In this tutorial, we'll learn a brief about the following concepts:

1. API & API Types
2. Postman: Introduction and Installation
3. Exploring an API
4. Break: Exercise
5. Exploratory Testing: Introduction & Terminologies
6. Short Demo (5 minutes time-boxed) on Exploratory Testing
7. Questions?

An API (Application Programming Interface) is a software-to-software interface that enables two applications to exchange data among each other.

GET: Request to retrieve resource representation/information. As GET requests do not change the state of the resource, these are said to be safe methods.
Standard response code: 200 (OK)

POST: Request to create new subordinate resources, e.g., a file is subordinate to a directory containing it or a row is subordinate to a database table.
Standard response code: 201 (Created)

PUT: Requests primarily to update an existing resource (if the resource does not exist, then API may decide to create a new resource or not).
Standard response code: 200 (OK) or 201 (Created)

DELETE: As the name applies, DELETE requests are used to delete resources (identified by the Request-URI). A successful response of DELETE requests SHOULD be HTTP response code 200 (OK) if the response includes an entity describing the status, 202 (Accepted) if the action has been queued, or 204 (No Content) if the action has been performed but the response does not include an entity.

IDEMPOTENCY:

SAFETY:


Sample URL: https://api.github.com/users/octocat

REST: (Representation State transfer) - This is a very common way of creating APIs. When you make a REST API, you're following a set of standards laid out in the doctoral thesis of a guy named Roy Fielding. Probably most APIs created today are RESTful in nature, and if you aren't sure what kind of API you're working with, a good guess is that it's RESTful. In really simple terms, a RESTful API is one that consistently applies the actions that we talked about before, like GET, POST, PUT and DELETE, to resources, we could call these nouns, which are usually a URL that may have some parameters. We've got verbs, and nouns, working together in a RESTful API.

SOAP: This stands for Simple Object Access Protocol approach. The major difference between REST and a SOAP API, is that a SOAP API is more standardized. It needs to follow a stricter set of rules than a REST API. These rules are known as the Web Services Description Language, or WSDL, and they define what form a SOAP message should take, and also what the response should look like.

GraphQL: REST and GraphQL are two API design approaches that fulfil the same function: data transmission via internet protocols such as HTTP. However, how they do so varies significantly. GraphQL is a query language, whereas REST is an architectural pattern. We won't get into these too much. I'll let you explore more into this.




Hypermedia: Then one last thing that I wanted to mention, is hypermedia it's just a term that describes a way of using RESTful APIs, in a way that the API itself tells you what commands are available to use. In essence, when we send a request to the server, we get back the actions that are available to you, for the object that you're looking at. This is exactly what happens when we go to a web page. You ask for a resource, you get back the page, and on that page, there are links that allow you to go to other places on the web.

Talk about the importance of Documentation and author of the API.

If we want to test APIs, we're going to need to use a tool that will let us easily send and receive commands to the APIs that we're testing. Postman is a very intuitive and easy to use tool when it comes to API testing. It's free to use and it has a large active user base, so there are many resources if you find yourself Googling for answers.

"Postman is an application used for API testing. It is an HTTP client that tests HTTP requests, utilizing a graphical user interface, through which we obtain different types of responses that need to be subsequently validated."

Step 1: Go to https://www.postman.com/downloads/

Step 2: Download the file best suitable based on the configuration of your computer.
Step 3: Follow on-screen instructions and install it.

Explore the various elements of the Postman.

Step 1: Go to the URL: https://swapi.dev/.
Step 2: Follow the demo on screen.

Let’s take a break now and do a bit of exercise on our own.
Challenge
I want you to go through this API https://dog.ceo/dog-api/ and figure out what you think is interesting or important in this API. So the idea of this challenge is to try and map out all the different paths that you might want to test in this API. You can write them down in any way you want, maybe in a mind map or just a list, but try to create a fairly comprehensive summary of the API paths and commands that should be tested. As I mentioned, there are a few different sources of information that can help you with this. You can look at the documentation that is provided on this site, as well as some of the values returned by various calls that you use.

"Exploratory software testing is a style of software testing that emphasizes the personal freedom and responsibility of the individual tester to continually optimize the value of her work by treating test-related learning, test design, test execution, and test result interpretation as mutually supportive activities that run in parallel throughout the project." - Cem Karner

""Exploratory testing is simultaneously designing and executing tests to learn about the system, using your insights from the last experiment to inform the next." - Elizabeth Hendrickson

1. Learning
2. Experimentation
3. Freedom & Responsibility (for what to test & strategy)

Charters: It tells you what you are testing and why are you testing it. Test charters are usually quite broad, which doesn't tell you what tools or strategies to follow but at the same time, it provides you a structure and helps you to stay focused on what you are trying to do.
Time: Sessions are time-boxed. You are free to choose but the recommended setting is 45min-90mins.
Notes: This is a place where you recorded the observation or thoughts and to some extent what you did. These could be pretty sparse.
Metrics: There are various forms of metrics that could be used to assess the exploratory testing. Some of such metrics that we would use in our assignment are:

• Coverage: Area of the product you are working on and what type of testing you are using.
• Bugs: these metrics are collected around the bugs that you would usually found during the testing and concerns and other potential issues.

Please explore and document your findings for the given API. Follow the demo in the tutorial.