5. API Testing
API testing ensures that backend services function correctly, securely, and reliably before and after frontend integration.
It helps identify issues earlier in the development cycle and improves system stability.
A. Pre-Integration API Testing
1. Contract Validation
API contracts are reviewed against the product requirements before frontend integration begins.
This includes validating:
- Endpoint names
- Request structures
- Response structures
- Required fields
- Optional fields
- Error responses
- Validation rules
Any mismatch between the API specification and business requirements is reported immediately.
2. Endpoint Availability
All required endpoints are tested to confirm:
- They are accessible
- The environment is stable
- Authentication works correctly
- Expected responses are returned
Unavailable endpoints are identified early to avoid blocking frontend testing later.
3. Authentication Scenarios
Authentication and authorisation testing includes:
- Valid tokens
- Expired tokens
- Invalid tokens
- Missing headers
- Incorrect token types
- Role-based permissions
The API should return correct status codes such as:
- 401 Unauthorized
- 403 Forbidden
This ensures proper security enforcement.
4. Response Structure
API responses are validated carefully.
This includes checking:
- Field names
- Data types
- Nesting levels
- Required keys
- Object structures
- Array structures
The frontend relies on consistent response structures, so even small mismatches can create UI failures.
5. HTTP Status Code Coverage
Each endpoint is tested against expected status code scenarios.
Common validations include:
- 200 OK
- 201 Created
- 400 Bad Request
- 401 Unauthorized
- 403 Forbidden
- 404 Not Found
- 422 Validation Error
- 500 Internal Server Error
The response behaviour should remain predictable and meaningful.
6. Required vs Optional Fields
Field validation testing ensures:
- Missing required fields trigger proper validation errors
- Optional fields do not break requests when omitted
- Error messages remain meaningful
This helps maintain strong backend validation.
7. Pagination
Pagination behaviour is tested carefully for large datasets.
Validation includes:
- First page handling
- Last page handling
- Empty page handling
- page_size behaviour
- total_count accuracy
- next/previous cursor logic
Pagination bugs can easily cause missing or duplicated data.
8. Filtering & Sorting
All filters and sorting combinations are tested.
Testing verifies:
- Correct records are returned
- Sorting order is accurate
- Combined filters work properly
- Invalid filter values are handled safely
This helps ensure reliable data presentation on the frontend.
9. File Upload Constraints
File upload APIs are tested for:
- Maximum file size
- Allowed file formats
- Maximum attachment limits
- Invalid file handling
- Duplicate uploads
Validation should occur both on the frontend and backend.
10. Response Time Baselining
API performance is monitored by measuring response times.
This includes:
- Average response duration
- Slow endpoints
- Timeout scenarios
- Large payload behaviour
Endpoints exceeding acceptable thresholds are flagged for optimisation.
B. Post-Integration API Testing
1. UI ↔ API Payload Comparison
After frontend integration, the payload sent from the UI is validated.
Testing includes:
- Request body verification
- Query parameter validation
- Header validation
- User input mapping
Browser DevTools are used to inspect requests in the Network tab.
2. UI ↔ API Response Comparison
API responses are compared directly against UI rendering.
Testing verifies:
- Correct data display
- Correct formatting
- Missing field handling
- Data consistency
- Real-time updates
This helps ensure frontend and backend integration accuracy.
3. Error Message Propagation
Backend error responses should be displayed in a user-friendly way.
Testing ensures:
- Raw server errors are hidden
- Users receive understandable messages
- Error states match design expectations
- Sensitive system details are not exposed
4. Concurrent Request Handling
Simultaneous actions are tested from multiple sessions or devices.
This helps validate:
- Race condition handling
- Data consistency
- Duplicate prevention
- Locking mechanisms
Concurrent request testing is especially important for collaborative or transactional systems.
5. Token Refresh
Authentication token expiry scenarios are tested.
Validation ensures:
- Tokens refresh automatically
- Users remain logged in when expected
- Sessions do not break unexpectedly
- Expired sessions redirect correctly
A smooth token refresh process improves user experience and session reliability.