Skip to content

API Tester's Handbook: Essential Lexicon

Author: Pricilla Bilavendran

Last updated: July 15, 2024

api testers glossary
Table of Contents

We all know that API Testing is getting more attention nowadays. Almost every technical job description requires API testing experience. 

Despite this trend, not everyone gets the opportunity to work with APIs. Few organizations are focused on front-end automation. But as a Tester, we should be versatile, right? There are a lot of materials available online to get started. But, of course, finding the right one is always challenging. 

How do we start this journey? How can we help you? 

We created an API testing glossary that defines the technical jargon used in API Testing. This covers some basic API terms as well. 

Keep in mind the basics are a must. They help you to build stronger APIs. So why wait? Let’s get started.


A Complete List of Terms to Start in API Testing

API: Application Programming Interface, a set of functions that allows an application to interact with external applications, operating systems, microservices, or data.

API-First: A development approach that considers application programming interfaces (APIs) before anything else. It ensures that all of the platform/application functionalities are accessible through the APIs.

API Testing: Checking whether the API meets expectations in terms of functionality, reliability, performance, and security.

API Orchestration: The unification/merging of different APIs into a single front-end. It is now a central component of creating and designing enterprise workflows. API orchestration layer is an abstraction layer that collects data from one or more services and prepares them in favor of client applications.

API Version: Similar to document versioning, API versioning tracks changes in the API. Proper versioning supports maintenance and tracking. A new API version is created when major changes to the endpoints/payload are made.

API Gateway: A single entry point for all clients. It helps balance the load to the endpoints received from different clients. It also helps in handling the API traffic. 

API Security: Focused strategies that protect APIs from attacks. Any security breach will lead to data leakage and become a serious threat.

API Design: Developing the APIs as per the business process and requirements. This serves as a single source of truth for the API. Good API design helps to minimize the problems. The Design-First approach helps in developing stable APIs that meet expectations. 

API Deprecation: In some situations, the API is deprecated (no longer used). Various factors contribute to the deprecation of the APIs: project requirement changes, insecure APIs, inefficiency, or replacement, to name a few. 

API Keys: The unique code used for authentication of the API. One of the authorization methods to access the API. Some APIs use the keys in the params, and some use them in the headers. 

API Request: API request is the set of details needed to submit to the server to understand and respond properly. 

API Response: After sending the details as a request, the server interprets and sends the response back to the client. 

API Virtualization: API Virtualization is the process of mirroring your production APIs that promotes testing efficiency. It helps to test the team with realistic test data.

API Documentation: The complete set of technical information and capabilities of the API. It carries all the sufficient information to work with that API. 

BaseURI: Base Uniform Resource Identifier is the complete path used to locate a specific resource (Base URL, which is the application URL + path)

Contract: An agreement details what the consumer can expect from the API. It details how the API works. It is the same as API documentation. 

Content API: These APIs provide or transfer the contents. Not just a mere communication mode, it also helps to retrieve or collect important content.

CORS:  Cross-Origin Resource Sharing (CORS) is an HTTP-header-based mechanism that allows a server to indicate any origins (domain, scheme, or port) other than its own from which a browser should permit loading resources. Additional HTTP headers are used to instruct the browsers. 

cURL (Client URL): a cURL is a command-line tool for transferring data from or to a server designed to work without user interaction. cURL helps get information from APIs, download web pages, or submit data to an API.

Composite APIs: Composite APIs are the combined APIs that help us access several endpoints through a single API call.

GraphQL: GraphQL is an application-level query language and runtime for APIs. It is a more efficient, flexible, and powerful way of working with APIs when compared to REST. 

gRPC (Google Remote Procedure Call): A modern open-source RPC architecture framework designed by Google that can run in any environment. It is robust, scalable, and fast.

HTTP methods: An HTTP (HyperText Transfer Protocol) request is an action to be performed on a resource identified by a given Request-URL. Request methods are case-sensitive. The most common ones are: GET, POST, PUT, and DELETE.

HTTP Headers: Headers are the additional but essential information sent as part of the request details from the client for the server to understand the client. 

JSON (JavaScript Object Notation): JSON is an open-standard file format or data interchange format in a human-readable style. It is language-independent and represents the data using a key/value pair.

Karate DSL: A framework for API automation testing, running on Java and using Apache HTTP client to perform HTTP connections. It can be integrated with the Gatling framework for performance testing.

Microservices: A modular software component that does one defined job. It is an architectural style that structures an application as a collection of small autonomous services modeled around a business domain. They are small, independent, and loosely coupled. 

Mock Servers: In some situations, the mock server behaves like a real server, but it responds with the same set of responses as mocked. It emulates the real server.

MQTT (Message Queuing Telemetry Transport): MQTT is the most commonly used messaging protocol for the Internet of Things (IoT). MQTT allows for messaging between devices to the cloud and the cloud to the device. 

OpenAPI: OpenAPI is a specification that describes, produces, consumes, and visualizes RESTful APIs and web services.

OAuth: OAuth is a delegated authorization framework used for REST/APIs. This is one of the efficient methods of authorizing, which restricts the improper usage of the APIs. For example, a user can sign in on one platform and then be authorized to perform actions and view data on another platform with OAuth.

OWASP (Open Web Application Security Project): A non-profit organization dedicated to improving web application security. All of its resources are free of charge.

Pagination of APIs: The pagination mechanism is used when the API returns a large data set. It is similar to how the Google search response is handled and split into pages. There are different types of Pagination:

  • Offset Pagination: is the simplest method; “limit” and “offset” values are used here.
  • Keyset Pagination: uses the filter values of the previous page to determine the next set of items.
  • Seek Pagination: this is the enhanced version of keyset pagination. It helps filter the particular limit. 

Parameters: API Parameters are passed along with the endpoint URL, which helps filter resources. Path/Query params are the most frequently used ones.

Public APIs: An open or public API saves developers time by allowing them to connect their platform with previously existing tools, reducing the need to create entirely new functions. Most public APIs require no authorization.

Private APIs: Internal APIs are the opposite of open APIs in that they are inaccessible to external consumers and only available to an organization’s internal developers. Internal APIs can enable enterprise-wide initiatives from adopting DevOps and microservice architectures to legacy modernization and digital transformation. 

Payload: The actual body/content passed as part of the API request. It can be in different forms such as JSON, Text, HTML, XML, etc. 

Postman: Postman is a platform to build, test, design, modify, and document APIs. It is a simple Graphic User Interface for sending and viewing HTTP requests and responses.

RAML (RESTful API Modeling Language): RAML is a powerful YAML-based language used to define API contracts. RAML allows teams to define, build and collaborate on APIs rapidly and easily.

RapidQL: RapidQL is a JSON-like query language implemented in JavaScript. This essentially helps describe the various inputs used in your queries. 

REST (REpresentational State Transfer): REST is a software architectural style that defines a set of methods to build a web Application Programming Interface (API). REST is one of the most popular types of API due to its simplicity and client-friendly nature. Requests are sent via several formats: JSON, HTML, XML, plain text. JSON is the most commonly used format.

Rest Assured: REST Assured is a Java library used for testing and validating the REST APIs.

Schema: It defines the data format, including the data types. This schema validates the API requests. 

SOAP (Simple Object Access Protocol): SOAP is an XML-based protocol for accessing web services over HTTP. The SOAP message is nothing but an XML document with an envelope, header, and body.

Status Codes: The list of numeric codes followed by a message returned from the server to the client. Each response code tells a different story about the API response. 

SSL Certificates: SSL certificates create a foundation of trust by establishing a secure connection. It is a small data file that cryptographically establishes an encrypted link between a web server and a browser. It protects client-server communication from vulnerable attacks. 

Swagger: Swagger is an open-source set of rules, specifications, and tools for developing and describing RESTful APIs. Also, there is an open-source tool called Swagger, which is used to design, build, document, and use RESTful web services. 

YAML (Yet Another Markup Language): YAML is a data serialization format similar to XML and JSON. YAML is a case-sensitive, human-readable data format.

Webhook APIs: A webhook is a lightweight API that powers one-way data sharing triggered by events. Webhooks are also called reverse APIs. They help send messages, alerts, and notifications from the server to the client.

Web Scraping: Web scraping or web data extraction is data scraping used for extracting data from websites. The wanted content is segregated and separated from the list of long content. 

WebSockets: A WebSocket is a transport protocol defined by a persistent bi-directional communication channel between a client and the server. It was designed to overcome the limitations of HTTP’s basic request/response mechanism.

The list is huge, right? Still, they will be helpful to you. Once you understand this technical jargon, you can connect the dots during your API testing journey.

Happy API days!


Pricilla Bilavendran

Pricila Bilavendran is a test engineer and a certified mentor, currently at Billennium, as well as an advocate for diversity and inclusion. Her experience with Functional, EDI, ETL, Automation, API testing and Postman is part of what she shares in her workshops, webinars, and writing. A global ambassador for the WomenTech Network, and one of the speakers at its 2023 conference, she can be found on LinkedIn, Twitter, and her blog.