This article will provide a summary of the top API testing tools covering both open-source and commercial solutions that testing teams can select to suit their needs. Katalon Studio, SoapUI, and Postman are the top-three tools in the list.
1. Katalon Studio
Katalon Studio is a free test automation tool for API, Web, Desktop App and Mobile applications. It is emerging as a leading tool for API/Web services testing and positioning itself as a comprehensive end-to-end automation solution for both developers and testers.
Katalon Studio supports both SOAP and REST requests with various types of commands and parameterization functionalities. Moreover, the capability of combining UI and API/Web services for multiple environments (Windows, Mac OS, and Linux) has been considered a unique advantage of Katalon Studio among the top API tools.
- Support both SOAP and Rest
- All-in-one shop for API, WebUI, Desktop App and Mobile testing and the combined capabilities among those.
- Support data-driven approach.
- Can be used for automated and exploratory testing
- Support CI/CD integration.
- Support AssertJ, one of the most potent assertion library, to create fluent assertion with BDD style
- Suitable for both non-techies and pros via Manual and Groovy Scripting modes.
Determined as one of the 2019 Gartner Peer Insights Customers’ Choices for Software Test Automation — Katalon Studio has received more than 530 positive reviews, affirming its position at the forefront of the market.
Pricing: Free – $69/license/month
SoapUI is a headless functional testing tool dedicated to API testing, allowing users to test REST and SOAP APIs and Web Services easily.
Free package: Using the free package of SOAPUI, users can get the full source code and build their preferred features.
- Create test quickly and easily with Drag and drop, Point-and-click
- Reusability of Scripts: load tests and security scans can be reused for functional test cases in a just several steps
- Powerful data-driven testing: Data loaded from files, and databases, and Excel so that they can simulate how consumers interact with the APIs
- Support native CI/CD integrations, asynchronous testing
The latest version SoapUI 5.5 released in February 2019 added the Endpoint Explorer dialog for users to send exploratory requests and analyze responses without creating a project. SoapUI now supports extended HTTP methods such as PROPFIND, LOCK, UNLOCK, COPY, PURGE.
Pricing: Free – $659/year
Being originally a Chrome browser plugin, Postman now extends their solution with the native version for both Mac and Windows.
Postman is a good choice for API testing for those who don’t want to deal with coding in an integrated development environment using the same language as the developers.
- Easy-to-use REST client
- Rich interface which makes it easy to use
- Can be used for both automated and exploratory testing
- Can be run on Mac, Windows, Linux & Chrome Apps
- Has a bunch of integrations like support for Swagger & RAML formats
- Has Run, Test, Document and Monitoring Features
- Doesn’t require learning a new language
- Enable users to easily share the knowledge with the team as they can package up all the requests and expected responses, then send to their colleagues.
Starting from version 7.2 in June 2019, Postman expanded their support for GraphQL request and schemas, GraphQL variables, and GraphQL query autocompletion function.
Pricing: Free – $18/user/month
4. Tricentis Tosca
Tricentis Tosca is a continuous testing platform for Agile and DevOps. Benefits of Tricentis Tosca include:
- Supports many array of protocols: HTTP(s) JMS, AMQP, Rabbit MQ, TIBCO EMS, SOAP, REST, IBM MQ,NET TCP
- Integrates into the Agile and DevOps Cycle
- Maximize reuse and maintainability with model-based test automation
- API tests can be used across mobile, cross-browser, packaged apps, etc…
- Achieve sustainable automation with new technology
- Reduce the time of regression testing
- Interactive testing provides test managers with the ability to execute manual testing and collect results without having to configure Tosca environments.
In the latest version 13.0 updated in January 2020, Tricentis Tosca supports web service security configuration in the API Connection Manager. Users can also use the signature security option to sign multiple parts of a message. Additionally, Tosca 13.0 allows testers to read and write files dynamically with a file connection in the API Engine.
Pricing: Contact Sales
Apigee is a cross-cloud API testing tool, allowing users to measure and test API performance, supports and build API using other editors like Swagger. Apigee is recognized as one of the leaders in the Gartner Magic Quadrant 2019 for Full Lifecycle API Management for the fourth consecutive time.
- Allows the design monitor, deploy, and scale APIs
- Identify performance issues by tracking API traffic, error rates, and response times
- Easily create API proxies from the Open API Specification and deploy them in the cloud
- Cloud, on-premise, or hybrid deployment model on a single code base
- PCI, HIPAA, SOC2, and PII for apps and APIs
- Apigee is purpose-built for digital business, and the data-rich mobile-driven APIs and apps that power it.
Starting from the version 4.19.01 in February 2019, Apigee gives users even more flexibility to manage their APIs with features like Open API 3.0 support, TLS security, self-healing with apigee-monit, virtual host management improvements, and more software support.
Pricing: $2,500/month – Contact Sales
JMeter (open source) is widely used for functional API testing although it is actually created for load testing.
- Supports replaying of test results
- Automatically work with CSV files, allowing the team to quickly create unique parameter values for the API tests.
- Users can include the API tests in CI pipelines thank to the integration between JMeter and Jenkins
- It can be used for both static as well as dynamic resources performance testing
Since the most recent release in November 2019, JMeter 5.2 has been packed with multiple features and enhancements, improved user experience, and many bug fixes, such as new protocol, JMESPath extractor, JDBC improvements, StringtoFile, HTTP Samplers.
Pricing: Open source
Rest-Assured is an open-source Java Domain-specific language that makes testing REST service more simple.
- Have a bunch of baked-in functionalities, which means users don’t have to code things from scratch.
- Integrates seamlessly with Serenity automation framework, so that users can combine the UI and REST tests all in one framework that generates awesome reports.
- Support BDD Given/When/Then syntax
- Users don’t necessarily need to be an HTTP expert
Starting from version 4.0.0, REST Assured requires at least Java 8, instead of Java 6 as was previously required. This version also added support for Apache Johnzon and fixed a lot of issues with the initial OSGi support. The latest version 4.1.2 announced in October 2019 added support for Java 13 as well as fixing some issues with the Kotlin extension module.
Pricing: Open Source
Assertible is an API testing tool which concentrates on the automation and reliability.
- Support for automating API tests through each step of a continuous integration and delivery pipeline.
- Support for running API tests after deployments and integrates with familiar tools like GitHub, Slack, and Zapier.
- Support validating HTTP responses with turn-key assertions such as JSON Schema validation and JSON Path data integrity checks
- The Sync feature allows testers to update their tests when their specifications change, so users no longer have to manually update their tests after adding new parameters or changing the response of API.
In October 2019, Assertible added the latest feature called Encrypted variables. This feature provides a new way to store tokens, passwords, and secret data fields required by tests to improve API testing security practices. Encrypted variables are not only trivial to use, but build on the cryptographically sound methodology for safe storage.
Pricing: Free – $100/month
9. Karate DSL
Karate DSL is a new API testing tool which help create scenarios for API-based BDD tests in a simple way without writing step definitions. Those definitions have been created by KarateDSL so that users can kickstart the API testing quickly.
- Build on top of Cucumber-JVM
- Can run a test and generate reports like any standard Java project
- A test can be written without any Java knowledge required
- Tests are easy to write even for non-programmers
- Supports configuration switching/staging, multi-threaded parallel execution
Starting from version 0.9.3, Karate UI is no longer part of the open-source tool’s core but a separate Maven artifact. Also included in this version is built-in support for WebSocket that is based on the async capability. In the latest update Karate UI 0.9.4 in July 2019, the Maven archetype uses JUnit 5 inst
Pricing: Open Source
Swagger is an API testing tool that allows users to start their functional, security, and performance testing right from the Open API Specifications. Swagger tooling and Ready API platform make it easy to quickly create, manage, and execute API tests in the pipeline.
- Swagger Inspector provides capabilities to inspect API request-responses, and make sure they perform as expected
- Import user’s API definitions to easily validate schema rules, automatically generate assertions against endpoints and inject synthetic data into parameters
- Generate complex load scenarios to test the scale and performance of API
- Support all types of services from REST, SOAP to GraphQL
Open API Spec version 3.0 in March 2019 came with the new feature Swagger Hub Domains. With this feature, developers can take frequently used objects, path items, response, and store them in separate files to be referenced across multiple different API definitions. These re-usable Domains can be versioned, published, and shared for collaborative feedback among large teams.
Pricing: Open Source