When working with APIs it is often helpful to see the underlying data the systems are sending back and forth. We have standards that still allow enough flexibility that each implementation is slightly different and sometimes our serialization processes don't align. I have a set of go-to tools I use when developing and debugging APIs. I want to share what I use and examples of when I use them.

Postman

https://www.getpostman.com/

Chrome or native application GUI for API testing

Uses

  • Craft requests & capture responses
  • Scripted tests
  • Manage environment configurations

Example: Developer X told me that if I send in Payload Y I will get Response N, but that's not the behaviour I'm seeing.

Example: Write and store tons of tests so you can quickly validate code changes don't break core functionality.

Example: Use configuration variables to test different endpoints in different environments or change key data elements across all tests.

Curl

https://curl.haxx.se/

Command line tool for hitting URLs

Uses:

  • Testing endpoints when you don't have Postman
  • Scripted tests and automated data collection
  • Test SSL/TLS certificates

Example: Endpoint isn't working from a specific network/machine; remote in and use curl to validate endpoint functionality.

Example: Hit an endpoint on a cron interval.

Example: Test endpoints using specific versions of TLS.

Fiddler

http://www.telerik.com/fiddler

Proxy and network packet inspection

Uses:

  • Capturing how applications are using APIs
  • Live debugging requests

Example: Application X uses Endpoint Y. Sniff the network to see how that works so you can replicate it.

Example: Set a breakpoint in the middle of a request and alter it before it makes it to the endpoint.

Charles Proxy

https://www.charlesproxy.com/

Proxy that can be installed anywhere Java is installed

Uses:

  • Log requests so you can inspect them
  • Throttle connections so you can see how software reacts to slow endpoints

Example: Install a proxy to log information on a third party host where fiddler may not be supported.

Request Bin

http://requestb.in

Online tool to capture data posted to an endpoint

  • Captures data that applications send to a configured endpoint
  • Works for seeing requests only for when you don't have fiddler

Example: An application is sending an unknown payload to an API and you can't use Fiddler or Charles to grab the data, but you can configure where the application posts its data.

Custom Logging

Coded leveraging log4net & client behaviors/middleware.

Uses:

  • A configurable "Log Everything" mode that captures every request and response
  • CYA when another endpoint maintainer says "You aren't sending me X"
  • Can be a critical part of User Acceptance Testing and Requirements

Custom Logging Methods

When building an API in Laravel I will use its Middleware concept to add a configurable "log everything" mode that logs all requests in and out.

When building an API Consumer in C#.Net I will add classes that implement the IClientMessageInspector and IEndpointBehavior interfaces and add them to my client. I have used the approach in the following blog posts and stackoverflow answers:

Other Tools

There are many other tools that I have heard good things about but just haven't had the need to use myself or they didn't stick when I did use them. A few include:

    Uses:
  • SoapUI - https://www.soapui.org
  • Restlet Client - https://restlet.com/modules/client/

I would love to hear what tools you use in the comments!

I have a newsletter...

Many of my posts end up in Digital Ambit's monthly newsletter. It is the best way to keep up with what Dagny and I are doing in the business world. I appreciate your support and will only send you things we think are valuable.