Types of APIs

COVID-19 Note: There is a virus shutting down the world right now. It’s destroying a lot of things including lives and livelihoods. I want to take some of the focus off the destruction this virus is causing, and focus instead on creating something. I’m doing a series of posts on API testing as my way of fighting back against the virus. We can still go on with life even in times like this.

In order to effectively test an API, you need to know what kind of API you are testing. Often in today’s world when we talk about APIs we are talking about REST APIs, but there are several other important API formats that you might need to test. Let’s look through them and see what we can learn about some of the major API types.


We’ll start with what is probably the most common type of API you’ll come across on the modern web; the RESTful API. REST stands for Representational State Transfer and refers to an architectural style that guides how you should create APIs. I won’t go into the details of the properties that a RESTful API should have (you can look them up on wikipedia here if you want), but there are a few clues that can let you know that you are probably testing a RESTful API.

RESTful APIs are based on a set of guidelines and so they do not all look the same. There is no official standard that defines the exact specifications that a response has to conform to. This means that the following are in general good clues and hints that you are dealing with a REST API, but they are not definitive. It is also worth noting that many APIs that are considered to be RESTful do not strictly follow all the REST guidelines. REST in general has more flexibility than a standards based protocol like SOAP, but this means that there can be a lot of diversity in the way REST APIs are defined and used.

How do I know if the API I’m looking at is RESTful?

So, what are some clues that you are looking at a REST API? Well in the first place, what kind of requests are typically defined? Most REST APIs will defined GET, POST, PUT, and DELETE calls with perhaps a few others. Depending on the needs of the API, it may not define all of these, but those are the common ones.

Another clue, is in the types of requests or responses that are allowed by the API. Often REST APIs will use JSON data in their responses (although the could use text or even xml). Generally speaking if the data in the responses and requests of the API is not xml, there is a good chance you are dealing with a REST based API of some sort.

REST API Example

There are many examples of REST APIs on the web, but let’s take a quick look at just one of them to help cement the idea of what RESTful API is in our minds. It’s the internet, so let’s look at cats, and since this is an article about API testing, let’s also look at http status codes (which are used by REST APIs). And of course, the internet knows that combining cats with http status codes needed to be done, so we can go to https://http.cat/ to see a cat image for each http status code.

This site provides an API and so we can call https://http.cat/200 to get the cat image for the 200 status code. For example, if we were to do this in Postman, we could create a request, set the method to GET and put in the url and click on send.

call cat API in Postman

We don’t have to specify any xml when we make the call and can just send the request directly in Postman (or another API tool) as a GET call, so we are most likely dealing with a REST API here.


Before REST there was SOAP. SOAP stands for Simple Object Access Protocol. The SOAP protocol has been around since long before Roy Fileding came up with the concept of REST APIs. It is not as widely used on the web now (especially for smaller applications), but for many years it was the default way to make APIs and so there are still many SOAP APIs around.

SOAP is an actual protocol with a W3 standards definition and so its usage is much more strictly defined than REST which is an architectural guideline as opposed to a strictly defined protocol.

If you want a little light reading, check out this document. It claims to be a:

non-normative document intended to provide an easily understandable tutorial on the features of SOAP Version 1.2

I’ll be honest, I’m not sure how well it delivers on the ‘easily understandable tutorial’ part of that statement. Looking at some of the examples in there may help you understand why REST APIs have become so popular. SOAP APIs require a highly structured xml message to be sent with the request. Being built in xml, these requests are not that easy to read for humans, and require a lot of complexity to build up. There are of course many tools like SoapUI that can help with this, but in general SOAP APIs tend to be a bit more complex to get started with. You need to know more information (like the envelope structure) in order to get started.

How do I know if the API I’m looking at is a SOAP API?

The most important rule of thumb here is: does it require you to specify structure xml in order to work? If it does, it’s a SOAP API. Since these kinds of APIs are required to follow the w3c specification, they must use xml and they must specify things like env:Envelope nodes inside of the xml. If the API you are looking at requires xml to be specified and that xml includes the Envelope node you are almost certainly dealing with a SOAP API.

SOAP API Example:

A SOAP API example is a little bit harder than just sending a GET request to an endpoint. We will use this webservice as an example SOAP API. Let’s look at the first action there, which gives us a list of continents. In order to call this API in Postman we will need to set up a few things. We of course need to create a request in Postman and then we will need to set the request method to POST and put in the url. However we can’t yet click send. Since this is a SOAP API, we need to send some xml information as well. In Postman, this means setting the body type to raw, and choosing XML from the dropdown and then putting in the xml envelope data as indicated by the documentation

SOAP API Information

For this particular API, we would also need to modify the Content-Type header (by adding a new one) at the bottom, so that is is set to application/soap+xml

Content-Type Header

As you can see, there is a lot more complexity to calling SOAP APIs. REST APIs can of course have complex bodies specified as well, but the requirement to do this in xml and the existence of the Envelope node in this, indicates that this API is indeed a SOAP API.

GraphQL APIs

SOAP came before REST and in many ways REST was designed to deal with some of the shortcomings of SOAP. Of course in software we are never done making things better and so along comes GraphQL. GraphQL is a query language and it was designed to deal with some of the situations where REST APIs have shortcomings. RESTful APIs don’t know what specific information you might be looking for and so when you call a REST API endpoint, it gives back all the information it has. This can mean that we are sending extra information that you don’t need, or it can mean that we aren’t sending all the information you need and you need to call multiple endpoints to get what you want. Either of these cases can slow things down and for big applications with many users that can become problematic. GraphQL was designed by Facebook to deal with these issues.

GraphQL is a query language for APIs, and so it requires you to specify in a query what you are looking for. With REST APIs you will usually need to know what the different endpoints are in order to find the information you are looking for, but with a GraphQL API a single ‘endpoint’ will contain most or all of the information you need and you will use queries to filter down that information to only the bits that you are interested in. This means that with GraphQL APIs you will need to know the schema or structure of the data so that you know how to properly query it, instead of needing to know what all the endpoints are.

How do I know if the API I’m looking at is a GraphQL API?

Well, if the documentation is telling you about what kinds of queries you need to write, you are almost certainly looking at a GraphQL API. In some ways a GraphQL API is similar to a SOAP API in that you need to tell the service some information about what you are interested in, but a SOAP API will always use xml and follow a strict definition in the calls, whereas GraphQL APIs will usually a bit simpler and not defined in xml. Also with GraphQL the way the schema is defined can vary from one API to another as it does not need to follow a strictly set standard.

GraphQL API Example

Let’s take a look at a real life example of calling a GraphQL API to understand it a bit better. This example will use the countries api as hosted here. There is information about the schema for it on github here and we can use that to create queries in the provided playground, but for this example let’s look at setting it up in Postman

Similar to calling a SOAP API, we will need to specify the service we want and do a POST request. We will also need to choose the GraphQL option on the body tab, and put in the query that we want

GraphQL query

As you can see in the example I’ve done, I’ve requested the name and languages of Canada. Once I have specified this information I can click Send and I get back some json with the country name and a list of the official languages. If I wanted additional information (Say the name of the capital city), I could just modify the query to include a request for that information and send it off again using the same endpoint.


We’ve looked at three different kinds of APIs. Each of them has it’s own strengths and weaknesses and is used in different applications. Some applications will even support more than one type of API, and as a tester you need to be ready to test any kind of API that you come across. Hopefully this article has at least helped you in that journey and given you some understanding of how the various APIs you might come across work and can be interacted with.

Photo by Markus Spiske on Unsplash

The Simplified Guide to API Testing

COVID-19 Note: There is a virus shutting down the world right now. It’s destroying a lot of lives and livelihoods. However, I want to take some of the focus off the destruction this virus is causing, and focus on creating instead of destruction. For my creative act of defiance, I want to do a series of posts on API testing over the next few weeks. Consider it to be my way of fighting back against the covid-19 virus. We can still go on with life even in times like this.

When I started testing APIs, didn’t know anything about them. I’ve learned a lot over the last few years and I now feel pretty comfortable with using and testing APIs, but it wasn’t always that way. When I first started it was hard to even figure out what to do. I can still remember some of that pain I went through.

In my first year of university we had a calculus professor we nicknamed Einstein. Partly because of his hair and partly because he managed to make calculus as confusing as relativity. He would start to solve a problem on the board and then he would say ‘and therefore it is obvious that’ and write down some solution. We would all sit there and look puzzled.  What was obvious to him was not obvious to us as the students. We needed to know the intermediate steps that he had skipped in order to understand what had happened.

This is a common occurrence. As you learn things, the pain of that initial learning curve goes away and it becomes harder and harder to explain things to those who are just starting out. You start to assume things and makes leaps of logic that seem obvious to you but that are confusing to those who are new to the subject.  As I continue to progress in what I am learning about APIs, I want to get down some of my basic thoughts on API testing, hopefully before it is ‘too late’ for me to explain to those that are just starting out.

So with that long preamble, here is my attempt at a simplified guide to getting started with API testing

Figure out the endpoints

I found this to be one of the most difficult parts of API testing. How do I even know what there is to test? What things can the API do?  If you are working with a well documented public API, this isn’t much of a concern, but in my experience most API testing is done on internal APIs that support different parts of your application.  These kinds of APIs tend to be poorly documented (if they are at all). So how do you figure it out?

Well of course any available in house documentation helps, so certainly start there if you have some available.  And don’t forget that documentation can sit in places you might not expect. For example sometimes code comments or even signatures in a method can help you out. You also might also be able to find documentation in stories or requirements that point you in the direction you need to go.

Another great source of information is humans. You see there are people in your company who have created, designed, tested and/or used the API you are looking at. If you can find and talk to those people, they can be an invaluable source of information.

Code bases are another place that contain information about how APIs work. You might not know how to write code, but you can often still find out some information by looking at how an API is called. You might be able to pick up something by the urls used in the caller, or you might be able to find some unit tests that use the API and give you insights into how it was used.

Last, but certainly not least, you might want to look at network calls in the developer console to figure out what API endpoints are available.  Often API calls are sent over the network and by looking at network calls in the developer tools you can figure out a lot about how they work.

One thing you will find with all of these sources of information is that they will give you imperfect and incomplete information.  There will be things you just don’t understand and (especially at first) everything will be very unclear and foggy.  But if you stick with it and continue to ask questions and get feedback, you will suddenly realize one day that you actually get it and have a decent understand of the API.

Auth and Security

Authorization. Authentication. Security. What is it all about and how does it work? I found auth workflows hard to understand. Security is obviously very important to the way an API works, but it can significantly complicate the use of an API.  This article would get far too long if I was to dive deep on this, but I do want to point out a few hints.

First of all look at how your tools can support you. Tools like Postman offer a lot of support for making authorization and authentication easier.  They can also provide you with insight in the security of your API. Dig into those features a bit in whatever tool you use and see what you can figure out.

Another consideration is that, again, when you find yourself frustrated by it, consider it to be a learning experience. Ask questions of your coworkers (and Google).  Try and figure out a bit about how Oauth works. Get a bit of an understanding of authorization workflows.  I have found that digging into authorization really pushed me with respect to understanding stuff about how APIs and HTTP protocols worked and so it was a great way to learn a lot more about API testing

A last comment on the security front, is that many things are ‘security’ issues that are not related directly to technical security testing. Making sure that different users types can only access the information they have permissions for and making sure that all paths give back the correct information are also forms of security testing.  Remember to look at your API holistically

Learn to do by doing

It can be tempting to spend a lot of time learning about things like API testing. We can feel like we need to know what we are doing before we get started, but I really believe that the best way to learn is by doing. Just try making API calls. Figure out one endpoint and try calling it. Start with the smallest thing you know and use it. As you try to do things and get stuck and then figure it out you will learn the things you need to know for the API you are working on.  You will also learn what things you don’t know and where you need further study and so you’ll be able to find resources that can help you with the exact things you need to know.

Figure out some of the basic terminology

I have a glossary of terms I’ve put together here. This is a set of terms I had to learn. You may find it helpful, but I think it will be important to also figure out what terms you hear that you don’t understand and figure them out. It is also important to listen to how your team uses terms and to make sure you are understanding what they mean. Often different teams or companies can use the same or similar terms in different ways. Pay attention to the words and build up a vocabulary.  You will find that this makes it easier to ask questions and to understand what is going on.

Next steps

So where to do from here?

  1. Install an API testing tool (Postman perhaps)
  2. Find an endpoint on the API you are interested and make a call to it
  3. Change something in the API call and try again
  4. Start writing down what you observe and try to build a mental map of what the API does
  5. Try to use the API to answers some questions you have and follow up on figuring out how to get it to do those things
  6. Research and learn the things you need
  7. Try your hand at some API testing challenges (The automation in testing site is a great place to start).  You could also try out some public APIs (here is a list of some you could try)
  8. Ask lots of questions!

Photo by Daniil Silantev on Unsplash

Effective Testing During COVID-19

Can one blog about something that isn’t corona virus related at this time? This is affecting us all in so many ways. I’m thankful though that I have a job that makes it easy to work from home. The company I work at is also in an industry that will likely benefit from this as we enable online education which is kind of a big thing right now. So as someone who does not have to worry about their job and income and who is at an age where the impact of the virus is unlikely to be serious if I was to get it, I feel blessed.

I have always worked from home on a regular basis (usually 1 or 2 times a week), and so the transition to full time working from home hasn’t been too difficult for me. My wife and I also started homeschooling our kids just this year, so that also hasn’t been too big of an adjustment for us either. I think the biggest thing this pandemic has given me is some perspective. When everything changes you realize what things you might have been taking for granted. Full time remote work is different than going into the office to regularly have face to face contact with your coworkers. As a team we are all working on ways to stay connected and have effective communication in a world where we can’t just pop our heads over the cubicle wall and chat.

What does one do as software tester in this world? How do you work effectively in a fully remote environment? There are a few things I have been thinking about and working on at this time. One important thing (probably for all remote workers) is organization and discipline. There are different kinds of distractions when you work from home. Your family, your pets, even your housework all distract in different ways than your co-workers. You may need to have conversations with kids and your spouse about how to protect your time so that you have the ability to dive deep on your testing sometimes.

I think organization is another important factor to consider. There may be some built in accountability at work where your co-workers or boss can see what you are doing when they walk past your desk. At home you may need to watch your schedule more and make sure you aren’t spending too much time reading the latest news about the virus (it’s probably not a healthy thing to spend too much time reading about anyways).

There are also less clearly defined lines between work life and family life when you work from home, so set some boundaries for yourself that way too. You may have needed to talk to your kids about boundaries while you are working, but don’t forget to set boundaries for when you are not working too. Just because your computer is only 5 feet away in your office, doesn’t mean you need to go do some work at 8 pm. Give yourself and your family some uninterrupted time

Those items above are probably general to anyone working from home. As a tester are there any particular challenges? One thing that may be a challenge is access to your test lab or test devices. This might be the time to investigate Sauce Labs or CrossBrowserTesting or similar services as options to get access to the devices that you need. Another challenge testers may face is in communicating with developers about issues. I will often go over to a developer’s desk to discuss, debug or demonstrate an issue I’ve found. This can be more difficult when working remotely, but certainly using tools like zoom or google hangouts to do these things virtually helps a lot.

I also firmly believe that quality is a team sport. When working from home, testers need to remember that we aren’t working off on our own, finding bugs and throwing them over the wall at the developers. I think as an industry we have been making positive strides towards integrating quality into the entire development life cycle. Let’s not let this set us back to a mindset of developers develop and then give to testers who find all the bugs and give it back to developers. This kind of ping-pong approach of bouncing things back and forth over the wall between test and dev is not an effective way to create high quality software. Quality is a team sport and so in times of ‘isolation’ we need to stay connected as teams to ensure we are focused on this together.

Talk about testing and quality as a team. Meet with developers to talk about things to consider for stories they are working on. Pair up with developers to help grow quality skills throughout the team. Stay involved in design and story definition meetings. Keep working on having quality thinking permeate the entire development process. Working as teams remotely can be challenging, but stay focused on ensuring that you are indeed working as part of a team.

Take care of yourself in these crazy times in which we live, and happy testing!


Photo by Dimitri Karastelev on Unsplash

Speed Limits in Software Development

I took the train into Toronto last weekend and without my car spent the weekend walking everywhere. As I walked under the highway, I was struck by how obsessed we are with speed. I could hear the thump, thump of car tires as they rushed by over my head at 100+ km/hr (traffic was good for once). As a species we have gone from being able to move at the speed our legs could carry us, to using animals to help us move faster and then eventually we started using mechanical devices like the bicycle to increase our speed. With the invention of mechanical engines we’ve added even more speed. Our cars will rush us from place to place in almost the blink of an eye. We can listen to an audio book about a pioneer family taking months to cross a part of America and we can’t even finish the audio book before all the country they covered has all rushed passed the windows of our car. What used to take months, now takes hours.

But even with all that speed, there are limits on how fast we can go. Jump on a jet plane and you can get across a country or continent pretty quickly, but it still takes time. Physics still applies. I could wax philosophical on our obsession with speed and what we loose from it – and I may yet do that at some point – but in this article I want to move us into thinking about the limits of speed in software development. It is an axiom of modern software development that faster is better, and like I said that is a philosophical discussion for another day, but how fast can we actually go? What are the limits of software development? The speed a developer can type? I don’t think anyone is advocating instantaneous deployment on each keystroke a developer does. If not that, then perhaps the limit is how fast we can get a minimum viable feature completed. By how do we know if it is viable?

You might be able to guess that I am going to argue that quality matters. What is the fastest we can move in software development? That is, of course, not quite the right question. How fast a can a car go? Well, if it is an F1 race car, pretty fast. If it is a car attempting to set a land speed record, even faster. But those things aren’t really what we are asking about. For the vast majority of us, the answer to how fast a car can go has to do with the posted speed limit and not with the physical limits of our car. Someone engaged in a police chase can go pretty fast, but it certainly wouldn’t be safe to do so. When we are trying to figure out how fast we can go in software development we aren’t trying to figure out they physical limits of it (deploy on every keystroke). We are trying to find how fast we can safely deploy.

For software development there aren’t road signs telling us a safe speed to deploy at, but perhaps we can extend the driving metaphor a bit more to help us think this through. One thing that relates to safe speed is responsiveness. A slick road makes it harder for your car to respond to changes in direction, and slow deployment makes it hard to respond to problems with your application. How easy is it to respond to issue in your application? Don’t forget that an F1 race car with new tires and perfect tuning can respond a lot better than the little commuter car you might have. We can tune our code and deployments and get better at responsiveness over time.

If the road is foggy and you can’t see where you are going when you drive, I hope you slow down. If you can’t see what is going in your application and understand how it is being used, I hope you slow down.

Let’s think a little more about the foggy road analogy though. Sometimes we think of testers as fog lights. We pierce the darkness a bit and show where there might be threats. That is helpful when we are stuck in the fog, but in software we have an option that we don’t have in car driving. We can dispel the fog. We can make our applications more observable. Fog lights are helpful but sunshine is even better.

So how fast can we go in software development? Well, in the ideal case if we know everything and have a smooth path ahead of us, pretty fast. I don’t think we can get to a land speed record since software development doesn’t often involve going in a straight line, but with a bit of work on the code and deployment process and with investment in observability and operations, I think we can go pretty fast, pretty safely. Just be careful. Don’t try to drive your homemade hot rod as if it is an F1 race car. Go fast and push the limits, but know where those limits are for your situations (and then make them better).


Photo by Adrien CÉSARD on Unsplash

Some Things are Worth Doing Badly

The British philosopher/theologian G.K. Chesterton once said that if something is worth doing, it is worth doing badly.  Chesterton meant this as a defense of the amateur or generalist over the specialist, but I want to take this thought down a bit of different path.

If something is worth doing it is worth doing badly, because only in doing it badly will you ever do it well. Do you want to learn how to test APIs? You will have to do it badly at first.  You won’t be very good at it. But if it is worth doing, it is worth doing badly so that eventually you can get good at it.  Do you want to learn programming or scripting? You aren’t going to be very good at it when you start, but if it really is something worth doing then isn’t that ok?

We don’t like doing things badly, but the world needs more people who are willing to not be very good at something. When we stop worrying about how we look and start embracing failure as the path to learning we can get somewhere with the things we want to learn and do.

So step out and doing something worth doing. Do it badly. Get better. Do it again and again.  And don’t forget the point that Chesterton was originally making – sometimes it is in the mistakes and imperfections of the amateur ‘doing it badly’ that we get the most profoundly human insights and results.  Don’t be afraid of the mistakes you will make. You might just change the world.

Photo by Sarah Kilian on Unsplash

Deep Dive into TestProject: A Free Test Automation Platform for Web & Mobile!

Note that this is a sponsored post. Posts like this will only ever be about things that I believe and that I think you would potentially find useful. You can read about my full philosophy on sponsored posts here

I’ve talked about TestProject and some of the great features that it has before. Since then, I have recorded a few more videos (you can watch the whole playlist here) and I wanted to talk about a few more features that TestProject has that make it a tool worth having in your testing tool box.

As the first of its kind free end-to-end test automation platform, I would certainly encourage you to check it out and see if it can help you with the testing challenges you might be facing.  I’ve already talked about how easy it is to get started with using the tool, but now I want to talk about some of the features that can help you take it to the next level. 

For example: Addons. TestProject has an addons library that can help you solve those tricky UI automation problems you might run into. Trying to find an element in a scroll-able container?  Yup, there’s an addon for that. Want to generate some random data for test inputs? Yup, there’s an addon for that. Trying to parse some strings to verify that some text is in it?  You guessed it, there’s an addon for that too. There are many publicly available addons, and if the addon you want is not there, TestProject provides you with the tools that you need to make your own. Since the platform is built around the idea of full team collaboration, you could tap into the developers on your team to help you out with building some addons that extend TestProject to have the capabilities you need. You can then choose to share those addons publicly for others to use or you can just keep them within your team if you prefer. 

Let’s also talk about the TestProject API.  I like APIs. I love how with a simple command definition you can have access to all kinds of power without needing to do any complex coding. Maybe I’m just a bit of an API nerd, but I think it is fun to play around with APIs and to see how I can enhance my testing superpowers with them. The TestProject API can help you take the tests that you have created and make them into something you can easily run in your build system and can really help you take the tool to the next level. 

One thing that every tester knows about testing is that it isn’t just about what you test, but it is also about how you communicate that testing to others. Testing is about much more than just providing information, but effective communication of what you have done is certainly an important part of any testing initiative. This is where reports in TestProject can be very helpful. There are a number of built in reports (that you can download into a pdf if you want) that can help you quickly and easily summarize what is going on with the tests over time and across different devices and browsers. 

There are also really helpful tools for debugging failing tests that are built into the reporting tools as well. I mean let’s just talk about screenshots for a minute. How would you like to have your tool automatically take a screenshot of what it was doing whenever a test steps fails?  Now all you have to do is click on the failing test, go to the step that is causing the issue and click on the screen shot to get some context as to why the test step failed. And yes, this is all automatically taken care of by TestProject right out of the box. 

As you can see, TestProject is a good tool for helping you get started with test automation but it also packs that power that is needed for advanced usage as well. With their  free forever plan there is nothing stopping you from checking it out today!

Photo by Julian Dufort on Unsplash

When DevOps makes life harder

I know DevOps is the latest and greatest way to do software development and there is a lot that I like about it, but there is a one big problem with being a DevOps team.


We’ve started to learn to plan for interruptions. There are going to production issues that need to be dealt with. We are going to get client escalations. Things are going to come across our plate without any warning and we need to be able to respond to them.

The problem is interruptions keep you from getting done what you were planning to get done. Features don’t get delivered and the team can start to get frustrated. Interruptions can really make the life of a devops team get harder.

Do you know what another word for interruptions is?  Bugs.

These interruptions are coming from clients that are having issues. Sometime they are just because we have changed a workflow and they don’t understand it, but to me anything that is impacting the ability of our clients to solve their problems is a bug.  These interruptions are bugs.

So let’s rephrase that statement at the top of this article. Bugs are a big problem with being on a devops team. You know I think they are a big problem with being on any team aren’t they? So what do we do about it? Do we need to spend more time finding the bugs up front so they aren’t coming in as interruptions during the next development cycle?  Sometimes yes – but sometimes these are things we probably never would have found no matter how much time we spent on it.  So what other solutions do we have?

Well we could just account for it in our plans and add a 25% interruption buffer. This doesn’t seem to be the greatest option, but there are times when it makes sense (like when we just changed a major workflow for hundreds of clients). In general though I don’t think this is going to allow us to most effectively deliver value. So what else?

Perhaps we need to make it so that the interruptions don’t hurt as much. If we can pinpoint exactly where the problem is coming from and find the solution more quickly, interruptions becomes less painful.  This mean being committed to good telemetry and good coding practices that let you quickly and easily find issues.

This issue of interruptions and bugs is not a simple one. It is one that has been with us from many years and will be with us for many more. There isn’t just one simple, quick fix answer. I’ve shared a few ideas we’ve been using or working towards on our team.  What ideas to do you have? Share in the comments below!

Photo by Jonathan Safa on Unsplash

Forget About Bugs

Ask my wife how forgetful I am. You’ll probably get a big sigh. Case in point; the other day we were on our way home and we were about 30 seconds away from turning onto the side street we live on. My wife said to me “don’t forget that we need to go to the grocery store.”

“Yes dear”

30 seconds later.

“Why are your turning onto our road! We need to go to the grocery store!”

Yes, I can be that forgetful. I know that I’m forgetful and so I have systems in place to help myself with this. I try to write things down and use software to remind of things when I can. I might be an extreme case, but I think we all forget stuff sometimes.  It happens in software development as well. This is why we have stories, and documentation and defects.

However, sometimes I want to forget things. Take bugs for example. Having a big bug backlog just slows us down and I don’t want to go through it every week or two and see at the things we haven’t fixed. So what can I do to make bugs more forgettable?

Well let’s consider a few ideas:

I could fix it myself. Who says only developers can fix bugs? Sometime I know how to fix it myself or can figure it out with a bit of work, so why don’t I just do that?

I could immediately work with a developer to fix it. Instead of filing a bug and sticking it in some backlog, I could chat with a developer who know that area of the code and see if we can sit down and figure out the issue and fix it on the spot.

I could work with PM to make into a story for the back log. Sometime a bug doesn’t have to be a bug and can just be prioritized with other work we are doing

I could walk away. Maybe this bug is ok to ignore.  Maybe I can just embrace my forgetfulness, look the other way, and go find something more important to fix or work on.

Of course sometimes a bug does need to be remembered, but wouldn’t it be nice to be able to forgot about them more often?


Photo by AbsolutVision on Unsplash

API Testing – Getting Started

In many ways APIs are the glue of the internet. The modern internet is increasingly built on distributed architectures and companies want to make their platforms extensible. APIs are a crucial part of these kind of business strategies. (If you aren’t sure about API terminology, check out my API testing glossary here).  APIs are also challenging to design and test. By their very nature they are meant to be accessed programmatically and to expose underlying constructs in ways that are simple to use and understand. You might be comfortable with how to test manually or even with various types of test automation, but not really know and understand how to effectively test an API.

I have been working on testing APIs for a while now and have also put together a course that I hope will help people looking to get started with API testing.  I also want to share some material for this on my blog in the hope that I can help others along this path towards API testing skills.

Let’s start with trying to understand a bit about web services. Many web services provide APIs that can be used to drive them and so understanding a bit about what is meant by the term web services is as a good a place as any to start with in API testing. As with any term in technology, it can take on different nuances for different companies and contexts but I find that a helpful way to think about it is actually in terms of mathematical functions. Don’t worry though, no complex math is needed to understand this.

When I was first introduced to functions in grade school I learned to think of them as a black box that took in some inputs and did some kind of transformation on those inputs to then produce an output. I use this same model to think of a web service.

Let’s make it concrete and look at a real life example. Let’s say we are testing an application and we want to get a first and last name to use for a login test.  We don’t want to use the same name every time, but we still want to have somewhat realistic names.  We could find a database of names and write some code that randomly selects names from it, or we could go to a service like uinames.com and get it to generate the name. By giving the service certain inputs (like an API path and perhaps some other request parameters), we can get back a user name that we can use.

We don’t know anything about how that service does what it does. It might use python, or php or javascript to do this work. It might get the names from a database, or it might request them from other services. We don’t know. We can just think of it as a black box that will give us back certain inputs based on the inputs we give. And that’s really all we need to know at this point. This is how I think of a web service. A black box that does some action(s) for you based on the inputs you give it and then gives you an input. In this way of thinking, APIs are the way we get inputs into the service and how the service gives us back the responses it has for us.

I want to start a bit of a series on API testing where we think of it this way.  We could call this black box API testing if we really want to give a name to it. I think it is an important part of interacting with and testing the modern web and I hope you find this that this series helps you along your API testing journey.

How to Become a Great Tester

I want you to think about butterflies. The beautiful feathery winged creatures that flit from one flower to another. The weather is warming up, and yesterday my son and I were marveling at the beauty of these little creatures.

Now, let’s go back a bit in the development life-cycle of a butterfly. Let’s go back to the moment a butterfly starts to emerge from the chrysalis. The story is that if you feel sorry for the butterfly and cut the chrysalis open, it won’t be able to open it’s wings.  The struggle is necessary for the blood flow. Now, as with most inspirational stories you hear, it is probably not strictly true, but I think there are still a few lessons that can be drawn from it about how to become a great tester.

Struggle is important for becoming good at your craft. You can really only learn some things through the struggle of trying to do them. Sometimes we can try to short circuit the pain of the learning process, but at the end of the day you aren’t going to be able to learn without some struggle.

This isn’t the only lesson to learn though. The other lesson we can glean comes from the fact that this story is probably not strictly true. A couple of quick google searches shows experts who say that as long as you are careful, there are ways to help a butterfly that is having trouble getting out of the cocoon. Struggle is good and helpful and shouldn’t be short circuited, but there is a time to get help.

So how do you become a great tester?

Do lots of testing and struggle through the pain of trying to figure it out. Don’t think you can just read a few blog posts and listen to few talks and then have what it takes to be a great tester. It will take time. Lots of time. It will take trying things and failing and trying again.  It will take getting stuck and getting frustrated. It will take pain and joy. It will take frustration and annoyance and aha! moments and a powerful sense of accomplishment. In the struggle you will slowly grow and become a better and better tester.

Embrace the struggle, but don’t get lost in the struggle. Don’t forget to ask for help. Find those voices that can speak to you on how to get through the struggles you face. Go to the conferences. Ask the questions. Pair up with the experienced tester. Read the books. Take the course. Get help.

Becoming a great tester takes time and persistence. It also takes help and encouragement.

Happy testing!


Photo by Suzanne D. Williams on Unsplash