top of page
Writer's pictureVishaka Warnakulasooriya

Case Study 06: Web API Testing for eCommerce Checkout



Background: Successful and secured payment in the checkout process of an eCommerce platform is a must to ensure that the customer's payment goes through safely. Any loophole will result in a loss of customers by losing customer satisfaction and trust. Apart from the other key testing types, API testing for payment gateways is highly required to ensure the integration of the applications. This edition discusses API integration testing with third-party payment providers and how it can be effectively carried out.



Strategy: The team went with the below steps of the test strategy by identifying the key Integration Points.


01. Create detailed maps of all the key system touchpoints with third-party payment APIs: payment initiation, confirmation, refund management, and error flows.


02. Understand the requirements and spec.

  • Study the API docs they provided (endpoints, request/response formats, auth; error codes, etc)

  • Define transactions (Credit Card Payments, refunds, voids..)


03. Information Gathering

  • Collect Information for all master cards for creating credit card numbers for testing (Dummy cards)

  • Get Payment Gateway Details

  • Collect the error codes together with payment gateway docs (Where is an error, is it an application bug or payment gateway error?)


04. Test Planning & comprehensive Test Coverage: Develop test cases that cover a wide range of scenarios, including successful transactions, declined transactions, partial payments, and refunds. Ensure all possible outcomes are tested.


4.1 Identify what needs to be tested.


  • Parameters passed through the payment gateway and application

  • Amount related information (via the query, string, or variable)

  • Check the format of the currency

  • Check session time out

  • When the payment gateway is down

  • Verify the encryption of Database entries for the transaction (credit card details are stored or not)

  • Transaction limits if there are any



4.2 Develop Test Scenarios:

  • Successful Transactions: Payments that have successfully been processed.

  • Failed Transactions: Cases where payment fails such as insufficient funds, incorrect card details, expired cards, etc.

  • Edge Cases: Abnormal versions of the scenarios like; minimum and maximum transaction scenarios, and field entries with special Characters.

  • Refunds & Cancellations: These are scenario-based examples that represent an end to end flow of transactions from refunds - to cancellation.

  • Currency handling: Transactions in multiple currencies if required



05. Define Test Data

Prepare a mix of valid and invalid test data, including various card numbers, expiry dates, CVVs, and transaction amounts.



06. Testing

  • API Endpoint Testing:

Authentication - Make sure the API does what it says it does with security, making use of anything from API keys, tokens, or OAuth.

Authorization - There needs to be proper authorization for different transactions for different user roles.

Transaction Processing - Test endpoints for Create Transaction, Capture Payment, Void Payment, and Process Refund.


  • Integration Testing:

End-to-End Flow - Test from entering the payment details till the final confirmation or the error message.


  • Validation Testing:

Response Codes: Check that the API returns the correct HTTP status codes (e.g., 200 for success, 400 for bad request).

Response Content: Validate the structure and content of the API responses against the expected schema.


Some Test Cases for API Testing:

Test cases of API testing are based on

Return value based on input condition: it is relatively easy to test, as input can be defined and results can be authenticated

Does not return anything: When there is no return value, the behavior of API on the system to be checked

Trigger some other API/event/interrupt: If the output of an API triggers some event or interrupt, then those events and interrupt listeners should be tracked

Update data structure: Updating data structure will have some outcome or effect on the system, and that should be authenticated

Modify certain resources: If an API call modifies some resources then it should be validated by accessing respective resources



Challenges & Solutions:

Challenge: Error Handling and Edge Cases

Solution:

  • Create detailed test scenarios which correspond to different use cases with rare and common error conditions. It has to have test cases for network failures, wrong data, transaction timeouts etc.


  • Error Handling Testing Scenarios: Create test cases to test error handling (e.g., insufficient funds(balance), expired cards and invalid CVV.)


  • Edge Cases: These are all test scenarios with boundary values (e.g., maximum and minimum transaction amounts) and unusual input data (e.g., special characters in fields).


  • Error Handling: Ensure that Transaction timeouts and retries are handled at the API level according to our retry logic.


Challenge: Handling Multi-Currency and International Payments

Solution:

  • Currency Testing: Develop test cases that cover transactions in different currencies, ensuring that currency conversions and international payment processing work correctly.

  • Localization Testing: Test the system’s handling of various localization aspects, such as different date formats, decimal separators, and language settings, to ensure a smooth user experience for international customers.


Normally, managing test data is challenging when handling sensitive data. However, the team does not need to use any data masking techniques because dummy credit card numbers were used for various master cards in a controlled, isolated environment.


The team used of well-known Dummy Data:


If the dummy credit card numbers are recognized as non-real, well-known test numbers (e.g., 4111 1111 1111 1111 for Visa, 5555 5555 5555 4444 for MasterCard), and there is no chance of these being confused with real data.




Results: By focusing on API integration testing with third-party payment providers, Enhanced Reliability significant improvement:

Our thorough testing strategy ensured that payment integrations worked reliably across different scenarios, avoiding the risk of transaction failures. Finally, it is building customer trust and protecting your business.



Conclusion: API integration testing with third-party payment providers is essential for ensuring secure payment processing in eCommerce platforms. This not only improves customer satisfaction but also protects the business from potential payment failures. As eCommerce continues to evolve, maintaining API testing practices will be key to sustaining growth and trust in the digital marketplace.




Recent Posts

See All

Comments


bottom of page