API Testing & Monitoring

API Testing Series – Introducing Sandbox Simulations


In our third post of this series, we discussed how developers can use a concept called Service Virtualization (SV) to help with testing. While this improves the testing, it also has issues as identified in the article. In this article we will introduce the next generation of SV which we call ‘sandboxing’ where true simulations of the service are created to improve on what SV has delivered.

Following on from the SV discussion, if we look at what we are trying to improve technically, this is where we start: 

In order to support these above calls and sequencing, a sandbox is created by taking the meta data for the service and creating a sandbox environment as is illustrated :

This is then augmented by creating a data model behind the APIs to enable process to be supported and to enable the creation of business data for testing. Once this sandbox simulation is available, the process can be easily run against the sandbox without the real environment being available as illustrated below:

This solves all of the problems that it is not possible to solve using Service Virtualization:

  • No access is required to real environments to create the sandbox.
  • No data from the real environment is accessed so it is totally GDPR compliant.
  • Failure tests can easily be created in isolation to avoid impacting on other users.
  • Sandboxes enforce the sequence of calls so calls will fail if they have not been preceded by a related call.
  • Sandboxes react to the data being sent and thus tests can be enhanced by the creation of data through ongoing testing.
  • The sandbox can easily be updated to reflect new flows, fields or data.
  • As the sandboxed service evolves, multiple versions of the sandbox can be maintained for all testing as required.

But this is not all:

  • With intelligent data generation, proper business data can be created in the sandbox for testing various use cases.
  • A test suite to test the sandbox functionality can be created and verified against the real service to test the real service but also to ensure that the sandbox functionality is the same.
  • Sandboxes enable the full process cycle to be tested by simulating more than one dependant system.
  • Sandboxes support paradigms that record and replay cannot (e.g. call-backs, nonstandard payloads, paradigms that do not have a standard request/response semantic etc.)
  • Sandboxes can evolve or be restarted with a well-known state.
  • Sandboxes can be stood up on demand in the cloud as often as needed as they have no connectivity with the real environment nor do they contain any real data.

This provides the perfect vehicle for complex testing requirements in today’s agile and digital world. Our next article in the series will discuss how sandboxes can be used to help in the prototyping, development and ongoing testing of services exposed by new APIs.

John Power

John Power

CEO of Ostia Solutions
John has over 35 years’ experience working with enterprise IT systems in various roles including development, design and architecture. He has used this experience to create a suite of products to address lack of access to complex test systems which is a major bottleneck in the roll out of new products and the on boarding of external customers in large enterprise organizations. The result of this is Ostia’s Portus EVS technology which enables the creation of clever, simulated test systems and sandboxes on demand. These sandboxes facilitate the modelling and testing of new standards for Open Banking and PSD2, and implementation of new technologies such as Blockchain.

APIdays | Events | News | Intelligence

Attend APIdays conferences

The Worlds leading API Conferences:

Singapore, Zurich, Helsinki, Amsterdam, San Francisco, Sydney, Barcelona, London, Paris.

Get the API Landscape

The essential 1,000+ companies

Get the API Landscape
Industry Reports

Download our free reports

The State Of Api Documentation: 2017 Edition
  • State of API Documentation
  • The State of Banking APIs
  • GraphQL: all your queries answered
  • APIE Serverless Architecture