Skip to main content
Search
Close
Q Community
The Global Test Automation Community
Illustration Powered by ACCELQ
Create your Account
Join your own place to ask, answer, learn and network with like minded testers
Sign-up successful ! Verification link has been send on your registered email id. Please check spam folder if unable to find the same in Inbox folder.
The User with this Email ID already exists. Please try another Email
Powered by ACCELQ

Comprehensive API Testing: Validating Error Responses and Negative Paths

Support Team
  • Updated

While "happy path" testing confirms that an API works under normal conditions, comprehensive testing must also validate how the API handles errors and invalid input. This is known as negative testing, and it's crucial for building robust, secure, and predictable APIs.

A well-designed API should not only return the correct error code but also a clear error message in the response body. ACCELQ makes it easy to verify both of these components.

1. Verifying HTTP Error Status Codes

The first step in any negative test is to confirm that the API returns the appropriate HTTP error status code. This immediately tells the consumer what kind of error occurred.

Common Client-Side Error Codes to Test For:

  • 400 Bad Request: The server cannot process the request due to a client error (e.g., malformed JSON, missing a required field).
  • 401 Unauthorized: The client has not provided valid authentication credentials.
  • 403 Forbidden: The client is authenticated but does not have permission to access the requested resource.
  • 404 Not Found: The requested resource could not be found on the server.

Example: Testing for a Non-Existent Resource (404)

Let's test what happens when we request a user that does not exist.

Invoke the API Call

First, invoke a GET request for a resource you know is not there.

Invoke ReSTful GET service. End-point: https://api.myapp.com/users/99999

Verify the Status Code

In the Verify the Response step, instead of expecting a 200, you will assert for a 404. When the "Response verification" window opens:

  1. Navigate to the Status tab.
  2. Enter 404 as the Expected Value for the Status Code.

This confirms the API correctly reports that the resource was not found.

2. Validating the Error Response Body

A good error response does more than just send a status code; it includes a helpful message in the response body. Verifying this message is the second crucial part of a negative test.

Example: Verifying the "User Not Found" Error Message

Continuing our previous example, let's assume the API returns the following JSON body when a user is not found:

JSON

 
{
  "error": "UserNotFound",
  "message": "No user could be found matching the ID 99999."
}

After verifying the 404 status code, you can add more verifications to the same test step:

  1. In the "Response verification" window, navigate to the Response tab.
  2. Click on the error node. In the "Verify Content" dialog, assert that its value equals UserNotFound.
  3. Click on the message node. In the "Verify Content" dialog, assert that its value contains No user could be found.

Now your test is complete. It validates not only that the API correctly identifies the error (404 status) but also that it communicates the error clearly in the response body.

More Negative Test Scenarios

Invalid Input (400 Bad Request)

  • Scenario: Send a POST request to create a new user but intentionally omit a mandatory field, such as email.
  • Verification: Check for a 400 status code and an error body like {"error": "Validation failed", "field": "email", "message": "Email is a required field."}.

Invalid Authentication (401 Unauthorized)

  • Scenario: Make a call to a protected endpoint but do not include the Authorization header.
  • Verification: Check for a 401 status code and an error body like {"message": "Authentication token is missing or invalid."}.

Related articles

Comments

0 comments

Please sign in to leave a comment.

14241 Dallas Parkway Suite 520
Dallas Texas 75254 U.S.A
CONTACT US
© 2025 ACCELQ. All rights reserved.