API Automation for GraphQL Testing

Adopting GraphQL and implementing GraphQL testing have become critical in the API-first landscape.
 

The skyrocketing demand for modern software has put the importance of maintainable, functional, and scalable code on top. To enable independent evolution and decouple the front end from the backend, manual and automated API testing needs to take place for SOAP and REST architecture styles.
 

Amazon, Facebook, AirBnB, GitHub, and many other tech companies are adopting GraphQL as an alternative to the traditional REST and SOAP APIs.
 

As the GraphQL architecture continues to gain traction, making sure they are thoroughly, extensively, and automatically tested is pivotal to ensure performant APIs and business flows continuity.
 

In this article, we'll explore how GraphQL works as well as the importance, and best practices of GraphQL testing.  

What is GraphQL compared to REST?

GraphQL came out as the solution to a more fluent and customized way for complex API data retrieval. With traditional REST, the large number of requests and endpoints add complexity and redundant data to API interactions.
 

Essentially, GraphQL is a query language and server-ride runtime for APIs that allow clients to request multiple resources via types and fields.
 

Here’s how requests look under REST vs GraphQL. We’ll use the use case of interacting with a post on a social media platform:
 

REST: Multiple endpoints

GraphQL: Single endpoint 

The basic idea behind GraphQL is mutations and queries that specify and retrieve exactly the data you need and nothing else.

Here’s an example of a GraphQL query and mutation.

The clients send queries to the server by describing the required data and its format without over or under-fetching. 

Below are some key reasons why GraphQL has gained popularity compared to REST:

• Easier to fetch and manage data: Querying and mutating data are done with a single endpoint. This includes requesting data or performing mutations (e.g., CRUD methods).
• Schema as API documentation: separate documentation won’t be needed since any types, fields, and operations are already a part of the GraphQL schema language itself. 
• Use in parallel with REST: moving away from legacy artifacts isn’t as simple as deleting and switching – it’s an incremental adoption. The built-in versioning that GraphQL offers enables developers to make enhancements to current REST APIs without breaking existing clients.  

This makes it faster than REST APIs as it doesn’t have to make multiple calls to different endpoints to get your data. 

4 simple ways to call a GraphQL API

Using a GraphQL client library

This approach involves using a client library specific to the programming language you are using. The client library will handle the request and response objects, and provide a convenient way to call the GraphQL API. Examples of client libraries include Apollo Client for JavaScript, Apollo Android for Android, and graphql-java for Java.

Using a REST client 

GraphQL API can also be called using a REST client such as Postman or Insomnia. To do this, you set the request URL to the GraphQL endpoint and specify the GraphQL query as the request body. The response will be in JSON format, which you can parse and use in your application.

Using a command-line tool 

Command-line tools such as Curl, or HTTPie are used to make HTTP requests to the GraphQL API. You can make requests and parse the response in a command-line environment.

Using a web-based tool 

GraphiQL or GraphQL Playground provides a visual interface for writing GraphQL queries. You can use these tools to explore and test GraphQL APIs, as well as to create and execute queries.

What is GraphQL testing?

GraphQL API testing checks the correctness of the schemas, queries, and mutations created for an API. To maintain the API’s reliability and performance, below are what needs to be tested:

• Query and mutation: flows, operations, and procedures of APIs need to be returning accurate results and properly save in a database.
• Schema validation: Are fields, data types, or nested objects following the initially designed structure? Discrepancies in the format can yield errors in API responses.  
• Error handling: return error responses in case of invalid queries or mutations, unauthorized access, or data validation failures. Some examples are empty or null values or very long or very short inputs. 
• Data integrity: more complex queries, mutations, and flows can run into issues like improper data processing logic, data corruption, and synchronization. 
• Performance: ensure response times and resource usage (e.g., CPU, memory, and network) are within an acceptable threshold under dynamic loads of concurrent requests and data volume.

The importance of testing GraphQL APIs

GraphQL API testing means writing test cases to query and mutate nested data. Take a quick look at how components on a Facebook feed are nested:

• Newsfeed
• User timeline
• Post
• Post likes, comments, shares

Much like shadow DOM, interlinked data gradually become disastrous, especially since traditional REST APIs require multiple separate query parameters and endpoints to communicate. 

Read more: API Testing Tips | How To Test APIs | Software Testing Basics (katalon.com)

Components to test in GraphQL

• Schema: As the foundation of GraphQL APIs, it defines available data types, fields, and operations. Schema testing involves verifying that the schema follows the GraphQL specification and works correctly with all queries and mutations.
• Query: Verifies that a particular query, along with any associated parameters, generates the intended response. Automated testing methods, such as leveraging libraries like "request" and "supertest," can be utilized for query testing.
• Mutations: It is crucial to test mutations as they involve checking the ability to access and add data to databases. Mutations alter data in the database from the server side and return a result.
• Resolvers: Resolvers are functions that map GraphQL queries to data sources. They are responsible for fetching the data and returning it in the correct format. Since resolvers gather information from schemas, it is vital to test them at an early stage to prevent costly errors later on.

If you’ve been using REST, here’s how GraphQL testing differs:

• Query-based testing: interact with resources via sending GraphQL queries instead of making requests to specific endpoints
• Data fetching and response handling: since the client can specify the data requirements,  verifications look at the response data and the structure of a given query
• Nested query complexity: multi-level nested queries can take up resources uncontrollably, leading to over-fetching or under-fetching
• Error handling: separate field for errors in the response body instead of HTTP status codes and error messages 

Types of GraphQL API testing

There are several aspects of a GraphQL API that should be verified through testing:

• Functional testing: Test specific functions to make sure the API output matches expectations. For example, a test case for an API login feature may verify that users can successfully log in with valid credentials and are denied access with invalid credentials.
• Security testing: This practice protects GraphQL APIs from security threats like injection attacks, information leakage, and inconsistent authorization. Security testing also involves verifying encryption methodologies and the design of API access control.
• Load testing: Test the API under a high number of requests to ensure it can handle the expected user traffic in various circumstances, such as peak usage, unexpected traffic spikes, and long-term usage.   
• Validation testing: It verifies the API's usability, transactional behavior, and operational efficiency. Validation testing is typically placed in the final stage of development as an assurance of the API’s overall functionality. 

These tests can be organized following the test pyramid model, which defines different levels and scopes of testing:

• Unit testing: Tests individual units or components of the API in isolation. In the context of GraphQL, unit tests are used to test individual resolvers and fields in the schema.
• Integration testing: Validates the interaction between APIs and the front-end UI (consumes and displays data).
• End-to-end testing: Replicates a course of requests and responses between the client and server. In the case of GraphQL API, these are used to check its entire lifecycle, from schemas to resolvers to queries
   

Read more: Unit Testing vs Integration Testing: What are the key differences?

Testing GraphQL best practices

Prioritizing common scenarios

While GraphQL's dynamic nature is conducive to client-driven data retrieval, it presents challenges in covering all possible test scenarios. It is therefore suggested to start with scenarios with realistic and representative queries that clients may use in production. For example, in an e-commerce website, APIs for authentification, product searching, cart, or checkout are cases that should be prioritized. 

Planning test data carefully

Testing GraphQL can be complex as a single query can request multiple levels of nested data. Considering the batched data and dependencies between fields, it's important to ensure that the test data covers combinations of nested and batched queries to thoroughly validate the behavior of the GraphQL API.

Using mock data

When testing GraphQL APIs that rely on external web services, it is recommended to simulate responses instead of testing against production instances. This approach ensures that tests do not impact the production environment and can be run repeatedly without incurring unnecessary costs or delays. 

GraphQL Testing Tools

Not every API testing tool or library has supported GraphQL just yet. Below is a mix of EasyGraph, Katalon, Postman and how they are used to create and test GraphQL endpoints. 

EasyGraphQL

EasyGraphQL is a Javascript library for GraphQL API. With EasyGraphQL, you can:

• Build schemas using objects or classes.
• Construct dynamic queries and mutations with dynamic variables, arguments and fields.
• Generate documentation in Markdown, HTML or JSON formats.
• Import Jest or Mocha libraries to write and run GraphQL API automated tests.

Below is an example of an EasyGraphQL assertion:

The Katalon Platform

Katalon is a test automation platform to help QA teams plan, design, run and debug automated API and UI integration test cases. Additionally, Script Mode is available for users to write queries and mutations in Java/Groovy.

Web API testing

Katalon provides robust support for API testing, including the ability to test GraphQL, REST and SOAP APIs. Its integrations with GraphQL tools like Postman, Swagger, and SoapUI allow you to import existing API specifications and test your new API schema along with legacy API assets on one platform.

• GET and POST methods to generate test requests and execute with RESTful
• Run against JSON schema
• Full view on headers, body, and status code
• Parameterization for query variables

Read More: 15 Best Postman Alternatives For API Testing

UI integration testing

Web elements such as dropdowns, input fields, or buttons are organized within an Object Repository. This is key to updating locators and properties globally, across test cases
 

A keyword library and test recorder are available also for easy drag and drop. Imagine being able to spin up an automation script from your manual tests in minutes.

Data-driven testing

Katalon enables automating API tests with varying data scenarios by supporting multiple data formats (CSV, Excel), and databases (MySQL, Oracle, SQL Server). Testers can define variables in test scripts, objects or request attributes and bind them to the corresponding data fields from external data sources. 

Plan, author, run and analyze 

Katalon has all the features built-in to facilitate end-to-end continuous test automation: From writing tests using either low-code or full-code methods to executing in CLI mode across environments to gaining visibility from comprehensive reporting. No installations or integration workarounds are needed. 

Auto-triggered on CI

Katalon's integrations with tools such as Circle CI, Jenkins, and GitLab allow test cases to be automated and run as part of the CI/CD pipeline. Wiring up UI and API tests to automatically trigger and run ensures that integration issues are detected and addressed early.

Rest Assured

Rest Assured is a Java-based library commonly used for testing REST APIs. However, it can also be used for testing GraphQL APIs as long as the GraphQL query(request) in itself is not a JSON payload: 

• Firstly, convert the GraphQL query into Stringified JSON format.
• Next, pass the converted String as Body parameters to the Request.
• Verify the response.

Karate

Karate is a GraphQL testing framework that makes it easy to test GraphQL APIs. It supports JSON and allows you to easily include variables in your queries. You can pass the GraphQL Query as it is and validate the response using Karate’s match assertions.
 

Postman

With Postman, you can quickly create and send GraphQL queries, including queries with variables. You can also organize your queries into collections to manage and run multiple requests at once. Postman provides a user-friendly interface for exploring and testing GraphQL APIs, and it allows you to easily view and analyze the responses to your queries.
 

GraphQL testing in Katalon Studio

From the viewpoint of the client side, queries, and mutations are the most common types of GraphQL operations. Following the CRUD model (create, read, update, and delete), a query is similar to a GET request and maps to the "read" operation in CRUD, while mutations correspond to the other operations and are used to create, update, or delete data on the server.

Create a GraphQL test request using queries or mutations

To create a GraphQL test request, simply insert the query into the GET query parameter. However, testing GraphQL mutations only supports the POST method. 

It's important to test queries and mutations as it involves adding or accessing data in databases. Mutations modify data in the database and return us a value. Mutations can edit and manipulate the data from the server side. 

Use query variables in a GraphQL request

• You can add a GraphQL request into a test case. Katalon Studio generates a script that has send request method with a map of variables. Below is a sample test script:

• Switch to the HTTP Body tab and choose GraphQL body type.
• In the Query textbox, insert your GraphQL query with defined variables.GraphQL query

• In the Query Variables textbox, insert the values of your GraphQL variables.
• Then, navigate to the Variables tab and define the variable name: id the default value: "VN" in our case.

Validate GraphQL requests and responses against schemas.

Because GraphQL responses are in JSON format, you have the option to verify a GraphQL response against a JSON schema, which allows for error troubleshooting without the need for a HAR file. 

It's also possible to verify a GraphQL request body against a GraphQL schema to ensure the request is valid before being sent to the server. The server handles the verification process, and the response section will provide the validation results if you use keywords in the Verification tab. Alternatively, the Log Viewer will display the validation results if you use keywords in a test case.
 

Read more for further instructions: GraphQL in Katalon Studio

FAQs

How is GraphQL different from REST?

There are 2 main differences between the 2 methods:

• Data retrieval: In REST, data is retrieved through multiple endpoints, each returns a fixed set of data, which can be either more or less than the data requested. On the other hand, a graphQL API obtains data in one request via a single endpoint. GraphQL queries mirror the responses. The client describes what data fields they want, and server-side resolvers populate the data for the corresponding fields. Hence no under or over-fetching.
• Response structure: In REST, the response structure is predefined by the API developer and cannot be changed by the client. With GraphQL, you can determine the shape of the data for the request, and the response will be returned in the same shape. 

When To Use GraphQL vs REST API?

Both GraphQL and REST API development lifecycle approaches are useful depending on the specific need of your project. 

GraphQL is a better fit for projects where the client needs a lot of control over the data being fetched from the server. It's also ideal in the case of using multiple data sources. GraphQL simplifies the task of collecting data from different APIs and resolving the data to the client in one request
 

In contrast, REST APIs are more suitable for projects with simpler data structures. REST is also more suitable for projects where caching is important. Since a REST API provides many endpoints, you can easily configure a web cache to match certain URL patterns, HTTP methods, or specific resources.