The rising trend of using SOA and then microservices as a software architecture has led to the creation of multiple tools for automated testing of the services API. This article presents a list of open source API testing tools.
Wikipedia defines an application programming interface (API) is a way for two or more computer programs to communicate with each other. This is the case currently for modern web and cloud software architectures, where clients communicate with server-side services, for instance to retrieve or update data.
The API defines the communication protocol between the client and the services and how services will behave. You can use different protocols or architecture conventions to manage interactions in your applications. The Simple Object Access Protocol (SOAP) proposes to use XML as the message format and communicate requests through HTTP or SMTP. The Representational State Transfer (REST) differs from SOAP because SOAP is a protocol, whereas REST is an architectural style. Finally, you can use GraphQL that is a query language and server-side runtime as an alternative to REST.
API testing tool selection technical criteria
Besides the obvious license and price, if you pick a commercial API testing tool, there are many technical criteria that you can use to choose your API testing tool. Here are some of them:
* How do you define and manage your tests (code, low code, no code)
* Supported technologies (programming languages, platforms, …)
* Integration with other components of the software development and delivery process like the CI/CD tools
* Authentication and authorization
* Logging and monitoring
* Updates
November 20 2023: added airborne, APIAuto, Insomnia
airborne
airborne is an open source RSpec driven API testing framework. Airborne is a GEM created to test APIs on top of the Rspec and RestClient. Airborne provides a framework to write automated tests for APIs. Airborne uses rest_client to make the HTTP request, and supports all HTTP verbs. When creating a test, you can call any of the following methods: get, post, put, patch, delete, head, options.
Website: https://github.com/brooklynDev/airborne
APIAuto
APIAuto is a powerful and easy-to-use open source HTTP interface tool for agile development, machine learning zero-code testing, code generation and static inspection, document generation and cursor floating comments. It is a one-stop experience integrating documentation, testing, mocking, debugging, and management, as well as efficient and easy-to-use shortcut keys such as one-click formatting, commenting/uncommenting, etc. In terms of common functions, it far exceeds various open source and commercial API documentation/testing tools such as Postman, Swagger, YApi, etc., and can import use cases and documents with one click. It supports GET, POST, PUT, PATCH, DELETE, HEAD and other HTTP Methods and Content-Type, URL /{Path}/{Variable}. It is not only is it suitable for RESTful, RESTful-like, and GRPC APIs, it is also the official documentation and testing tool recommended by Tencent APIJSON. Tencent’s internal users include multiple departments and teams from the IEG Interactive Entertainment Business Group, TEG Technology Engineering Business Group, and CSIG Cloud and Intelligence Business Group. External users include Huawei, a local branch of the Industrial and Commercial Bank of China, Transsion, a top 500 listed company, cross-border e-commerce giant SHEIN, industry leader Social Security Technology, etc.
Website: https://github.com/TommyLemon/APIAuto
Apickli
Apickli is an open source REST API integration testing framework based on Cucumber. It provides a gherkin framework and a collection of utility functions to make API testing easy and less time-consuming. Apickli is also available as an NPM package.
Website: https://github.com/apickli/apickli
Dredd
Dredd is a language-agnostic command-line tool for validating API description document against backend implementation of the API. Dredd reads your API description and step by step validates whether your API implementation replies with responses as they are described in the documentation. Dredd supports automated testing REST API, producing exquisite report, and generating exquisite REST API documentation based on historical cases.
Website: https://github.com/apiaryio/dredd, https://dredd.org/
Frisby
Frisby is an open source REST API testing framework built on Jest that aims to make testing API endpoints easy, fast, and fun. Frisby.js comes loaded with many built-in tools for the most common things you need to test for to ensure your REST API is working as it should, and returning the correct properties, values, and types. When you need something custom, Frisby.js also provides an easy way to customize and extend assertions to make your job easier, with less repetitive and tedious code.
Website: https://github.com/vlucas/frisby, http://frisbyjs.com/
Insomnia
Insomnia is an open-source, cross-platform API client for GraphQL, REST, WebSockets, Server-sent events (SSE), gRPC and any other HTTP compatible protocol. With Insomnia you can debug APIs using the most popular protocols and formats, design APIs using the native OpenAPI editor and visual preview, test APIs using native test suites, mock APIs will be coming soon in November 2023, build CI/CD pipelines using the native Insomnia CLI for linting and testing and collaborate with others using the many collaboration features to share your projects.
Website: https://github.com/Kong/insomnia, https://insomnia.rest/
mountebank
mountebank is the first open source API testing tool to provide cross-platform, multi-protocol test doubles over the wire. Simply point your application under test to mountebank instead of the real dependency, and test like you would with traditional stubs and mocks. mountebank employs a legion of imposters to act as on-demand test doubles. Your test communicates to mountebank over http using the API to set up stubs, record and replay proxies, and verify mock expectations. In the typical use case, each test will start an imposter during test setup and stop an imposter during test teardown, although you are also welcome to configure mountebank at startup using a config file. mountebank employs several types of imposters, each responding to a specific protocol. Typically, your test will tell the imposter which port to bind to, and the imposter will open the corresponding socket.
Website: http://www.mbtest.org/, https://github.com/bbyars/mountebank
RestAssured
Testing and validating REST services in Java is harder than in dynamic languages such as Ruby and Groovy. REST Assured brings the simplicity of using these languages into the Java domain.
Website: https://rest-assured.io/, https://github.com/rest-assured/rest-assured
Schemathesis
Schemathesis is a specification-centric API testing tool for Open API and GraphQL-based applications. It reads the application schema and generates test cases, which will ensure that your application is compliant with its schema and never crashes. The application under test could be written in any language; the only thing you need is a valid API schema in a supported format. Simple to use and yet powerful to uncover hard-to-find errors thanks to the property-based testing approach backed by state-of-the-art Hypothesis library.
Website: https://github.com/schemathesis/schemathesis
SoapUI
SoapUI is a free and open source cross-platform functional testing solution for APIs and web services. It provides the ability to test REST, SOAP, and GraphQL APIs. SoapUI is java based, so it runs on most operating systems, We test it on several Windows Versions as well as Mac and the multiple Linux dialects. SoapUI requires a 1.6+ version of the JRE (Java Runtime Environment), at least 1 GB of memory is recommended, and about 100 MB of disk space.
Website: https://github.com/SmartBear/soapui
SupeTest
SuperTest is an open source Super-agent driven library for testing node.js HTTP servers using a fluent API. The motivation with this module is to provide a high-level abstraction for testing HTTP, while still allowing you to drop to the lower-level API provided by superagent.
Website: https://github.com/visionmedia/supertest.https://www.npmjs.com/package/supertest
Tavern
Tavern is a pytest plugin, command-line tool and Python library for automated testing of APIs, with a simple, concise and flexible YAML-based syntax. It’s very simple to get started, and highly customisable for complex tests. Tavern supports testing RESTful APIs as well as MQTT based APIs. Tavern acts as a pytest plugin so that all you have to do is install pytest and Tavern, write your tests in yaml files, and run pytest. This means you get access to all of the pytest ecosystem. You can also integrate Tavern into your own test framework or continuous integration setup using the Python library, or use the command line tool, tavern-ci with bash scripts and cron jobs.
Website: https://taverntesting.github.io/
Wisdom rest-client
Wisdom rest-client is a tool supports automated testing REST API, producing exquisite report, and generating exquisite REST API documentation based on historical cases.
Website: https://github.com/wisdom-projects/rest-client
More resources on API Testing
* What is an API?
* How To Select a Tool For Continuous API Testing
* API Testing Challenges
* API Security Checklist
Very good about API testing tools