When working with APIs it is often helpful to see the underlying data the systems are sending back and forth. We have standards that still allow enough flexibility that each implementation is slightly different and sometimes our serialization processes don't align. I have a set of go-to tools I use when developing and debugging APIs. I want to share what I use and examples of when I use them.
Chrome or native application GUI for API testing
- Craft requests & capture responses
- Scripted tests
- Manage environment configurations
Example: Developer X told me that if I send in Payload Y I will get Response N, but that's not the behaviour I'm seeing.
Example: Write and store tons of tests so you can quickly validate code changes don't break core functionality.
Example: Use configuration variables to test different endpoints in different environments or change key data elements across all tests.
Command line tool for hitting URLs
- Testing endpoints when you don't have Postman
- Scripted tests and automated data collection
- Test SSL/TLS certificates
Example: Endpoint isn't working from a specific network/machine; remote in and use curl to validate endpoint functionality.
Example: Hit an endpoint on a cron interval.
Example: Test endpoints using specific versions of TLS.
Proxy and network packet inspection
- Capturing how applications are using APIs
- Live debugging requests
Example: Application X uses Endpoint Y. Sniff the network to see how that works so you can replicate it.
Example: Set a breakpoint in the middle of a request and alter it before it makes it to the endpoint.
Proxy that can be installed anywhere Java is installed
- Log requests so you can inspect them
- Throttle connections so you can see how software reacts to slow endpoints
Example: Install a proxy to log information on a third party host where fiddler may not be supported.
Online tool to capture data posted to an endpoint
- Captures data that applications send to a configured endpoint
- Works for seeing requests only for when you don't have fiddler
Example: An application is sending an unknown payload to an API and you can't use Fiddler or Charles to grab the data, but you can configure where the application posts its data.
Coded leveraging log4net & client behaviors/middleware.
- A configurable "Log Everything" mode that captures every request and response
- CYA when another endpoint maintainer says "You aren't sending me X"
- Can be a critical part of User Acceptance Testing and Requirements
Custom Logging Methods
When building an API in Laravel I will use its Middleware concept to add a configurable "log everything" mode that logs all requests in and out.
When building an API Consumer in C#.Net I will add classes that implement the IClientMessageInspector and IEndpointBehavior interfaces and add them to my client. I have used the approach in the following blog posts and stackoverflow answers:
There are many other tools that I have heard good things about but just haven't had the need to use myself or they didn't stick when I did use them. A few include:
- SoapUI - https://www.soapui.org
- Restlet Client - https://restlet.com/modules/client/
I would love to hear what tools you use in the comments!
I have a newsletter...
Many of my posts end up in Digital Ambit's monthly newsletter. It is the best way to keep up with what Dagny and I are doing in the business world. I appreciate your support and will only send you things we think are valuable.