This video explains various API terminology so that you can better understand the way APIs work.
- [Instructor] As we get into the details of API testing there's some terminology that it'd be good to understand. These are things that are pretty commonly used terms and they help us in the way that we think about and test APIs. So you're probably pretty familiar with some of the terminology around rest APIs. There are the standard actions that are sometimes called verbs that define what you want to do. Most commonly they are get, post, put and delete. So let's take a quick look at each of these in turn. So the get action tells the service that you want to retrieve some information.
This action's very easy to use, so for example we can take a look at the GitHub API. So if we put this URL into our browser api.github.com and then users and then we'll give it this silly user called octocat and if we hit enter here, we get back data in this format it's called json. And what we've done here is make our first API request. Pretty cool isn't it? The browser automatically interprets this URL as a get request and then returns the actions for us.
So the next action that we'll look at is post. So for a post action you're telling the server that you want to create something new. So in this case we would need to specify one more thing. Rather than just a URL and an action we would also need to specify some parameters that define the object that we're trying to create. So for example if you are trying to create a new user instead of just get information about a user, you'd have to include parameters. So if we look at this you'd have to include these kind of parameters with your request.
So you'd have to tell it what login it needs, you'd have to tell what the name is, what company it has and things like that. So you'd include these parameters. We can't do a command like this in the address bar in the browser since there's no place to tell the browser that we're trying to do a post, and it doesn't really give us an easy way to do that. But we'll talk a little more later on in the course about some ways that you can test this. Now we also have the put action which is similar to the post except that it acts on an already existing object so we'd need those parameters and stuff but it's an already existing object.
And the delete action just tells the server that you want to delete the object that you give it. So these verbs are pretty common terms and you've probably heard of them before, but there's also a few other terms that you may hear sometimes in API testing that can be hard to understand. So we'll look at a few of these terms just so that you're aware of them and know what they're about. So this first term is idempotency. So hard to say hard to read but this is a term that is talking about an action that will always result in the same server state, no matter how many times we call it.
So let's think about this with a silly example. Imagine you have a bookshelf full of books. If you come along and take all the books off the second shelf that action is idempotent. You can perform the same action again and again but the state of the bookshelf will stay the same. Once you've removed those books, if you come back and try to remove them again you won't change the state of the bookshelf. So this of course is actually just an example of a delete action. In general we would expect that put and delete actions are idempotent. If we want to repeat one of them over and over the state on the server shouldn't change.
So one other term that we'll talk about is safety. Safety in API designs just means that the action doesn't have any effect on the state. So if we turn to our bookshelf example, a safe action would be something like reading one of the titles on the spine of the book. When we do that nothing on the bookshelf has changed. We have not affected the state of it at all. And this really is just an example of a get action. In general get actions on an API should be safe. They should not change anything on the server. So these two terms might be a little more difficult to understand than some of the verbs and we'll get into some of these terms more throughout the course but for now, they should give you a good grasp of at least some of the basic terminology that you might hear when working with APIs and hopefully they give you an understanding of how things might work.
- Reviewing API terminology
- Mitigating risks related to testing APIs
- Mapping out the layout of an API
- API authorization and authentication
- Finding and using bearer tokens
- Testing GET, POST, PUT, and DELETE calls
- Using mocks, stubs, and fakes in API testing
- Testing microservices and the Internet of Things