12 Open-source API Testing Frameworks for REST-API and GraphQL
API testing frameworks are tools or libraries that provide a structured approach to testing Application Programming Interfaces (APIs). They offer a set of functions, methods, and utilities to automate the process of API testing.
Purpose of API Testing Frameworks
API testing frameworks are used to:
- Automate the testing of APIs to ensure they function as expected.
- Validate the correctness of API responses and behavior.
- Perform functional, performance, and security testing of APIs.
- Support continuous integration and delivery (CI/CD) pipelines.
- Generate reports and metrics for test results and coverage.
API testing frameworks simplify and streamline the process of testing APIs, allowing software developers and testers to efficiently verify the functionality, reliability, and performance of their APIs.
1- Frisby
Frisby is an amazing open-source and free REST API testing framework. It draws its inspiration from frisby-js and is written in the powerful programming language, Go. Frisby provides developers with a robust set of tools and features for testing REST APIs. With Frisby, developers can easily automate and streamline their API testing process, ensuring that their APIs are functioning as expected and delivering the desired results.
The Go programming language adds an extra layer of efficiency and performance to Frisby, making it an excellent choice for developers looking for a reliable and powerful testing framework.
2- HTTE
HTTE (Hybrid Test Template Engine) is a powerful and comprehensive Document Driven API Test Framework that provides a wide range of features and functionalities. With HTTE, you can easily design, develop, and execute API tests by leveraging the concept of document-driven testing.
By using HTTE, you can streamline your API testing process, improve test coverage, and ensure the quality and reliability of your APIs. Whether you are a beginner or an experienced tester, HTTE offers a user-friendly interface and extensive documentation to support you throughout your API testing journey.
3- Rigor
Rigor is a powerful and versatile Domain Specific Language (DSL) and Command Line Interface (CLI) designed to facilitate making HTTP requests, extracting data, and validating responses. The primary purpose of Rigor is to serve as a robust and efficient HTTP-based API (e.g. REST) Testing Framework, specifically tailored for automated functional or integration testing.
Features
- Functional testing without the need to write glue code. (e.g. Cucumber)
- Runs in either synchronous (requests) or asynchronous (aiohttp) mode.
- YAML-based format for Test Case files for easy test creation and maintenance.
- Response transformation using jmespath.py to reduce test fragility.
- Pretty HTML test execution reports using cucumber-sandwich.
- Swagger path coverage report to ensure API surface area coverage.
- Syntax highlighted console or JSON-based logging using structlog.
- Profiles for switching between different environments and settings.
- Tags and CLI options for selectively executing subsets of the test suite.
- Scenario Outlines (i.e. Tables) for cases with numerous scenarios.
- Beautiful Soup parsing for extraction from HTML data.
- Proper error code ($?) on suite success (0) or failure (!0)
- Case-scenario unique identifier (uuid) for managing session and race conditions.
4- API-test
API-test is a bash script that allows for structured and organized testing of JSON APIs directly from the terminal.
5- GraphQLer
GraphQLer is an advanced tool for testing GraphQL APIs. It has powerful features that make testing easier and provide thorough analysis of APIs. It efficiently manages objects and resources, identifies dependencies, and handles query errors. GraphQLer has successfully found numerous bugs in production-grade GraphQL APIs!
Features
- Dependency awareness: Run queries and mutations based on their dependencies!
- Dynamic testing: Keep track of resources created during testing
- Error correction: Try and fix requests so that the GraphQL API accepts them
- Statistics collection: Shows your results in a nice file
- Ease of use: All you need is the endpoint and maybe the authentication token 😁
6- OFFAT
OFFAT - OFFensive Api Tester is a tool that automatically tests APIs for common vulnerabilities. It currently supports testing for restricted HTTP methods, SQLi, BOLA, data exposure, BOPLA/mass assignment, broken access control, basic command injection, and basic XSS/HTML injection. The tool is still a work in progress and in beta stage, so it may occasionally crash while running. Contributions are welcome.
Features
- Few Security Checks from OWASP API Top 10
- Automated Testing
- User Config
- API for Automating tests and Integrating Tool with other platforms/tools
- CLI tool
- Dockerized Project for Easy Usage
- Open Source Tool with MIT License
7- Athena
Athena is an open-source (Apache-2.0) engine for testing the performance and functionality of APIs. It aims to reduce the time and effort needed to define and execute tests. Athena acts as a unified and extensible tool for managing and running both functional and performance test suites.
Athena supports clustering with a Manager node and at least one Agent node. Cluster management is integrated, allowing for easy creation and joining of clusters using the Athena CLI. Reporting and aggregation are provided within the cluster, with data stored in Elasticsearch and visualized in custom Kibana dashboards. A UI Dashboard is available for defining test suites and managing test runs.
Features
- Increase confidence in each release by using an integrated testing framework (performance/functional).
- Allow support for defining tests in a modular, but configurable way using
YAML
files. - Aggregate test results and provide in-depth reports via Elasticsearch and predefined Kibana dashboards.
- Provide support for tests version management.
- Run tests independent of their location.
- Allow support for defining assertions in a programmatic way (functional).
- Allow support for easily extending the core functionality of the framework through plugins.
- Allow support for defining reusable fixture modules among tests.
- Allow support for creating complex performance mix patterns using functional tests. (on the roadmap)
8- RSpec framework
The HTTP REST API client is a powerful tool used for testing APIs. It is based on the Ruby's RSpec framework and provides a comprehensive setup for automating API testing. With this client, you can easily perform various API testing tasks and ensure the reliability and functionality of your APIs.
It simplifies the process of API testing by providing a complete framework within itself, allowing you to focus on the core aspects of testing without worrying about the setup and configuration. This client is a valuable asset for developers and testers alike, as it offers a seamless experience for testing and automating APIs.
Features
- Custom Header, URL, and Timeout support
- URL query string customization
- Datatype and key-pair value validation
- Single key-pair response validation
- Multi key-pair response validation
- JSON response schema validation
- JSON response content validation
- JSON response size validation
- JSON response is empty? validation
- JSON response has specific key? validation
- JSON response array-list sorting validation (descending, ascending)
- Response headers validation
- JSON template as body and schema
- Support to store JSON responses of each tests for the current run
- Logs support for debug
- Custom logs remover
- Auto-handle SSL for http(s) schemes
9- Resrbeast
RestBeast Terminal Client is a command line API client, testing tool, and load testing tool that aims to simplify API development, testing, service health checks, and load testing by combining them into one open-source terminal client.
10- Vibranium
Vibranium is a CLI tool for API testing and data generation, written in Node JS. It uses JSON for tests, making it readable and maintainable. Key features include JSON-based tests and high reusability of objects.
Top Features
Key features of Vibranium:
- JSON based tests: Simplifies test writing with JSON, ensuring simple and fast test creation while maintaining testability.
- Reusability: Allows for easy reuse of objects in API tests and data generation logic, reducing duplication and improving efficiency.
- Assertions: Supports straightforward assertion writing in JSON syntax. Also validates API responses against expected schemas for easy and efficient test writing.
- Simple Data Parsing: Offers easy data parsing using JavaScript dot notation to extract values from JSON responses. Supports random value selection from JSON arrays and mapping of array elements within JSON tests.
- Data generation tools: Simplifies filling dummy data in APIs with options to generate Lorem Ipsum strings, random strings based on regex matching, and inbuilt data sets such as names from popular franchises.
- Reports: Supports HTML, Excel, JUnit, and JSON report formats. Measures the time taken per call for each API endpoint and offers comparison of reports from previous executions.
- Declarative tests: Tests are written in JSON, specifying only the required properties and expected values, without worrying about the underlying mechanisms.
11- Cerberus
Cerberus Testing is a low-code test automation platform that supports testing Web, iOS, Android, and API applications. It allows easy creation and management of automated test cases through a web interface, making it accessible to development, quality, and business teams.
Test cases can be grouped, organized, scheduled, triggered in CI/CD pipelines, and notifications can be received via email or Slack. The platform helps secure software quality before deployment and ensures continuous monitoring of quality in production.
12- RestAssured based API testing framework
RestAssured based API testing framework is an open-source solution that uses RestAssured, TestNG, and Reporting Extent Reports. The framework automates Rest API test cases and allows customization. It provides features like logging curls, listeners, and reports for better test result understanding.