API testing (Application Programming Interface Testing) is software testing that focuses on determining if the built APIs fulfill expectations for the application’s functionality, dependability, performance, and security.
According to Google Trends, interest in API/Web services testing has gradually increased over the previous few years. Having the appropriate API automation testing methodology, tool, and solution is more critical than ever. API testing is an essential part of any effective CI/DevOps process.
This article will give a breakdown of the best API testing tools in 2021, including both open-source and commercial solutions that testing teams may use to meet their requirements.
TL;DR: Katalon Studio, SoapUI, and Postman are the top-three tools.
1. Katalon Studio
Katalon Studio is a free test automation solution for APIs, web applications, desktop apps, and mobile applications. It is quickly becoming a prominent tool for API/Web services testing, promoting itself as a complete end-to-end automation solution for developers and testers.
Katalon Studio supports SOAP and REST requests, as well as a variety of commands and parameterization features. Furthermore, Katalon Studio’s ability to combine UI and API/Web services for different platforms (Windows, Mac OS, and Linux) has been cited as a distinct feature among top API tools.
- Support both SOAP and Rest
- All-in-one shop for API, WebUI, Desktop App, Mobile testing, and the combined capabilities.
- Support data-driven approach.
- Support automated and exploratory testing
- Support CI/CD integration.
- Support AssertJ, one of the most potent assertion libraries, to create fluent assertion with BDD style
- Suitable for both non-techies and pros through Manual and Groovy Scripting modes.
- Can be integrated with Katalon TestOps — test orchestration platform.
Katalon Studio has been named one of the 2020 Gartner Peer Insights Customers’ Choices for Software Test Automation, with over 600 favorable evaluations, confirming its position at the forefront of the field.
Pricing: Free — $69/license/month
SoapUI is a headless functional testing tool dedicated to API testing, allowing users to test REST and SOAP APIs and Web Services easily.
Free package: Using the free package of SOAPUI, users can get the full source code and build their preferred features.
- Create test quickly and easily with Drag and drop, Point-and-click
- Reusability of Scripts: load tests and security scans can be reused for functional test cases in just several steps
- Powerful data-driven testing: Data loaded from files, and databases, and Excel so that they can simulate how consumers interact with the APIs
- Support native CI/CD integrations, asynchronous testing
The latest version SoapUI 5.6, released in July 2020, has updated third-party libraries (org.apache.HTTP components, commons-logging, commons-codec, and JUnit) and removed unused third-party libraries (Jackson, KeenIO). To enhance testing security, SoapUI now disables the Load and Save project scripts by default.
Pricing: Free - $709/year
Being originally a Chrome browser plugin, Postman now extends their solution with the native version for both Mac and Windows.
Postman is a good choice for API testing for those who don’t want to deal with coding in an integrated development environment using the same language as the developers.
- Easy-to-use REST client
- Rich interface which makes it easy to use
- Can be used for both automated and exploratory testing
- Can be run on Mac, Windows, Linux & Chrome Apps
- Has a bunch of integrations like support for Swagger & RAML formats
- Has Run, Test, Document and Monitoring Features
- Doesn’t require learning a new language
- Enable users to easily share the knowledge with the team as they can package up all the requests and expected responses, then send to their colleagues.
Starting from version 7.3 in 2020, Postman helps users better organize the collections and API elements (mock server, monitors, tests, and documentation) generated from API schemas by using the new advanced preferences. The latest version 8.7.0 for Mac, Windows, and Linux App has been released in June 2021 with “Warnings” in API validation, with the addition of Security Warnings enabled for all APIs on Postman.
Pricing: Free - $12/user/month
4. Tricentis Tosca
Tricentis Tosca is a continuous testing platform for Agile and DevOps. Benefits of Tricentis Tosca include:
- Supports many array of protocols: HTTP(s) JMS, AMQP, Rabbit MQ, TIBCO EMS, SOAP, REST, IBM MQ,NET TCP
- Integrates into the Agile and DevOps Cycle
- Maximize reuse and maintainability with model-based test automation
- API tests can be used across mobile, cross-browser, packaged apps, etc…
- Achieve sustainable automation with new technology
- Reduce the time of regression testing
- Interactive testing provides test managers with the ability to execute manual testing and collect results without having to configure Tosca environments.
With the latest version — Tricentis Tosca 14.2 LTS, you can expand Tosca Data Integrity to access data sources that aren’t natively supported. To conduct row-by-row comparisons or load data into the cache database, you may create a bespoke solution and connect it into Tosca Data Integrity.
Pricing: Contact Sales
Apigee is a cross-cloud API testing tool, allowing users to measure and test API performance, supports and build API using other editors like Swagger. Apigee is recognized as one of the leaders in the Gartner Magic Quadrant 2019 for Full Lifecycle API Management for the fourth consecutive time.
- Allows the design monitor, deploy, and scale APIs
- Identify performance issues by tracking API traffic, error rates, and response times
- Easily create API proxies from the Open API Specification and deploy them in the cloud
- Cloud, on-premise, or hybrid deployment model on a single code base
- PCI, HIPAA, SOC2, and PII for apps and APIs
- Apigee is purpose-built for digital business, and the data-rich mobile-driven APIs and apps that power it.
Starting from version 4.19.01 in February 2019, Apigee gives users even more flexibility to manage their APIs with features like Open API 3.0 support, TLS security, self-healing with apigee-monit, virtual host management improvements, and more software support. The latest 4.50.00.08 (March 2021) released with minor bug fixes and security improvements.
Pricing: Contact Sales
JMeter is widely used for functional API testing although it is actually created for load testing.
- Supports replaying of test results
- Automatically work with CSV files, allowing the team to quickly create unique parameter values for the API tests.
- Users can include the API tests in CI pipelines thank to the integration between JMeter and Jenkins
- It can be used for both static as well as dynamic resources performance testing
Since the most recent release in Jan 2021, JMeter 5.4.1 has been packed with multiple features and enhancements: new themes, revamped Groovy library, many bug fixes, visual representation of disabled elements and updated JMeter templates for functional testing.
Rest-Assured is an open-source Java Domain-specific language that makes testing REST service more simple.
- Have a bunch of baked-in functionalities, which means users don’t have to code things from scratch.
- Integrates seamlessly with Serenity automation framework, so that users can combine the UI and REST tests all in one framework that generates awesome reports.
- Support BDD Given/When/Then syntax
- Users don’t necessarily need to be an HTTP expert
Starting from version 4.0.0, REST Assured requires at least Java 8, instead of Java 6 as was previously required. This version also added support for Apache Johnzon and fixed a lot of issues with the initial OSGi support. The latest version, 2021–05–21: REST Assured 4.4.0, is released with various improvements and bug fixes.
Assertible is an API testing tool which concentrates on the automation and reliability.
- Support for automating API tests through each step of a continuous integration and delivery pipeline.
- Support for running API tests after deployments and integrates with familiar tools like GitHub, Slack, and Zapier.
- Support validating HTTP responses with turn-key assertions such as JSON Schema validation and JSON Path data integrity checks
- The Sync feature allows testers to update their tests when their specifications change, so users no longer have to manually update their tests after adding new parameters or changing the response of API.
In October 2019, Assertible added the latest feature called Encrypted variables. This feature provides a new way to store tokens, passwords, and secret data fields required by tests to improve API testing security practices. Encrypted variables are not only trivial to use, but build on the cryptographically sound methodology for safe storage.
Pricing: Free - $25/month
9. Karate DSL
Karate DSL is a new API testing tool which help create scenarios for API-based BDD tests in a simple way without writing step definitions. Those definitions have been created by KarateDSL so that users can kickstart the API testing quickly.
- Build on top of Cucumber-JVM
- Can run a test and generate reports like any standard Java project
- A test can be written without any Java knowledge required
- Tests are easy to write even for non-programmers
- Supports configuration switching/staging, multi-threaded parallel execution
Karate UI is now a distinct Maven artifact rather than part of the open-source tool’s core, as of version 0.9.3. This version now includes built-in support for WebSocket, which is based on the async capability. The most recent revision, Karate UI 0.9.6 was released in August 2020 with a slew of new features, including Karate Robot Windows for Windows Desktop app automation, redesigned HTML reports, call-Single-Cache, and enhanced tree walking in UI Tests.
Swagger is an API testing tool that allows users to start their functional, security, and performance testing right from the Open API Specifications. Swagger tooling and Ready API platform make it easy to quickly create, manage, and execute API tests in the pipeline.
- Swagger Inspector provides capabilities to inspect API request-responses, and make sure they perform as expected
- Import user’s API definitions to easily validate schema rules, automatically generate assertions against endpoints and inject synthetic data into parameters
- Generate complex load scenarios to test the scale and performance of API
- Support all types of services from REST, SOAP to GraphQL
Swagger Hub Domains were added to Open API Spec version 3.1 in 2020. Developers may utilize this functionality to save commonly used objects, path items, and responses in separate files that can then be accessed across numerous API definitions. These reusable Domains may be versioned, published, and shared for big teams to provide collaborative input. The latest version Open API Spec version 3.51.1 on June 2021 came with minor bugs fixed.
11. Rest Console
REST Console is a REST/HTTP Client for Google Chrome that allows users to visualize and construct custom HTTP requests to test with any RESTful API service.
- Construct POST or PUT body via raw input
- Support to modify custom headers through intuitive UI
- Allows you to easily create query parameters
- It can be used for several authentications: Plain, Basic, OAuth + Custom
- Supports customizable interface
Since the most recent release, Rest Console v4.0.2 has been upgraded with several features to enhance user experience and bug fixes, such as oAuth improvements, Collapsible sections, Clickable Links in Response, UI enhancements.
12. API Fortress
API Fortress is a continuous testing platform for APIs that enables testers and developers to create and automate functional tests.
- Intuitive UI that is easy to use at any skill level
- Accelerate your continuous API Testing with plug-and-play
- Automate tests as part of a CI pipeline
- Support Test REST, SOAP, GraphQL, Web Services, and Microservices
- Web-based collaborative tool for teams; the feature helps testers work within a browser and requires no downloads.
With the latest version on September 2020, they have new features: Allow a test to continue after a fatal error, Improved Multipart for on-prem and load testing, and K/V store for mocking services. Also, minor bugs were fixed from the previous version.
Pricing: Contact Sales
Pyresttest is a Python-based REST API testing platform. Since Pyresttest supports tests in JSON or YAML config files, no coding knowledge is required.
- Generate/extract and validate mechanisms to build full test scenarios
- It is minimal dependencies (pycurl, pyyaml, optionally future), which allows easy deployment on-server for smoke tests/health checks
- Return exit codes on failure to slot into automated configuration management tools
Pyresttest works on Linux or Mac with Python 2.6, 2.7, or 3.3+ (with module ‘future’ installed). In Mar 2016, the latest version v1.7.1 was released with minor bug fixes only.
Developed by Telerik, Fiddler has long been the tool of choice for developers and testers who build and verify APIs exposed over HTTP(S). It is a free and powerful debugging proxy tool used for testing restful web services.
- Debug traffic from macOS, Windows, or Linux systems and iOS or Android mobile devices.
- Ensure the proper cookies, headers, and cache directives are transferred between the client and the server.
- Fiddler’s API Composer makes it easy to quickly test, group, and organize your API requests.
- With Auto Responder, mock requests and responses are effortlessly created and organized, which allows you to test the websites without changing code.
- Supports any framework, including .NET, Java, Ruby, etc.
In the latest version, “Fiddler Everywhere v2.0.0” updated in June 2021, the workflows have been improved to enhance user experience. Starting from this version, the Rule Builder can be redesigned and more powerful with Auto Responder.
Pricing: Free Trial — $10/ month
Airborne is an API automation testing framework. It is a Ruby-based RSpec driven framework.
- Since Airborne is only a programming framework, it has no user interface apart from the text file to create code.
- Testers need to remember a few key methods in the toolset and some ruby and RSpec fundamentals to use Airborne.
In July 2020, Airborne was updated to version v0.3.5 with minor bug fixes.
No one-size-fit-all tools
It hurts, but true!
We believe the list above nominates the best solution available out there if you are planning to adopt API automation testing. However, like most of the solutions in this industry, finding the ideal-one-tool to do it all is almost impossible.
Some may find the features of the commercial players (Postman, Tricentis Tosca,…) are sufficient but the costs of ownership will be the show-stop factor. Open-source solutions (Rest-Assured, Karate DSL,…) are affordable but require skilled resources and effort to implement the right frameworks. Tools which seem to be a relative balance between cost and other factors (Katalon Studio, Postman) might have drawbacks to specific project types that need to be considered.
API testing established its trend in automation testing, and more tools will be developed to serve the growing demands of the software development teams. Finding the perfect tool is still tough, but we have the good news that you have way more choices than before. Carefully considering your requirements, pros and cons of each solution — try not too ambitious at the early stage and trialing the top 5 relevant candidates from the list above. With the POC for these solutions created, you will have a better knowledge of your project’s critical factors and fine-tune your shortlist. This approach gives you a good chance to identify the suitable tool for the current status and information of the next choice when your project is more mature.