BhauAutomation
Home Software Testing API Manual Testing

API Manual Testing

API Manual Testing is the process of validating Application Programming Interfaces (APIs) without automation tools. It ensures that APIs work as expected, return correct responses, and handle errors properly.

API testing focuses on the business logic layer of the application, verifying data exchange between different software systems through HTTP requests and responses.

📘 Topic: API / Manual Testing
Read time: 5 min
📊 Level: Beginner to Intermediate
🔌 Focus: API Validation
📖 Overview

What is API Manual Testing?

API Manual Testing is the process of validating Application Programming Interfaces (APIs) manually without using automation scripts or tools. Testers interact directly with API endpoints using tools like Postman, cURL, or browser extensions to send requests and analyze responses.

This approach is particularly useful for exploratory testing, understanding API behavior, debugging issues, and validating new endpoints before automating them.

🔑 Key Aspects

🎯 Objectives

  • Validate API endpoints functionality
  • Check request and response correctness
  • Verify error handling and edge cases
  • Ensure data integrity and format validation
  • Test authentication and authorization

✅ Advantages

  • No coding or programming skills required
  • Quick validation of API behavior
  • Useful for exploratory API testing
  • Flexible approach for ad-hoc testing
  • Easy to debug and understand responses

⚠️ Limitations

  • Time-consuming for large API test suites
  • Not reusable like automation scripts
  • Limited test coverage compared to automation
  • Prone to human error during repetitive testing
  • Difficult to simulate complex scenarios
📋 Process

API Manual Testing Process

  • Understand API Documentation - Review endpoints, request methods, parameters, headers, and expected responses from API docs (Swagger, OpenAPI, etc.)
  • Prepare Test Cases - Create test scenarios for different HTTP methods (GET, POST, PUT, PATCH, DELETE) including positive and negative cases
  • Set Up Test Environment - Configure API base URLs, authentication tokens, headers, and environment variables in your testing tool
  • Send Requests - Execute API calls with various request bodies, query parameters, and headers using tools like Postman or cURL
  • Validate Responses - Check HTTP status codes (200, 201, 400, 401, 403, 404, 500), response body structure, data values, and headers
  • Test Error Handling - Verify that APIs return appropriate error messages and status codes for invalid inputs, missing parameters, or unauthorized access
  • Document Results - Record test findings, bugs, and observations for further analysis and automation
🔗 API Types

Types of APIs to Test Manually

🔹 REST APIs

  • HTTP methods (GET, POST, PUT, DELETE)
  • JSON/XML request and response formats
  • Status codes and headers validation

🔹 SOAP APIs

  • XML-based request/response structure
  • WSDL validation and schema checking
  • SOAP envelope and header testing
🛠️ Tools

Popular Tools for Manual API Testing

Postman
SoapUI
Insomnia
cURL
REST Client (VS Code)
Bruno
Hoppscotch
Thunder Client

Pro Tip: Postman is the most widely used tool for manual API testing, offering features like environment management, collection organization, and basic test scripts.

🏆 Best Practices

Best Practices for API Manual Testing

  • Use proper test data - Maintain separate test data sets for different scenarios (valid, invalid, boundary values)
  • Test both positive and negative scenarios - Validate success paths and error conditions equally
  • Validate security aspects - Check authentication (API keys, OAuth, JWT) and authorization (role-based access)
  • Document API testing steps - Keep records of test cases, requests, and expected responses for reusability
  • Verify response time - Note API response times to identify performance issues early
  • Check data persistence - Verify that POST/PUT requests actually save data in the database
  • Test idempotency - Ensure that repeated requests with same data produce consistent results
  • Validate error messages - Ensure errors are meaningful and helpful for debugging
🌍 Example

Real-world Example: Testing a Login API

📱 User Authentication API Testing

Scenario: Testing a REST API endpoint for user login functionality.

  • Endpoint: POST https://api.example.com/v1/auth/login
  • Headers: Content-Type: application/json
  • Request Body: {"email": "user@example.com", "password": "SecurePass123"}
  • Expected Response (Success): 200 OK with JWT token and user details
  • Negative Test 1: Wrong password → 401 Unauthorized with error message
  • Negative Test 2: Missing email field → 400 Bad Request
  • Negative Test 3: Invalid email format → 422 Unprocessable Entity

📦 Testing a GET API with Query Parameters

  • Endpoint: GET https://api.example.com/v1/products?category=electronics&limit=10
  • Expected Response: 200 OK with array of 10 electronics products
  • Edge Test: limit=0 → Returns empty array or default limit
  • Edge Test: limit=1000 → Check pagination or maximum limit handling
  • Negative Test: Invalid category → Empty array or 404
📊 HTTP Status Codes

Common HTTP Status Codes to Validate

✅ Success (2xx)

  • 200 OK - Request successful
  • 201 Created - Resource created
  • 204 No Content - Success, no response body

❌ Client Errors (4xx)

  • 400 Bad Request - Invalid input
  • 401 Unauthorized - Authentication required
  • 403 Forbidden - No permission
  • 404 Not Found - Resource not found
  • 422 Unprocessable Entity - Validation error
Previous Security Testing