What skills does a team need to succeed with API testing?
Let’s start with what I think is the most obvious one. Testing skills. I’ve said this before, but API testing is, well, testing. You need to approach it with all the same skills and mindset you would approach any testing task.
I think you also need someone who understand or can learn some good API testing tools. Effective API testing often involves diving deep into the API and the better you understand tools that can help you do that, the more effective you will be in your testing.
Creating a valuable API, also means you need someone who deeply understands the business or customer need for this API. The vast majority of API bugs I find are related to the API not providing the information the business needs, or providing it in ways that are difficult to find, use or understand. This does fall under general testing skills, but it is worth mentioning again as it is vitally important that APIs actually do what the business needs out of them. Sometime we can forget that when we are deep into something technical like an API, but we (should) only write these to help drive the value we are after. If they aren’t doing that, they need to be changed.
On last thing I will mention here is security. Security is important everywhere in the software development process, but I think it is especially important in APIs. If I were trying to break into a site or service, I would start with the APIs. They are designed to be scripted, which means you can use a lot of algorithmic and brute force attacks to try and break into them. You definitely don’t want to forget about security and authorization when testing an API.