API process flow diagram code example

Example: api process flow

I HAVE FOUR DIFFERENT PROCESS TO IMPLEMENT
1.	Checking API contract
2.	Creating test cases
3.	Executing test cases
4.	Implementing different test flows

1. Checking API Contract
An API is essentially a contract between the client and the server or 
between two applications. Before any implementation test can begin, 
it is important to make sure that the contract is correct. 
a.	Endpoints are correct,
b.	Resource correctly reflects the object model 
(proper JSON/XML structure used in response),
c.	There is no missing functionality or duplicate functionality, 
d.	Relationships between resources are reflected in the API correctly. 
Now, that we have verified the API contract, we are ready to think of 
what and how to test. 

2. Creating test cases
I mostly create the following test case groups:
a.	Basic positive test (happy paths)
b.	Extended positive testing with optional parameters (optional parameters 
and extra functionality)
c.	Negative testing with valid input (trying to add an existing username)
d.	Negative testing with invalid input (trying to add a username which 
is null)
e.	Destructive testing (sending null, empty string, integer or other types, 
odd date format, deleting necessary parameters)
f.	Security, authorization, and permission tests (sending valid or 
invalid access tokens to permitted or unpermitted endpoints)

3. Executing test cases
For each API request I need to verify following items: 
a.	Data accuracy: Check the request and response body whether those are 
as written on API documentation in terms of data type and data structure.
b.	HTTP status code: For example, creating a resource should return 201 
CREATED and unpermitted requests should return 403 FORBIDDEN, etc.
c.	Response headers: HTTP server headers have implications on both 
security and performance.
d.	Response body: Check valid JSON body and correct field names, types, 
and values - including in error responses.
e.	Authorization checks: Check authentication and authorization
f.	Error messages: Check the error code coverage in case API returns 
any error
g.	Response time: Implementation of response timeout

4. Test flows
We need to implement the next test flow if previous flow is success:
a.	Single-step workflow: Executing a single API request and checking the 
response accordingly. Such basic tests are the minimal building blocks we 
should start with, and there’s no reason to continue testing if these tests 
fail.
b.	Multi-step workflow with several requests: For example, we execute a 
POST request that creates a resource with id and we then use this id to 
check if this resource is present in the list of elements received by a 
GET request. Then we use a PATCH endpoint to update new data, and we again 
invoke a GET request to validate the new data. Finally, we DELETE that 
resource and use GET again to verify it no longer exists.
c.	Combined API and UI test: This is mostly relevant to manual testing, 
where we want to ensure data integrity between the UI and API. We execute 
requests via the API and verify the actions through the UI or vice versa. 
The purpose of these integrity test flows is to ensure that although the 
resources are affected via different mechanisms the system still maintains 
expected integrity and consistent flow