Automation for API- easy and important

Hi everyone, my name is Nati and I work at Cooladata - the company that provides the best solution for behavioral analytics.

Cooladata provides a lot of APIs to both our customers and developers.
Therefore, I created an api automation for all our APIs, and wanted to share some tips and conclusions that I took away from the experience:

Api automation should be for backEnd and for frontEnd(server side)
When I created api automation for the backEnd, I saw that our server in the frontEnd also uses a lot of APIs, so I decided to create an automation API for the server side of the frontEnd as well - it makes it easier discover problems improves the coverage and reliability of the tests.

How to collect all the APIs of your product
Well, basically, you can ask the developers to provide all the APIs that they created, but they will have to dig into the code in order to get it to you.
But guess what? You don’t really need all the APIs.
What I did was to run all over our application and to collect every new api I ran into, and then I also asked from CS to bring me every api that our customers are using. That's how I collected all the APIs I needed for to create automation APIs for our product.

Which tool to use
I’m sure that there are a lot of tools out there for api automation, I’m using “VREST” and "Postman"
I find this tool very effective, reasonably priced, has really great features, and also has a good support team

This tool provides you with response validation, which is the most important thing to have when you need to build automation for APIs. You want to make sure that the response of the API doesn’t change after every change of the code.

Think of all the edge cases that an API can have
It’s really important to cover all possible API edge cases, not just sanity, but also error handling, functionality, etc.
APIs are really easy to test so that’s why we want to cover all parts of the APIs

Don’t trust only on API status response
As you all know, api response has a status, 200, 400, etc..
You’ll never really know for sure if the API response is good if the status is correct.
I’ll give you an example:
Let’s say I have an API that if a user tries to run it without permission, the status would be 400 and the response needs to be something like: “Sorry you don’t have permission to access this information.”
But after a deployment of server, the response has changed to: “Fail” but the status stays at 400 and went only on the status. The next time a customer will run this API, he won’t understand why this API doesn’t work for him.

These were my tips on how to create a successful and reliable API automation. I hope you find this helpful, and remember - API automation is important and easy.