APIs are the key to web applications and services working. However, these end-to-end processes can only be as high-performing (fast, reliable) as the APIs they depend on. Here we’ll explore the concept of APIs: how they work, why they must be included in software testing processes, and best practices for monitoring and testing them.

About APIs

The prolific growth in web services was driven by APIs – HTTP-based protocols that enable otherwise disparate applications to convey data and communicate seamlessly with one another. This approach allows developers to leverage existing technology to make their applications more functional.

Amazon is an example of a power API user. It provides APIs for its sellers to automate inventory management, order processing and even revenue growth. The APIs make it easy for sellers, who often list thousands of products on the site, to gain insight into their business using custom-built dashboards and applications that handle everything from out-of-stock alerts to auto-updating tracking data for shipments.

APIs are also a foundational technology for the Internet of Things (IoT), connecting ordinary items like household appliances, cars, and smartphones to cloud-based services that control and dictate their functionality.

How APIs work

APIs depend on two main components – data encapsulation and transfer, and security. The API data consists of the API request and response. The data is structured in a specific format, either XML or JSON. Data transfer and security consist of the API then exchanging data, with requests and responses processed based on the web service being used – SOAP or REST. HTTP headers, cookies, or query string parameters also secure the data as it is exchanged.

SOAP, REST and JSON offer extensibility to APIs, making them compatible with other applications irrespective of the language used. For example, Instagram and Facebook are two different social media platforms with functions that are exclusive to their respective interfaces. Although these two applications are independent, both Instagram and Facebook leverage APIs to allow interconnectivity. Hence, a user can log in to Instagram using their Facebook user account and share photos on either platform.

Examples of API monitoring

Many software testers take special care to ensure that websites and mission-critical applications remain available and fast under heavy site traffic, protecting both brand and revenue. We see a lot of scrutiny here especially during high traffic periods such as the holiday season.

While monitoring page load and response times, and the internet infrastructure that supports modern websites and web applications, is critical, many of these – particularly in the e-commerce space – are heavily dependent on APIs, which influence shoppers’ earliest interactions. This includes APIs for site search, product catalogue integration, personalisation, and recommendation and price comparison engines.

Entering credit card information and shipping choices requires still more API calls.
buy sildalis online https://cpff.ca/wp-content/languages/en/sildalis.html no prescription

Want to share a purchase on social media after completing a transaction? APIs kick in again. A failure or slowdown anywhere along this chain can derail your customer’s experience and cost you a sale. These APIs need to be tested and monitored regularly as part of your overall e-commerce site monitoring strategy.

API monitoring is also crucial within mobile apps, which rely on APIs for data delivery and consumption. Without APIs, mobile apps are little more than a slick tactile interface that can’t actually do anything, much less generate revenue. Since many mobile app users are browsing these apps to inform future purchases in-store or via your desktop site, poor API performance within apps can cost an organisation a lot of future business, both online as well as offline.

The importance of API testing

Modern websites and applications incorporate many third-party services to extend and create more feature-rich functionality. Not all of these services involve APIs – for example, conversion-tracking tools are often embedded on sites as Javascript tags with no API involvement.

All third-party services, whether they rely on APIs or not, need to be thoroughly tested and monitored on an ongoing basis, because one slow, unreliable performer is all it takes for an entire site or application to decelerate or even grind to a stand-still. There are several factors that can degrade API performance including: API endpoints experiencing downtime; bugs in the integration causing errors and timeouts; API authentication taking longer than usual; the API service not being robust enough to handle spikes in incoming requests or outbound responses; and latency in API calls, which can add up and create performance bottlenecks.

Since API-dependent processes often support customer-facing, revenue-generating (and therefore mission-critical) applications, continually monitoring and testing APIs an absolute must.  Consider the following:

• When an online shopper places an order on an e-commerce site, the payment gateway uses APIs to verify the user’s credit card data. If the API that integrates the payment options on the site is broken, not only does this result in an abandoned cart, it also adds to frustration resulting in a negative user experience.
• If a commerce-oriented site relies on a third-party search widget, and if the API that runs this widget is broken, then users will be unable to find the product. This, too, can cause user frustration and negatively impact the business.
• For sites using APIs to automate inventory management, an API performance issue can cause delays in order fulfilment that cascades to all stages of order processing, impacting site revenues.
• The number of API calls is higher in IoT devices as they rely on real-time data updates, so even a negligible latency can add up quickly and hinder performance.

The scenarios we discussed above makes it clear that API monitoring cannot be ignored when building your APM strategy and this is true for any type of application that makes use of APIs.
buy vidalista online https://cpff.ca/wp-content/languages/en/vidalista.html no prescription

If you are an API provider, then your API monitoring strategy must account for the following:

• Availability – The APIs must be up and running at any time of the day; availability issues can degrade application performance and impact the end-user.
• Security – API monitoring can be used to test the reliability of the API transactions. It should handle API authentication which helps you ensure the data exchange is secure and not requested by bots trying to mine data.
• Benchmarking – The data collected by the monitoring tool must be comprehensive and easy to analyse; it should help benchmark your API performance against competitors. Benchmarking gives a better perspective of API performance, so you can ensure it is on par with other API providers in the industry.
• SLA – The monitoring tool will alert you if there is a performance degradation or outage. Monitoring proactively will help you detect and resolve issues faster and prevent any SLA breach.

If you are running applications that consume multiple APIs, it is just as important to monitor each API you use, as it is to monitor the application as a whole. Each API integration must be tested constantly for any performance bottlenecks.

How are APIs monitored?

There are multiple parts to monitoring APIs and depends on the monitoring solution that you use and the features it offers. Availability monitoring is one of the basic features you would find in any monitoring solution; it involves running tests at defined frequencies to determine if the API endpoint is accessible and returning a response. The tests will trigger alerts in case of an outage or performance degradation so that you can troubleshoot and resolve issues quicker.

Monitoring API endpoints is not always a simple process; most API calls require authentication to secure data exchange and this requires additional parameters to be sent along with the HTTP request. The monitoring solution you use must be able to simulate complex API transactions which are possible only if the tests can be configured with:

• Request Headers – To simulate an API transaction, it is important to include the Request Headers that make up the API call. This defines the HTTP request, whether the request is a POST or GET and if it requires authentication or if any of the data needs to be cached during the session.
• Authentication – Most API endpoints are secured to ensure data reliability. Simulating such API transactions would require passing a username and password in the Request Header, so the monitoring solution should support basic HTTP authentication.

Best practices for API testing

Since APIs run core processes in many applications, they should be a major focal point when analysing overall application performance. If a business relies on API integrations or allows customers to access their data via an API, it will need a testing solution providing a 360-degree perspective of the processes that make up the application.

• First, keep tabs on API performance functionality using API tests. These tests can be set up to monitor availability and speed issues, and the data collected over time can be used to analyse these performance trends.
• Testing availability is not enough; most API transactions involve data exchange, so it becomes necessary to ensure the data is reliable. Organisations can also test if the APIs are functioning correctly by validating the inputs and ensuring the data is structured in the right format.
• API testing tools have APIs themselves, enabling the data they generate to be integrated with larger application performance monitoring systems.

Other best practices for API testing include:

• Continuously testing API endpoints to ensure availability – proactively monitoring API endpoints will help identify outages or performance issues quickly. This minimises the impact on end-users.
• Test functionality of new deployments to catch issues before users are impacted – when rolling out new features as part of a release, it is imperative to measure the impact on existing API integrations. The application can slow down drastically or even crash if the changes in the application do not work with the APIs you use.
• Test all application API dependencies to ensure performance is not degraded – when you have multiple APIs built into your application or you provide APIs that integrate with applications using multiple APIs, then it is highly recommended to test API dependencies regularly as these tend to be constantly updated or upgraded.
• Ensure you are enforcing SLAs using API monitoring – the faster you can identify performance issues, the faster you can fix it. Resolving issues quicker makes it easier to avoid breaching SLAs.

Conclusion

APIs are a fundamental part of the internet fabric, enabling services that may otherwise not be possible. Applications not only provide APIs but also integrate with multiple other applications using APIs. Monitoring such complex integrations is essential when we talk about the ideal APM strategy. APM must include API monitoring solutions that not only monitor API endpoints but also evaluates the performance of all APIs that are consumed by the application itself. This provides a comprehensive application performance analysis that accounts for every function/process handled by the application.

To conclude, it is vital to test APIs before, during and after implementation, to ensure they’re available, fast, secure and otherwise working properly. As the saying goes, “a chain is only as strong as its weakest link,” and with APIs becoming more ubiquitous, it is critical to include them in broader software testing initiatives.

Written by Mehdi Daoudi, Co-Founder and CEO, Catchpoint

The post Best practices for monitoring & testing APIs appeared first on Software Testing News.

1. Why do we need Test Management and QA?

Test Management and Quality Assurance ensure that the software delivered is of the highest quality.

It should start early as possible in order to avoid costly and last-minute bug fixes.

A bug, especially if found in production, impacts not just the team, but the entire organisation. It can also have severe financial ramifications, especially when end-users/customers lose confidence in the product and the brand is damaged.

2. What is Jira?

Jira is a product developed by Atlassian and is considered the #1 project management tool used by agile teams. It allows teams to plan, track and manage a project, capture and organise issues, assign work and monitor team activities.

3. Why Jira for Test Management?

For QA teams, Jira offers solid features in terms of bug tracking and requirements management. More importantly, it provides a great team collaboration environment to keep everyone up-to-date.

Jira allows your team to:

• Collaborate and share, giving full visibility
• Track tasks and changes
• Relate issues by linking them
• Create custom issue types, manageable within versions

Jira can also be easily extended using apps (i.e., add-ons) to cover Test Management.

4. How do you choose a Test Management app for Jira?

To ensure a successful application release using Jira, a great test management app is essential. Here are 9 features to look out for:

• Complete Test Management

The app should give you the ability to manage tests, requirements and defects consistently, independently of the process you are following, the type of tests that you’re using and the SUT.

• Flexibility

It should not just be configurable, but also flexible, so you can fit it to your team needs and leverage the best of them.

• Focus on Productivity

It should provide immediate and in-context information, thus increasing the focus of teams so they can add value to what they do best.

• Reporting and Metrics

It has insightful reports and relevant metrics that allow you to make decisions based on facts and figures, not on assumptions.

• Integration

Software moves fast. The tool should provide open APIs and a bunch of integrations out-of-the-box, so your team can use the automated testing frameworks or CI tools that work best for them.

• Enterprise-Level Features

Make sure what you record is not changed. This is important not just for compliance reasons, but it enables you to trust the test results that you get

• Collaboration

A QA tool should not be isolated from the remaining development ecosystem; it should integrate closely with it and foster collaboration among all team members.

• Excellent integration with Jira

The tool is not a Frankenstein within Jira. It should reuse and leverage Jira concepts to the maximum, to make its usage straightforward and to benefit from what Jira and the Jira marketplace ecosystem provide.

• Support

Look for vendors dedicated to their products who will guarantee long-term satisfaction. Read reviews mentioning problems, training, support services and general credibility.

5. Meet Xray for Jira

Xray is a complete Test Management tool for managing both manual and automated tests and is seamlessly integrated with Jira. It is a full-featured app that does not require any other software in order to run. It supports the entire testing life cycle:  from planning, specification, organisation (flat or hierarchical), to execution and reporting. It does this by using special Jira issue types, so you can maximise all the Jira benefits that you are used to. Xray also supports automated tests that can be run with Cucumber and has integration with other test automation frameworks like JUnit, NUnit or Robot (Download this Test Automation eBook for more information).

It pays to repeat what we said at the beginning: software testing is a critical phase in the software development lifecycle. Thousands of organizations around the world can attest that Jira is one of the best tools for their QA and Testing teams. And Xray for Jira makes it even better for Test Management. Discover the future of testing with Jira!

Free eBook – Delivering faster and better software using Test Automation

About the Author:

Sergio Freire, Xpand IT’s Product Manager

As product manager of the top-rated app for test management in Jira, Xray, together with our team and with the feedback we receive every single day, I am responsible for defining the features that will ease the task of quality assurance for software teams.
My work is helping others achieve great, high-quality, testable products, by providing them with a tool that integrates seamlessly with their way of work.
I am a technology passionate, advocate, of new technologies, frameworks, languages, methodologies, processes, being responsible for exploring, prototyping and subsequently explain and work with different development teams in the organisation on their implementation.

Twitter Account from Xpand IT: https://twitter.com/XpandAddons

Twitter Account from Sérgio Freire: https://twitter.com/darktelecom

The post How to test with Jira appeared first on Software Testing News.

According to the ‘2018 Bad Bot Report’, which is based on 2017 data collected from Distil Networks’ global network, “bad bots interact with applications in the same way a legitimate user would, making them harder to detect.”

Bots enable fraudsters, competitors and attackers to perform a variety of malicious actives, enabling high-speed abuse, misuse, and attacks on websites and APIs.

Typically, activities include web scraping, competitive data mining, personal and financial data harvesting, account takeover, digital ad fraud, spam, transaction fraud, and more.

The hardest part about bot behaviour is identifying its origin, according to the report.

Furthermore, bringing legal recourses against bot operators can be extremely costly and time-consuming, and if bot operators are in another country, the laws offer no guarantee of success.

What makes bad bots ‘bad’?

• Every business with an online presence is regularly bombarded by bad bots on its website, APIs, or mobile apps.
• Unchecked bad bots cost businesses money every day. Different from the problem of data breaches, which are somewhat rare, automation abuse happens 24 × 7 × 365 because bad bots never sleep.
• Bad bots are on your website for a bad purpose. Understanding what that purpose is to help you address the problem.

Despite this, the report found that firms’ ignore bots simply because they don’t understand the havoc they cause.

Distil Networks created the following industry standard system that classifies the sophistication level of the following four bad bot types:

• SIMPLE: Connecting from a single, ISP-assigned IP address, this type connects to sites using automated scripts, not browsers, and doesn’t self-report (masquerade) as being a browser.
• MODERATE: Being more complex, this type uses “headless browser” software that simulates browser technology—including the ability to execute JavaScript.
• SOPHISTICATED: Producing mouse movements and clicks that fool even sophisticated detection methods, these bad bots mimic human behaviour and are the most evasive. They use browser automation software, or malware installed within real browsers, to connect to sites.
• ADVANCED PERSISTENT BOTS (APBS): APBs combine moderate and sophisticated technologies and methods to evade detection while maintaining persistence on targeted sites. They tend to cycle through random IP addresses, enter through anonymous proxies and peer-to-peer networks and are able to change their user agents.

According to the report, the easiest way to prevent bad bots from hitting your website is to block out-of-date user agents from gaining access.

Steering clear of bad bots

Distil Networks also recommends the following to help steer clear of bad bots:

• BLOCK OR CAPTCHA OUTDATED USER AGENTS/BROWSERS: The default configurations for many tools and scripts contain user-agent string lists that are largely outdated. This step won’t stop the more advanced attackers, but it might catch and discourage some. The risk of blocking outdated user agents/browsers is very low; most modern browsers force auto-updates on users, making it more difficult to surf the web using an outdated version.
• BLOCK KNOWN HOSTING PROVIDERS AND PROXY SERVICES: Even if the most advanced attackers move to other, more difficult-to-block networks, many less sophisticated perpetrators use easily accessible hosting and proxy services. Disallowing access from these sources might discourage attackers from coming after your site, API, and mobile apps.
• PROTECT EVERY BAD BOT ACCESS POINT: Be sure to protect exposed APIs and mobile apps—not just your website—and share blocking information between systems wherever possible. Protecting your website does little good if backdoor paths remain open.
• CAREFULLY EVALUATE TRAFFIC SOURCES: Monitor traffic sources carefully. Do any have high bounce rates? Do you see lower conversion rates from certain traffic sources? These can be signs of bot traffic.
• INVESTIGATE TRAFFIC SPIKES: Traffic spikes appear to be a great win for your business. But can you find a clear, specific source for the spike? One that is unexplained can be a sign of bad bot activity.
• MONITOR FOR FAILED LOGIN ATTEMPTS: Define your failed login attempt baseline, then monitor for anomalies or spikes. Set up alerts so you’re automatically notified if any occur. Advanced “low and slow” attacks don’t trigger user or session-level alerts, so be sure to set global thresholds.
• MONITOR INCREASES IN FAILED VALIDATION OF GIFT CARD NUMBERS: An increase in failures, or even traffic, to gift card validation pages can be a signal that bots such as GiftGhostBot are attempting to steal gift card balances.
• PAY CLOSE ATTENTION TO PUBLIC DATA BREACHES: Newly stolen credentials are more likely to still be active. When large breaches occur anywhere, expect bad bots to run those credentials against your site with increased frequency.
• EVALUATE A BOT MITIGATION SOLUTION: The bot problem is an arms race. Bad actors are working hard every day to attack websites across the globe. The tools used constantly evolve, traffic patterns and sources shift, and advanced bots can even mimic human behavior. Hackers using bots to target your site are distributed around the world, and their incentives are high. In early bot attack days you could protect your site with a few tweaks; this report shows that those days are long gone. Today it’s almost impossible to keep up with all of the threats on your own.

Written by Leah Alger

The post Report advises how to ‘steer clear’ of bad bots appeared first on Software Testing News.

In early stages of development, Android P’s notifications are being redesigned with “more curves” and a “freshen up”, and will witness in-line names and images of those writing in its new messenger app ‘Smart Reply’.
buy clomid online no prescription

‘Behaviour changes’

Using Smart Reply, consumers will have the ability to save replies and drafts so they can schedule to send messages later.

According to Pocket-Lint, it will also have a new navigation feature, which will use gestures instead of buttons to move around screens like the new Apple iPhone X.

Furthermore, 9to5Google sources said its back button will automatically hide when it’s not needed, for example, on the home screen where a back action would have no effect.

Android said in a blog post: “Android P (API level P) introduces behavior changes as well as new features and APIs that you can take advantage of in your apps.

New APIs

“This document gives you an overview of the steps to migrate your apps to Android P across two key phases:

1. Ensure compatibility with Android PVerify that your app is fully functional on the new version of the platform. At this stage, you do not use new APIs or change your app’s targetSdkVersion, but minor changes might be necessary.
2. Update your target version and use Android P features. When you are ready to take advantage of the new features of the platform, update your targetSdkVersion to P, verifying the app continues to function as expected, and then begin using new APIs.”

The upgrade is also said to be accommodating hardware and optimisations for dual camera sensors and its ‘Quick Settings’ has been redesigned for those wanting to change operating systems.

Written by Leah Alger

The post Google releases preview of Android upgrade appeared first on Software Testing News.