The Best Open Source API Testing Tools for 2024

Get Automation Testing Tips

What is an API?

An API is a specification that acts as an interface for software components.

While most functional testing involves testing a user interface like a web page or a dot net form, API testing bypasses a user interface and communicates directly with an application by making calls to its APIs.

API functional testing allows you to test headless technologies like:

• JMS
• HTTP
• Databases,
• Web services.

This testing technique is sometimes called “headless” testing.

Most headless testing consists of bypassing the UI, sending a request directly to an application's backend or service, and receiving a response while validating the response to ensure things are working as we expect them to.

This simple example is often referred to as a client/server relationship.

A client makes a request by asking for a resource; the request then goes out and finds a server that can fill that request. The server locates the desired resource and sends a response back to the client.

Join Test Automation Training

What API Testing Tools Can I Use to Automate API Testing?

Since Selenium is just for browser-based testing, you may wonder which tool to use for Rest and Soap web service-based testing.

Here are some of the popular API testing tools that can be used for Rest and Soap Web Service Testing.

These automation tools are great because, many times, you can leverage one test script to help with API load/stress performance testing, API security testing, and penetration testing.

So let's get to it.

Although there are many great paid options, here are the top free testing tools you should check out for software testing.

Postman 

Postman is a rest client that started off as a Chrome browser plugin but recently came out with native versions for both Mac and Windows. They have also recently come out with an AI assistant feature called PostBot.

At a high level, you can use it to send a post request to your web server, and it gives you a response back. It allows you to set up all the headers and cookies your API expects and then check the response when it returns.

• It can be used for both automated and exploratory testing
• Can be run on Mac, Windows, Linux &Chrome Apps
• It has a bunch of integrations, like support for Swagger & RAML formats
• Has Run, Test, Document, and Monitoring Features
• It doesn’t require learning a new language

To hear how Postman is used in the real world for testing video games, check out Amber Race's TestTalks episode on Testing Video Games Using API Automation.

CON: Postman's features have recently become paid options, although they still have a free plan. That's why more testers are migrating to tools like next on our lst Karate.

Karate DSL 

Karate allows you to create a test to sequence calls to any web service (SOPA or REST) and assert that the responses are as expected. If you're a tester, this is a very tester-focused tool that doesn't require you to know how to code. This tool has become so popular that we have even created two free test guide courses to get you up to speed on it quickly.

Karate is known for being easy to read and, thus, very maintainable. This is an often overlooked aspect of choosing a test framework because test suites are used for continuous integration as long as the API is live in production.

• It has an easy-to-use human-like syntax
• Can run a test and generate reports like any standard Java project
• A test can be written without any Java knowledge required
• Tests are easy to write, even for non-programmers

Here is an example Karate script:

Feature: TestGuild search

  Scenario: Search for a keyword on testguild.com
    Given url 'https://www.testguild.com/'
    And driver
    When driver.get
    Then driver.findElementByCss('#s').input('automation')
    And driver.findElementByCss('.search-submit').click()
    And driver.waitForUrl('/?s=automation')
    Then driver.titleContains('automation')

Feature: TestGuild search Scenario: Search for a keyword on testguild.com

It currently has over 7.6k stars on GitHub.

Step CI

New to our list this year is Step CI.

This open-source, self-hosted platform is designed to automate API testing across various languages and API types, including:

• REST
• GraphQL
• gRPC

Step CI offers versatility, allowing configurations via YAML, JSON, or JavaScript. Users can also bring their own test data or generate fake data for testing purposes. And you can perform other cool tests using it, like:

• Fuzz Testing
• Testing ChatGPT
• CO2 Testing

One of its standout features is running multiple tests concurrently without compromising performance.

For those with an OpenAPI specification, tests can be generated directly from it. For more insights, you should explore Step CI's official website, documentation, and GitHub repository.

It currently has over 1.4k stars on GitHub.

SoapUI 

SoapUI is a headless functional testing tool from SmartBear software. It comes in two flavors:

1. Free, open-source version 
2. Pro Version

Since the free version is open-source, you can actually gain access to the full source code and modify it as needed.

The free version lets you:

• You can easily create custom code using Groovy
• Drag and Drop Test Creating
• Can create complex scenarios
• Asynchronous Testing
• SoapUI’s Mock Service lets you mimic web services before they are implemented.

The SoapUI Pro version is user-friendly and has additional functionality, including a form editor, an assertion wizard for XPath, and an SQL query builder.  

Listen to Mike Giller of Smartbear talk more about SoapUI:

TraceTest

New to our list in 2024 TraceTest takes a unique approach to API Testing compared to the other api automation testing tools open-source listed here.

The innovation it brings is that it utilizing OpenTelemetry and trace-based testing.

This tool is designed to significantly speed up the process of creating integration and end-to-end tests, claiming to reduce the time required from days to minutes. Here's how it differentiates itself from other API testing tools on our list:

• Integration with OpenTelemetry: Tracetest leverages OpenTelemetry to capture traces of API calls and their interactions within a system. This integration allows for a more in-depth analysis and testing of the API and the system's behavior.
• Trace-Based Testing: Unlike traditional API testing tools that may focus solely on the request and response, Tracetest uses trace data to assert the behavior and performance of the API and the underlying services. This includes the ability to assert on the timing of trace spans (e.g., ensuring a database span executes within a certain timeframe) and wildcard assertions across common types of activities (e.g., all gRPC return codes should be 0).
• No Need for Mocks or Fakes: Since Tracetest tests against real data and uses the actual traces of the system, there is no need for the cumbersome setup of mocks or fakes. This can lead to more accurate and reliable tests.
• Support for Multiple Test Triggers: Tracetest allows defining tests through various triggers such as HTTP requests, gRPC requests, and trace IDs. This flexibility accommodates a wide range of testing scenarios and requirements.
• Visual and Programmatic Test Creation: Tests can be built visually through the Web UI or programmatically via YAML, making it accessible for both developers and testers. Additionally, the Tracetest CLI and YAML-based test definition files support GitOps workflows and CI/CD automation.
• OpenTelemetry Instrumentation Analysis: Tracetest not only tests APIs but also analyzes the quality of OpenTelemetry instrumentation across the system. This ensures adherence to standards and can help improve observability practices.
• Comprehensive Trace Analysis and Validation: Beyond simple API testing, Tracetest offers features for detailed trace analysis and validation, enforcing OpenTelemetry rules and standards. This can be crucial for systems relying heavily on distributed tracing for observability.

Tracetest's unique value proposition lies in its integration with OpenTelemetry, trace-based testing approach, and comprehensive features that go beyond traditional API testing, offering a more holistic view of a system's behavior and performance.

It currently has over 859 stars on GitHub.

HttpMaster Express 

HttpMaster describes itself as a web development and test tool to automate the testing of websites and services. It can be used to test RESTful web services and API applications. HttpMaster also allows you to monitor API responses.

• HttpMaster project offers global options to customize your API request
• Parameter capabilities enable you to include dynamic data with your request
• You can use request chaining to leverage request items to include some data from the previous request with the next request

Rest- Assured 

Rest-Assured is an open-source Java Domain-specific language (DSL) that simplifies manual testing of REST service. It simplifies things by eliminating the need to use boilerplate code to test and validate complex responses. It also supports XML and JSON Requests/Responses. This is probably the best-known tool to test rest API.

• Removes the need to create boilerplate code required to interact with a rest service
• Support BDD Given/When/Then syntax
• Integrated seamlessly with Java projects
• Probably the standard for programmatically creating a rest API testing tool script

If you use Java and want a REST API web services library you can use in your framework, Rest-Assured is a good choice. Bas Dijkstra recently also created a C# version.

Johan Haleby, creator of Rest-Assured, shares tips and tricks for getting started with REST testing with Rest-Assured.

It currently has over 6.6k stars on GitHub.

RoboHydra Server 

Are you looking for API integration testing tools?

RoboHydra is a testing tool for HTTP-based clients (i.e., software that makes HTTP requests). Instead of connecting your clients-under-test to the real server, you connect them to RoboHydra and make RoboHydra respond with whatever you need for each request.

To use RoboHydra to perform, say, navigating to testguild.com and searching for “API automation testing,” you'll need to create a simple proxy server with RoboHydra and then write a test script to perform the search.

• You can test many different kinds of clients
• Written in Javascript, runs under Node 

Get Automation Testing Tips

Pyresttest 

PyRestTest is a Python-based REST testing and API micro-benchmarking API testing tool.

• You can write your test scripts in basic YAML or JSON config files; no code is needed
• Returns exit codes on failure
• It only works on Mac and Linux

it's easy to get started. All you need to do is install pip install pyresttest

Then Create a YAML test file that, for example, the test will check if the GitHub API returns a 200 status code when requesting public repositories.

---
- config:
    name: "GitHub API Test"
    timeout: 5
    headers: {'User-Agent': 'PyRestTest'}

- test:
    name: "Get public repositories"
    url: "https://api.github.com/repositories"
    method: "GET"
    expected_status: [200]

And run the test:

resttest.py https://api.github.com github_api_test.yaml

Get Automation Testing Tips

Airborne 

Airborne is an open-source Ruby-based framework built on top of RSpec. RSpec is a popular behavior-driven development (BDD) testing framework in the Ruby ecosystem. Airborne simplifies testing RESTful APIs by providing a set of convenient methods and matchers for making HTTP requests and validating responses.

Key features of Airborne:

• Works with Rack applications like Sinatra and Grape
• Works with APIs written in Rails
• Easy to use: Airborne provides a simple and readable DSL (Domain-Specific Language) that makes it easy for developers and testers to write tests.
• JSON support: Airborne is designed with JSON in mind, making it easy to parse, validate, and manipulate JSON response bodies in your tests.
• Built on RSpec: As Airborne is built on top of RSpec, you can leverage the full power of RSpec matchers and its BDD-style syntax.
• Custom matchers: Airborne includes a set of custom matchers to validate API responses, such as checking the presence of specific keys or validating the types of values in JSON objects.
• Extensible: You can easily extend Airborne by adding custom matchers or using existing RSpec plugins to enhance your API testing experience

To use, all you need to do is use the following gem files

gem install airborne
gem install rspec

Then create a test file github_api_spec.rb:

require 'airborne'

describe 'GitHub API' do
  it 'retrieves public repositories' do
    get 'https://api.github.com/repositories'
    expect_status(200)
    expect_json_types('*', id: :integer, name: :string, full_name: :string)
  end
end

And then run the test: rspec github_api_spec.rb

It currently has over 1.1k stars on GitHub.

Citrus Framework 

I'm unsure why more folks aren't aware of the Citrus Framework. Citrus is an open-source framework that can help you automate integration tests for virtually any messaging protocol or data format. It has nice test results reports as well.

• Works with REST, SOAP, HTTP, JMS, TCP/IP, and more
• Create tests using Java or XML
• Mature – has been around a while

For more info on Citrus and integration testing, check out API Integration Automation Testing With Citrus Framework.

It currently has over 430 stars on GitHub.

ZeroCode

ZeroCode describes itself on GitHub as a community-developed, free, open source, microservices API automation and load testing framework built using JUnit core runners for HTTP REST, SOAP, Security, Database, Kafka, and much more. Zerocode Open Source enables you to create, change, orchestrate, and maintain your automated test cases declaratively easily.

Here are some benefits of using ZeroCode:

• ZeroCode is built on JUnit core runners (no plugins needed)
• Just your IDE or any JSON editor is enough to drive the tests
• Very easy to write tests – as simple as Postman REST-Client
• You can still do BDD, but without syntax overhead
• Performance testing – Load/Stress generation is quite easy, and existing tests can be reused
• Efficient Reports – You can do a fuzzy search as well as filter by any text, and track by author

It currently has over 815 stars on GitHub.

Katalon Studio

Katalon Studio is an all-in-one test automation solution that supports web, mobile, and API testing. It offers comprehensive features and a user-friendly interface, making it suitable for beginners and experienced testers. Katalon Studio can be used for headless testing to ensure your RESTful and SOAP web services' functionality, reliability, performance, and security.

Some benefits of Katalon Studio are:

• It's not open-sourced, but it is free
• It’s a complete package and framework. So it is easy to install and get working
• Small learning curve
• It has functionality that allows you to test web services and REST APIs

Listen to my interview with Raghav Pal to discover more about Katalon Studio.

JMeter

As you might already know, JMeter was developed for load testing, but many testers also use it for functional API testing and as an API load testing tool as well.

Some benefits of JMeter are:

• Can leverage one script for both API and API Performance testing
• JMeter has been around a while, so it's time-tested
• Easily integrated into CI/CD environments

Tavern

Tavern is a pytest plugin, command-line tool, and Python library for automated testing of APIs. It's designed for testing RESTful APIs. It uses the powerful pytest testing framework to create a simple, concise, and flexible way to write API tests. Tavern allows you to create automated API tests in YAML format, making them easy to read and maintain. Additionally, since Tavern is built on top of pytest, you can leverage pytest's advanced features and plugins to enhance your API testing experience.

• • Simple, concise, and flexible YAML-based syntax
  • Very simple to get started
  • Highly customizable for complex tests
  • Supports testing RESTful APIs as well as MQTT-based APIs

It currently has over 967 stars on GitHub.

Chakram

Chakram is a REST Javascript API testing tools framework with a BDD testing style and fully exploiting promises. So you can use it for

• HTTP Assertions
• Chakram fully exploits javascript promises
• BDD formatting and hooks
• Very extensible

It currently has over 908 stars on GitHub.

Free TestGuild Courses

If you read this far, you might ask yourself, “Can't you also use some of the more popular browser automation testing tools for API testing?” The answer is YES, for instance.

Playwright for API testing

You can do API testing using Playwright, although Playwright is primarily designed for end-to-end testing of web applications. Playwright is a Node.js library that automates browser actions, making it perfect for testing web applications in multiple browsers, including Chromium, Firefox, and WebKit. However, you can also use it with other libraries to perform API testing.

Here's an example of how you can perform API testing using Playwright, along with the “axios” library to make API requests:

First, install the required libraries:

npm init -y
npm install playwright axios

Create a test file, e.g., api_test.js, and import the required libraries:

const { chromium } = require('playwright');
const axios = require('axios');

Define an async function to perform the API testing:

async function testAPI() {
  // Launch a browser instance using Playwright
  const browser = await chromium.launch();
  const context = await browser.newContext();
  const page = await context.newPage();

  // Navigate to the target API URL (replace with your API URL)
  const apiUrl = 'https://api.example.com/data';

  // Use axios to make an API request
  const response = await axios.get(apiUrl);

  // Check the response status and data
  if (response.status === 200 && response.data) {
    console.log('API Test Passed:', response.data);
  } else {
    console.error('API Test Failed:', response.status, response.statusText);
  }

  // Close the browser instance
  await browser.close();
}

testAPI();

Remember that this is just one way to perform API testing using Playwright. Playwright is a versatile library that can be combined with many other libraries and frameworks to perform more complex API testing.

On-Demand API Testing Training

What about API testing using Cypress — sure!

Cypress for API Testing

Just like Playwright, Cypres is a popular end-to-end testing framework for web applications. Although Cypress is mainly designed for browser automation and testing web applications, it also provides functionality for testing APIs using the cy.request function.

Here is an example of how that would look

describe('API Test', () => {
  it('GET request', () => {
    // Replace with your API URL
    const apiUrl = 'https://api.example.com/data';

    // Make a GET request using Cypress
    cy.request(apiUrl).then((response) => {
      // Check the response status and data
      expect(response.status).to.equal(200);
      expect(response.body).to.have.property('data');
    });
  });
});

Top API Testing Tools Recap

I think software testers need to embrace APIs this year, which is why I have so many sessions at this year's Automation Guild to help. Check them out now.

These are the top tools I’ve come across, but tons of SOAP and REST API test tools are popping up everywhere, so I’ll definitely add to this list as time passes.

If one of your favorite API test tools is not listed, please let me know, and I’ll add it.

Let’s Talk!