Discussion on Testing Beyond the Surface: Advanced Strategies for Rest API Testing by Julio de Lima| Testμ 2023

:rocket: Ready to dive deeper into Rest API testing?

Join Julio de Lima for an enlightening discussion on “Testing Beyond the Surface: Advanced Strategies for Rest API Testing.”

Say goodbye to the simplistic view – explore contract testing, Rest architecture adherence, token validation, and more.

Still not registered? Hurry up and grab your free tickets: Register Now!

If you have already registered and up for the session, feel free to post your questions in the thread below

Let’s see some of the Q&As from the session!

What is the best approach method to perform testing?

Julio: The best approach for API testing depends on the project’s context. Choose an approach based on how the APIs are delivered and the product’s evolution. There are multiple approaches to consider, such as mocking, integration testing, contract testing, etc.

What are the key challenges in testing REST APIs beyond basic functionality?

Julio: One key challenge is having access to the source code. This access allows testers to evaluate controllers, logs, code, and token creation. Building a close relationship with developers can provide insights and access to the code, aiding in more thorough testing.

What strategies do you recommend for handling asynchronous API operations?

Julio: For handling asynchronous APIs, consider an independent approach. Test sending the request separately from receiving the response. This allows you to evaluate each step and its outcome independently.

What are the best practices for data-driven testing?

Julio: In data-driven testing, avoid hardcoding data into scripts. Instead, use modern approaches like data binding. Each test can have its own JSON file representing the request and response. This approach makes your testing more maintainable and scalable.

Following are some of the unanswered questions from the session!

How do you ensure effective testing of API versioning and backward compatibility?

If we have to perform data driver API testing, what approach is better? Using tools designed for API Testing or going with the coding approach ?

How can continuous integration (CI) and continuous delivery (CD) processes be integrated with Rest API Testing to ensure efficient feedback loops?

Do you think that we can make API testing partially autonomous by having test automatically generated with OpenAPI spec?

What strategies should we follow to test API?

Hi there,

If you couldn’t catch the session live, don’t worry! You can watch the recording here:

Additionally, we’ve got you covered with a detailed session blog:

In my experience as a tester, ensuring effective testing of API versioning and backward compatibility is crucial for providing reliable services to your users without disrupting their experience. Here’s how you can do that:

  1. Understand the API Versioning Scheme
  2. Develop a Comprehensive Test Plan
  3. Automate Regression Testing
  4. Utilize Version Control Systems
  5. Implement Contract Testing
  6. Monitor API Behavior
  7. Maintain Documentation
  8. Engage the Developer Community
  9. Deprecation Strategy

Effective testing of API versioning and backward compatibility requires a systematic approach, automation, and active engagement with the user community. By following these steps, you can ensure that your API remains robust and reliable, providing a consistent service to all users, regardless of the version they rely on. I hope this answer helps.

In my extensive experience working with API testing, I’ve found that the choice between using specialized API testing tools and adopting a coding approach for data-driven API testing largely depends on your team’s skill set, project requirements, and long-term goals. Below, I’ll share insights from my journey to help you make an informed decision.

API Testing Tools Approach:

API testing tools, like Postman, SoapUI, or JMeter, offer a user-friendly interface and are designed to simplify the process of API testing.


  • Ease of Use: These tools are accessible to individuals with varying levels of technical expertise.
  • Quick Setup: You can quickly set up and start testing without writing extensive code.
  • Built-In Functions: They come with built-in functions and features that facilitate various types of testing, including data-driven testing.
  • Visual Feedback: Immediate visual feedback and reports are available, aiding in quick analysis.


  • Limited Customization: While these tools are powerful, there might be limitations in customization and handling complex test scenarios.
  • Cost: Some advanced features might be behind a paywall.

Coding Approach:

Opting for a coding approach means writing your scripts, possibly using frameworks and libraries like RestAssured, Chai, or Supertest.


  • Flexibility: Coding gives you the flexibility to design tests that cater specifically to your needs.
  • Integration: It’s easier to integrate your tests into CI/CD pipelines and implement automation.
  • Control: You have more control over the test execution flow and can implement complex logic.


  • Steep Learning Curve: Team members need to have coding skills, and there might be a learning curve involved.
  • Time-Consuming: Writing code can be time-consuming, especially for intricate test cases.

My Recommendation:

In my practice, I often start by asking these questions:

  • What are the skills available within the team?
  • How complex are the test scenarios?
  • Is there a need for continuous testing and integration?

If your team isn’t highly skilled in coding, and you need to get started quickly, API testing tools are your best bet. They are especially useful for small to medium-sized projects with straightforward requirements.

However, for larger projects with complex testing scenarios and a need for continuous integration, investing time in a coding approach pays off in the long run. This approach is beneficial if you have or are willing to develop in-house coding expertise. I hope this answer helps you!

Absolutely, in my years of experience in the field, I’ve seen and implemented autonomous API testing using OpenAPI specifications (specs) to a significant degree of success. OpenAPI specs provide a standardized way to describe the structure, responses, and operations of an API, which can be leveraged to generate test cases automatically. Below, I’ll share my insights and experience on this approach.

Advantages of Using OpenAPI Specs:

  1. Efficiency
  2. Consistency
  3. Coverage

Challenges and Considerations:

  1. Limitation on Test Complexity
  2. Maintenance of OpenAPI Specs
  3. Learning Curve

In my projects, I’ve adopted a hybrid approach. I use auto-generated tests as a foundation to cover all basic scenarios and endpoints. Then, I supplement these with manually written tests to cover complex, integrated, or edge-case scenarios. This approach provides a balance between efficiency and depth of testing. I hope this helps!

Certainly, testing APIs is crucial for ensuring that they function as expected and can handle various conditions gracefully. Below are some strategies that I have found effective in my experience as an API testing expert:

  1. Understand the API
  2. Develop a Test Plan
  3. Use Automation
  4. Perform Positive and Negative Testing
  5. Implement Security Testing
  6. Conduct Performance Testing
  7. Maintain Documentation
  8. Iterative Testing
  9. Leverage Mocking and Virtualization
  10. Review and Feedback

By following these strategies, you can conduct thorough and effective API testing, ensuring that the API is reliable, secure, and performs well under various conditions. Consistent and meticulous testing is key to delivering high-quality APIs. I hope this answers your question!