EricOdell avatar image
EricOdell posted

The API Economy: The Vulnerabilities That Lie Ahead

Automaker Tesla recently suffered a major API outage that made its way into the headlines. Drivers of the company?s Model S and Model X cars were unable to use their mobile device to monitor driving range, unlock doors, or perform other important tasks. The outage even cascaded downstream to third-party apps that relied on the Tesla API for backend data. Car owners flooded online forums to express frustration.

Tesla?s experience is a clear reminder of the vulnerabilities at stake as we live and work in an API economy. Applications interact more and more through APIs, so it becomes increasingly true that the application is the API. The typical application relies on hundreds or even thousands of APIs. And if even one of those building blocks is down, your business, your brand, and your partner companies can suffer.

Unfortunately, though, failing to put your APIs through their paces is part of the problem. Issues can crop up weeks or even months down the road. You then have to circle back and interrupt your current Sprint cycle to troubleshoot what went wrong. It can be like looking for a needle in a haystack ? eating up valuable time.

It can be a challenge, though, to thoroughly test all these APIs. Most development teams are stressed to the max and simply don?t have the bandwidth to do comprehensive API Testing. In fact, surveys show developers have only 8 hours a week to actually write code. The rest of their time is spent on a wide range of Sprint tasks that have shifted to the left and become their responsibility.

Today, we learn that smart Agile development teams are working hard to shift API testing left by starting the API and backend system request and response testing before the development of user interfaces. QA teams are shifting to API testing because API tests are easier to automate and less brittle than traditional GUI functionality testing.

Comprehensive automated API testing is critical to the success of your organization. The problem is that Agile teams have limited timed to create the proper tests, and it can be difficult to complete the necessary API tests within a given Sprint. Often, the team creates only one test for an API to validate that it responds as expected. There isn?t time for multiple types of tests for both positive and negative flows, edge cases, or accessibility and authentication tests.

A recent webinar on Functional API Testing introduced API Developers to a method of automating API functional testing with CA BlazeMeter API Test. This new API testing solution reduces the risks of an API going down in production and frees developers to get more done and improve your APIs while you are still in your current Sprint cycle.

Avoid Tesla?s dilemma and stay out of the headlines. API Testing should shift left and be done early and often during the Sprint to resolve problems before they become costly to your company. Creating and running even thousands of API test types concurrently becomes as simple as clicking a checkbox. Developers can now:

  • Take load and performance test scripts from JMeter and reuse them as Functional API tests.
  • Take API functional tests and transform them into load and performance tests.
  • Auto-generate an API model from Swagger or APIM.
  • Test single APIs or complete business scenarios and add them to the continuous testing process.

CA BlazeMeter API Tests provides actionable insights you can use to troubleshoot reputation and its bottom line.

10 |600

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.



EricOdell contributed to this article