1 00:00:00,619 --> 00:00:03,199 One of the key things in testing is to 2 00:00:03,199 --> 00:00:05,030 figure out what the risks are, and so in 3 00:00:05,030 --> 00:00:06,500 this video I want to talk a little bit 4 00:00:06,500 --> 00:00:08,148 about some of the risks of using 5 00:00:08,148 --> 00:00:11,450 services and APIs. So one of the key 6 00:00:11,450 --> 00:00:14,150 risks that we have in API testing is the 7 00:00:14,150 --> 00:00:16,428 API changing. So there's a lot of risks 8 00:00:16,428 --> 00:00:18,500 that are specific to any testing that we 9 00:00:18,500 --> 00:00:20,390 do, but with API testing we need to 10 00:00:20,390 --> 00:00:22,460 consider the fact that the APIs can 11 00:00:22,460 --> 00:00:24,770 change. This is especially important if 12 00:00:24,770 --> 00:00:26,539 you're dealing with a third party API, so 13 00:00:26,539 --> 00:00:28,820 an API you don't have control over. What 14 00:00:28,820 --> 00:00:30,800 happens if the version changes? What 15 00:00:30,800 --> 00:00:33,710 happens if something goes on that you 16 00:00:33,710 --> 00:00:35,600 don't know about that causes the 17 00:00:35,600 --> 00:00:37,489 functionality of the API, or the 18 00:00:37,489 --> 00:00:39,440 endpoints or something like that in the 19 00:00:39,440 --> 00:00:42,770 API to change? So considering API changes 20 00:00:42,770 --> 00:00:44,780 is an important risk for us to think 21 00:00:44,780 --> 00:00:47,090 about when we're testing an API. Another 22 00:00:47,090 --> 00:00:49,160 one to think about is availability of an 23 00:00:49,160 --> 00:00:52,309 API. So APIs and the kind that we're 24 00:00:52,309 --> 00:00:54,920 talking about here in this course happen 25 00:00:54,920 --> 00:00:57,379 over the Internet. So you have an 26 00:00:57,379 --> 00:01:00,170 application that is calling the API over 27 00:01:00,170 --> 00:01:01,940 a network of some sort, typically the 28 00:01:01,940 --> 00:01:05,388 internet, and in that case what happens 29 00:01:05,388 --> 00:01:07,850 if the network goes down? What happens if 30 00:01:07,850 --> 00:01:09,740 you send an API call and for some reason 31 00:01:09,740 --> 00:01:11,479 it doesn't come back? What happens if you 32 00:01:11,479 --> 00:01:13,969 send an API call and it can't be sent? So 33 00:01:13,969 --> 00:01:16,369 thinking about the availability of the 34 00:01:16,369 --> 00:01:19,399 network and other factors around APIs 35 00:01:19,399 --> 00:01:21,310 is another important risk to consider. 36 00:01:21,310 --> 00:01:23,090 Another thing that we want to think 37 00:01:23,090 --> 00:01:25,609 about is the timing of responses. So what 38 00:01:25,609 --> 00:01:27,469 happens if a call is out of order? What 39 00:01:27,469 --> 00:01:29,329 happens if a call is really slow and it 40 00:01:29,329 --> 00:01:30,919 takes a long time to come back? And 41 00:01:30,919 --> 00:01:32,719 there's maybe a little overlap here with 42 00:01:32,719 --> 00:01:34,819 availability right, Network issues can 43 00:01:34,819 --> 00:01:37,669 cause things to be slow, but we need to 44 00:01:37,669 --> 00:01:39,020 think about what happens if one calls 45 00:01:39,020 --> 00:01:41,539 fast and another call is slow, and the 46 00:01:41,539 --> 00:01:43,069 calls come back in a different order 47 00:01:43,069 --> 00:01:45,469 than we might expect. So that's another 48 00:01:45,469 --> 00:01:46,999 risk that we need to think about with 49 00:01:46,999 --> 00:01:49,489 API testing, what is the timing of the 50 00:01:49,489 --> 00:01:51,679 responses? What happens to the speed of 51 00:01:51,679 --> 00:01:53,479 the responses? And what happens to the 52 00:01:53,479 --> 00:01:55,069 order that the responses might come back 53 00:01:55,069 --> 00:01:57,109 in? Another one to consider is 54 00:01:57,109 --> 00:02:00,380 performance. Now the reason we want to 55 00:02:00,380 --> 00:02:02,059 think about this carefully with APIs 56 00:02:02,059 --> 00:02:03,319 is that APIs are called 57 00:02:03,319 --> 00:02:06,770 programmatically. So we call them with 58 00:02:06,770 --> 00:02:09,288 code, and that means we can very easily, 59 00:02:09,288 --> 00:02:11,299 sometimes accidentally maybe on purpose, 60 00:02:11,299 --> 00:02:13,430 send a lot of calls in the 61 00:02:13,430 --> 00:02:15,379 short amount of time. So we need to think 62 00:02:15,379 --> 00:02:17,510 about how well does our server handle 63 00:02:17,510 --> 00:02:18,980 getting a lot of calls in a short amount 64 00:02:18,980 --> 00:02:22,040 of time? How well does it scale as the 65 00:02:22,040 --> 00:02:24,500 calls increase? How well can the API 66 00:02:24,500 --> 00:02:26,209 handle it the various parts of the API, 67 00:02:26,209 --> 00:02:28,609 is there areas where we run into 68 00:02:28,609 --> 00:02:30,769 throttling problems, or where we have 69 00:02:30,769 --> 00:02:33,590 issues keeping the performance at the 70 00:02:33,590 --> 00:02:34,879 speed that we needed to be? So 71 00:02:34,879 --> 00:02:36,590 performance is another important 72 00:02:36,590 --> 00:02:38,120 consideration to think about when we're 73 00:02:38,120 --> 00:02:41,299 testing an API. And the last one I have 74 00:02:41,299 --> 00:02:43,459 here on this list is security. Now 75 00:02:43,459 --> 00:02:45,439 security is important anywhere right, 76 00:02:45,439 --> 00:02:47,329 security is just an important part of 77 00:02:47,329 --> 00:02:49,549 testing in today's world. Wwe all know 78 00:02:49,549 --> 00:02:53,180 what happens when data breaches occur in 79 00:02:53,180 --> 00:02:54,530 a company, and so we need to think 80 00:02:54,530 --> 00:02:56,750 carefully about security. Once again we 81 00:02:56,750 --> 00:02:58,459 need to think about this especially in 82 00:02:58,459 --> 00:03:00,409 the API context, because it can be called 83 00:03:00,409 --> 00:03:02,870 programmatically. So once again that 84 00:03:02,870 --> 00:03:06,560 makes it easier for hackers to get into 85 00:03:06,560 --> 00:03:09,200 it, to experiment with it, and to find out 86 00:03:09,200 --> 00:03:11,840 laws that there might be. So security is 87 00:03:11,840 --> 00:03:14,719 another core part of the risks of an API, 88 00:03:14,719 --> 00:03:16,819 and in this course we can't get into too 89 00:03:16,819 --> 00:03:18,709 much depth on security, but it's 90 00:03:18,709 --> 00:03:20,419 something to at least keep in mind that 91 00:03:20,419 --> 00:03:22,190 to think about when you're testing an 92 00:03:22,190 --> 00:03:24,949 API. There of course a lot of other risks 93 00:03:24,949 --> 00:03:27,169 that it comes to, and some risks that 94 00:03:27,169 --> 00:03:29,540 might be specific to the particular API 95 00:03:29,540 --> 00:03:31,189 that you're testing, and so I want make 96 00:03:31,189 --> 00:03:33,049 sure you take the time to think about 97 00:03:33,049 --> 00:03:35,540 this for yourself. What risks are there 98 00:03:35,540 --> 00:03:37,549 in the area that you're testing? This 99 00:03:37,549 --> 00:03:39,739 list here is a starter list, this is a 100 00:03:39,739 --> 00:03:41,900 list of things that are fairly common to 101 00:03:41,900 --> 00:03:43,549 a lot of APIs, but there might be things 102 00:03:43,549 --> 00:03:46,040 you want to consider in your own testing 103 00:03:46,040 --> 00:03:47,780 as well. So that brings us to the end of 104 00:03:47,780 --> 00:03:50,449 this section. In the next section we're 105 00:03:50,449 --> 00:03:52,189 going to start look at getting more 106 00:03:52,189 --> 00:03:54,799 hands-on with API testings. And so in the 107 00:03:54,799 --> 00:03:56,209 next video, we're gonna walk through the 108 00:03:56,209 --> 00:03:58,250 install and setup of some API testing 109 00:03:58,250 --> 00:03:59,750 challenges that will help you learn this 110 00:03:59,750 --> 00:04:04,750 topic in an interactive manner.