To Open Banking and Beyond: Developing APIs that are Resilient to every new Initiative
Download as PPTX, PDF•0 likes•37 views
The document discusses the complexities of API testing in the context of rapid development and the stakes involved, especially with sensitive data in environments like open banking. It proposes a new model-based test automation approach to create rigorous and effective tests, addressing issues such as poor coverage and limited access to test data. The document emphasizes the importance of using dynamic data, testing various user scenarios, and monitoring both internal and third-party APIs to ensure quality and performance.
To Open Banking and Beyond: Developing APIs that are Resilient to every new Initiative
- 1. © Curiosity Software Ireland Ltd. 2020 To Open Banking and Beyond: Developing APIs that are Resilient to Every New Initiative January 30th 2020 Patrick Poulin CEO, API Fortress [email protected] @PatrickPoulin James Walker, PhD Director, Curiosity Software Ireland [email protected] @CuriositySoft
- 2. © Curiosity Software Ireland Ltd. 2020 To Open Banking and Beyond 1. Understanding API testing complexity 2. A new approach to testing massively complex APIs 3. API Testing: What’s at stake? 4. Q&A and discussion
- 3. © Curiosity Software Ireland Ltd. 2020 1. Understanding API testing complexity
- 4. © Curiosity Software Ireland Ltd. 2020 QA must meet the speed of innovation • Modern delivery practices mean new components are added faster than ever before. • Each one brings its own world of logic. • The # of decision then gates grows exponentially - as do the possible data inputs. • This maze of logic needs to be tested with a rigorous set of distinct data combinations. • The stakes are high – with initiatives like Open Banking, APIs often carry sensitive personal and financial data. • Flawed APIs can then spell customer churn, legislative penalties, and brand damage.
- 5. © Curiosity Software Ireland Ltd. 2020 • Modern delivery = new components added faster than ever before = new worlds of logic. • The # of decision gates and data combinations grows exponentially. API call soup Expected Result? API Testing: How many paths?
- 6. © Curiosity Software Ireland Ltd. 2020 How many paths are you hitting? Meeting the speed of API-driven development requires a new approach to testing. 1. Creating API tests one-by-one in test tools or through scripts is too slow and ad hoc. 2. Tests hit just a fraction of the logical combinations contained across combined APIs. 3. Expected results are also hard to define from service definitions and requirements. Second guessing expected responses undermines the reliability of API testing. 4. Test data lacks the combinations needed for rigorous API testing. Low-variety copies of production data focus on past data and are almost exclusively “happy path”. 5. There is often not access to in-house and third-party systems for test execution.
- 7. © Curiosity Software Ireland Ltd. 2020 2. A new approach to testing massively complex APIs
- 8. © Curiosity Software Ireland Ltd. 2020 Model-Based Test Automation Recorded tests activity Test Cases & BDD Scenarios BPMN diagrams Service Definitions Message Traffic Business Requirements Application Scans Reactive Model of the system Find / Make / Allocate Test Data Run Results Tests New Iteration Perfect sets of tests Fast Maintenance Reusable Components Move faster Deliver with confidence Test AutomationTest Automation
- 9. © Curiosity Software Ireland Ltd. 2020 Reactive and rigorous API Testing Find test data from across back-end databases Test Data System Under Test REST SOAP GraphQL Web Services Microservices Parameterised tests Run results Service Definitions Message Traffic BDD/Gherkin
- 10. Demo © Curiosity Software Ireland Ltd. 2019
- 11. © Curiosity Software Ireland Ltd. 2020 This approach to API testing: • Provides a simple way to test complex APIs in the cloud: • There is a range of accelerators/time saving features • You can start creating rigorous API tests in minutes • Automation creates sets of coverage focused scenarios to drive testing • Moves faster : • Quickly and systematically build automated API tests • Have quality test data in the right place, at the right time • Run automation suites on demand in the cloud • Increases quality and confidence: • Testing rigorously finds bugs earlier, and at less cost to fix • Mathematics systematically creates tests (coverage) • You can track exactly which features you are testing
- 12. © Curiosity Software Ireland Ltd. 2020 3. API Testing: What’s at stake?
- 13. Data is Key
- 14. Data is Key ● Go beyond a stagnant set of test data ● Use dynamic data from sources like databases and APIs ● Differentiate the data sources and environments you test against ● Don’t forget that APIs at larger organizations involve many different teams, with different understandings of the APIs’ goals ● Don’t fear testing against live data: it is often the only way to truly reveal issues
- 15. Next Step: Integration Testing
- 16. Next Step: Integration Testing ● Whenever possible, reproduce entire user flows on the API level ● Reproduce normal user behaviors in a single test ● Test using good and bad data, to validate all types of responses
- 17. Functional Tests as Monitors
- 18. Functional Tests as Monitors ● Your existing functional tests should be scheduled as API monitors ● Run multi-step integration tests as monitors ● There is a big difference between Uptime and Functional Uptime ● Test third-party APIs as well as internal and partner APIs ● Monitor production as well as internal staging environments ● Monitors can help catch things like memory leaks
- 19. What is Performance Testing?
- 20. What is Performance Testing? ● Performance can mean different things to different people ● For APIs, it should mean load testing (stress testing), as well as monitoring the latency and fetch from your APIs being monitored ● A payload should have a max size, and respond in a certain amount of time, otherwise it could crash mobile apps ● Stress test using full functional and integration tests ○ This properly validates API health from a real world user’s perspective
- 21. PSD2 / Open Banking - What Does It All Mean?
- 22. PSD2 / Open Banking - What Does It All Mean? ● Keep in mind that “open banking” is not unified. Hopefully, someday the protocols will all be interchangeable, but Open Banking and PSD2 are not in line with the UAE’s vision for it (for example). ● Even banks doing PSD2 aren’t perfect and have their own slight variations. This means that you need a solution to test with variability. One test does not fit all, but it can help. ● More than ever, it is important that banks validate that these APIs do not expose sensitive data in live environments
- 23. © Curiosity Software Ireland Ltd. 2020 What next? Try this approach yourself! • We’ll email you the slides and webinar recording • Book a demo with API Fortress and/or Curiosity (we’ll email you the links) • Visit Testmodeller.io and Apifortress.com for your free trial(s) • Head to Testmodeller.io/Tutorials to find out how you can use Test Modeller and API Fortress together
- 24. © Curiosity Software Ireland Ltd. 2019 Questions and Discussion
- 25. © Curiosity Software Ireland Ltd. 2020 Thank you for listening. [email protected] , [email protected] Email us if you have any questions or feedback, or would like a demo of any of the technology shown
Editor's Notes
- #12: Y0