an indispensable component of modern business technology. The growth and maturation of API technology have spurred greater innovation and the establishment of a thriving API-driven economy. However, this acceleration in innovation is not without its challenges. The rising number of consumers who depend on APIs for seamless and secure communication between various applications has amplified the reliance on these interfaces. Consequently, there is a growing demand for IT infrastructure to facilitate the effective and timely execution of API calls.
To address these needs, APIs have undergone further evolution, incorporating features such as logging, limiting, and auditing capabilities. Enhanced security controls, administration consoles, and developer portals are now an integral part of the API ecosystem. These advancements have ensured that the integration of internal applications, systems, and data sources is not only technically viable but also implemented in a way that mitigates some of the associated risks, especially when dealing with large-scale operations.
API testing and a simple example
API testing ensures that an API functions correctly by verifying its expected behavior. An example scenario for API testing is when a user logs into a food delivery app using their Google account. The app sends an API request to Google to authenticate the user. Testing an API ensures that the login process works correctly by verifying the response status, retrieving user data, and handling errors if incorrect credentials are entered. Scenarios like these can be tested manually or automatically by testers using platforms such as ACCELQ. Next, let us examine the types of API testing methods and API testing examples in detail.
Types of API Testing Methods
Hypertext Transfer Protocol (HTTP) defines how data is to be transmitted between a client and a server. The following HTTP methods define the actions to perform on a resource found by a URL during client-server communication over the World Wide Web.
| Method | Purpose | Example Use Case |
|---|---|---|
| GET | Retrieve data from the server without modifying resources. | GET /products → Fetch all products. |
| POST | Create a new resource or submit data to the server. | POST /users → Register a new user. |
| PUT | Update or replace an existing resource. | PUT /users/123 → Update complete profile. |
| DELETE | Remove a resource from the server. | DELETE /users/123 → Delete user account. |
| PATCH | Partially update an existing resource on the server. | PATCH /users/123 → Update only the email. |
The above methods form the foundation of API interactions to ensure that developers can perform specific actions predictably and efficiently. They also enable resource management, scalability, and maintainability, which are critical for modern applications.
API Testing Examples for Beginners (Using cURL)
cURL (client URL) is a command-line tool used to transfer data via various network protocols. It is available on Windows, macOS, and Linux.
cURL operates through a command-line interface (CLI) and supports protocols such as HTTP, HTTPS, FTP, and SMTP. This flexibility makes it highly effective for API testing, downloading files, and interacting directly with web servers. Let’s examine commands and installing cURL.
Open a command-line terminal on your computer. To send a GET request, enter the following command: curl -X GET https://jsonplaceholder.typicode.com/posts/1
In the above command, -X is used to specify an HTTP verb (e.g., GET, POST, DELETE, etc.).
To send a POST request, use the following command: curl -X POST https://jsonplaceholder.typicode.com/posts -H “Content-Type: application/json” -d “{\”title\”: \”foo\”,\”body\”:\”bar\”,\”userId\”:1}”
In the command above, the -H option is for setting the headers. Content-Type represents the type of content in the request body (in this case, it is json). -d denotes the request body. (\“ is used to escape the “.)
To output your requests to a file using the cURL command with the -o option, use the following command: curl -X GET https://jsonplaceholder.typicode.com/posts/2 -o response.json
The cURL command should be pre-installed by default on most Linux operating systems. If not, follow the steps below to install it:
- To check whether it is configured, open Terminal or connect via SSH if you use a remote virtual private server platform.
- After accessing your system’s CLI, run the command: curl –version to check if cURL is installed.
- If your system has cURL, the CLI will return the installed version number. Or else, you will get a command not found error.
- To install it, run the following two commands subsequently: 1. sudo apt update && sudo apt upgrade, and 2. sudo apt install curl. Remember to replace apt with the right package manager based on your Linux operating system.
Sample API Test Cases To Try
API is the backbone of modern applications. If you are trying to test APIs and don’t know where to start, go through the 15 test cases below for API testing that you can use for reference.
API Functional Testing Test Cases:
- Input data validation with malformed data: Test the API input validation by submitting malformed data, such as an invalid email format, to confirm that it properly responds and rejects the inputs.
- Handling error: Evaluate the API’s error-handling capabilities by causing errors like invalid inputs to confirm that it returns meaningful error messages for troubleshooting.
- CRUD: Verify that the API supports a variety of HTTP methods for Create, Read, Update, and Delete operations to return appropriate responses for each.
- Status code validation: Confirms the API returns the correct status codes, such as 200 for success, and 404 for not found.
- Timeout handling under load: Confirm that the API handles timeouts by simulating requests that take longer to process to ensure that it remains responsive and doesn’t hang.
- Data Accuracy: Ensures the API returns accurate and required data.
API Regression Testing Test Cases:
- Automated regression suite: Maintain and run an automated test suites to quickly find any issues introduced by new changes.
- Integration Testing: Test the API’s interactions with other systems and services to ensure they work smoothly.
API Usability Testing Test Case:
- Consistent naming conventions: Check that the API uses consistent naming conventions for endpoints and parameters.
API Performance Testing Test Cases:
- Stress Testing: Send a huge number of parallel requests to the API to assess performance under heavy load.
- Response time: Measure the API response time under normal and peak loads.
API Security Testing Test Cases:
- Input validation: Test for vulnerabilities like SQL injection and ensure the API properly validates all inputs.
- Authentication: Verify that the API meets correct authentication and properly handles invalid credentials.
API Compliance Testing Test Cases:
- Data privacy: Verify that the API handles your data in compliance with privacy laws.
- Industry standards: Ensures the API adheres to industry standards and best practices.
You’ve seen sample API test cases, let us go deeper. Learn how to build scalable strategies, improve test coverage, and optimize performance. Grab your free copy of “Supercharge Your API Testing Efforts” here.
API Test Plan Examples
To illustrate how API test cases can be applied in real-world scenarios, let’s look at two examples of test plans:
Example 1: A healthcare application that needs to comply with HIPAA. Example 2: A customer relationship management (CRM) system integrating with an email service.
| Sections | Example 1 Description | Example 2 Description |
|---|---|---|
| Objective | The Compliance Test Plan aims to ensure software adheres to industry regulations (e.g., HIPAA, GDPR) to avoid penalties for data protection. | Ensure integrated components interact as expected, verifying data flow and module communication. |
| Test Environment | Dedicated compliance test environment mimicking production with necessary configurations (e.g., secure databases). | Dedicated environment simulating production, including integrated systems and necessary tools for monitoring interactions. |
| Roles & Responsibilities | Developers: Fix non-compliant areas. QA Team: Execute tests against regulations. Compliance Officer: Ensure compliance requirements are met. |
Developers: Provide components & address issues. Testers: Execute test cases. Analysts: Validate requirements. |
| Test Strategy | Compliance Checklist: Create test cases based on regulations. Documentation Validation: Ensure documentation meets standards. Security Testing: Validate encryption and data privacy. Audits: Simulate audit workflows. |
Top-down integration, bottom-up integration, and incremental testing. |
| Entry & Exit Criteria | Entry: All compliance documentation available and test environment configured. Exit: All compliance test cases pass and no high-risk violations remain. |
Entry: Components passed unit testing, environment stable and scenarios defined. Exit: Critical issues resolved, test cases executed and documented. |
REST API Testing Examples
REST (Representational State Transfer) is a software design pattern used for web applications. REST API Testing is a web automation testing type that tests RESTful APIs for web applications by sending HTTPS requests. Let us see two REST API testing examples:
Example 1: REST API – User Login Verification
Scenario: Testing the login endpoint of a web application.
Steps:
Send a POST request with valid credentials:
POST //login HTTP/1.1 Host api.example.com
Content-Type: application/json
{
}
"username": "testuser", "password": "Password123"
// Expected Results
Status Code
=
200 OK
The response contains a valid JWT token and user details, including ID, role, and permissions.
Token expiry time is correctly set. For example: 3600 seconds.
Send the same request with invalid credentials.
Status Code = 401 Unauthorized
The response body contains an error message: “Invalid username or password”.
👉 This verifies authentication logic and ensures security is intact.
Example 2: E-commerce API to add an item to the cart
Scenario: Testing the cart add endpoint.
Steps:
Send a POST request to add an item:
{
}
"userId": "12345",
"productId": "SKU-6789",
"quantity": 2
Expected Results:
Status Code 201 Created
=
Response contains confirmation:
{
"cartId": "98765"
"items": [ {
"productId: "SKU-6789",
quantity: 2,
price: 49.99
"totalAmount: 99,98
}],
}
Try adding with an invalid productId.
Status Code = 404 Not Found.
Response: “Product not available”.
👉 This validates core e-commerce functionality, including data integrity and error handling.
Also Read: Types of API protocols
API Security Testing Examples
API security testing is the process of using dynamic application security testing and verb fuzzing techniques. These techniques find security misconfigurations and vulnerabilities in an API. The objective is to ensure that APIs adhere to organizational policy and best practices. As a result, some of the API security testing examples are as follows:
Input Fuzzing:
If someone puts random information into an API until something unexpected happens, it can cause error messages or total crashes. As a result, reveals application vulnerabilities to outside attackers. Therefore, it is crucial to debug and troubleshoot error messages associated with APIs to find risks and resolve issues.
Authorization:
Flaws often result from overly complex access control policies. Or if there is no clear separation between regular and administrative functions. Attackers can exploit these vulnerabilities to gain access to a user’s resources or perform administrative functions.
Injection:
Command injection involves data that is sent to an interpreter from an untrusted source via a query. Attackers can send malicious data to trick the interpreter into executing commands. Or allow the attacker to access data without mandatory authorization.
Extreme Data Exposure:
Developers often rely on the client side to filter the data before displaying it to the user. It can create serious security issues, so data must always be filtered at the server side. Then, only the required information can deliver to the client side.
Rate Limiting:
If access to the API is unlimited, users can use the API as much as they want at any time, potentially preventing other users from accessing the API. API rate limiting can restrict access to users based on the rules and policies of the API owner. It also helps protect against malicious attacks.
Dummy APIs for Testers
Imagine you are developing a shopping app. It needs to show a list of products, but the backend team has not yet finished the API to fetch product data. Without the API, your app cannot show anything, and your work is stuck.
Here is where a dummy API for testing comes into play. A dummy API returns a fixed product list, no matter what you request. With a dummy API, you can design the app interface and test how it handles product data without waiting for the backend. Later, when the real API is ready, you can simply replace the dummy API, and everything works smoothly.
In short, dummy APIs are used to allow front-end developers to build and test the interface without waiting for the backend to be ready. Let us look into some of the dummy APIs that testers can use:
- JSONPlaceholder: It is a free online REST API that you can use whenever you need some fake data.
- ReqRes: An API development platform that offers persistent backend APIs to store data, custom endpoints to test, and a free fake data API for quick development resources.
- DummyJSON: It is your go-to free online REST API for instant generation of placeholder data without the hassle of setting up a server, and is perfect for testing.
- Beeceptor: It simulates rate-limited APIs, aiding in the application development and testing. You can build hourly or daily rate-limited API endpoints and a test application.
- Mocki: It can be used to create, run, and deploy mock APIs to design your API, serve static responses, simulate error scenarios, and remove dependencies on external services.
- Faux: A mock server that helps developers to mock, test, and work with fake APIs that act like the real ones without backend services.
SUGGESTED READ - A Beginner’s Guide to API Virtualization
Conclusion
Implementing comprehensive API Testing Examples is crucial for maintaining robust and secure applications. The examples outlined above provide a solid foundation for building effective testing strategies. In addition, by incorporating the above examples of api test plan, software development teams can improve their API quality and reliability to deliver better user experiences and more stable applications.
Chaithanya M N
Content Writer
A curious individual who is eager to learn and loves to share her knowledge using simple conversational writing skills. While her calling is technology and reading up on marketing updates, she also finds time to pursue her interests in philosophy, dance and music.
You Might Also Like:
How to Test gRPC APIs?
How to Test gRPC APIs?
What are Mocking and Stubbing in API Testing? A Beginner’s Guide
What are Mocking and Stubbing in API Testing? A Beginner’s Guide
API Testing: Benefits, Challenges, & Best Practices for 2025