A SYSTEM TO EVALUATE THE ROBUSTNESS OF AN API UNDER HIGH LOADS
Abstract
Many modern computer systems extensively use application programming interfaces, or APIs. APIs serve as a bridge between different elements of computer systems, allowing them to communicate, interact with each other, and exchange data seamlessly. Formally, an API is a set of protocols, tools, and definitions that allow different programs to integrate with each other, and provide developers with the ability to access certain software functions or data sets. An important task in the process of developing APIs is to ensure their correct operation under high loads. APIs can have hundreds, thousands, and even millions of users, for whom it is important to ensure the stability, scalability, and reliability of these software tools. A system that has not been reliably tested under high load conditions may fail if a large number of users want to use the same API method or retrieve similar data at the same time. Such a system will also be less resistant to DDoS attacks, a type of malicious hacker attack that "clogs" a computer system with a large number of requests, effectively blocking access to it for legitimate users. This article presents the research and development of a testing system designed to evaluate API performance. The system is based on Locust, an open-source tool for testing software under high loads. The tool is designed to model and analyze the behavior of various applications when facing a large number of users. Our performance testing system uses the capabilities of Locust to thoroughly study the stability of the API system in a real-world scenario. It tests a locally running version of an API in detail by loading it with a so-called "swarm" of virtual users. After this process is complete, Locust collects data on the performance of an API – number of successful and failed requests; minimum, maximum, and average request processing time; as well a detailed report that can be used for further analysis of the results. The data obtained as a result of such an analysis contributes to understanding and, subsequently, improving the quality of API performance, offering valuable recommendations for optimizing application performance and identifying bottlenecks in code.
References
2. What is a distributed denial-of-service (DoS) attack? | Cloudflare. URL: https://www.cloudflare.com/learning/ddos/what-is-a-ddos-attack/.
3. Isha, Sharma A., Revathi M. Automated API Testing. 2018 3rd International Conference on Inventive Computation Technologies (ICICT), Coimbatore, India, 15–16 November 2018. 2018. URL: https://doi.org/10.1109/icict43934.2018.9034254.
4. RESTful API Testing Methodologies: Rationale, Challenges, and Solution Directions / A. Ehsan et al. Applied Sciences. 2022. Vol. 12, no. 9. P. 4369. URL: https://doi.org/10.3390/app12094369.
5. Automatic identification of load testing problems / Z. M. Jiang et al. 2008 IEEE International Conference on Software Maintenance (ICSM), Beijing, China, 28 September – 4 October 2008. 2008. URL: https://doi.org/10.1109/icsm.2008.4658079.
6. Latah M., Toker L. Load and stress testing for SDN’s northbound API. SN Applied Sciences. 2019. Vol. 2, no. 1. URL: https://doi.org/10.1007/s42452-019-1917-y.
7. Locust.io. Locust – A modern load testing framework. URL: https://locust.io/.
8. Writing a locustfile – Locust 2.18.4 documentation. Locust Documentation – Locust 2.18.4 documentation. URL: https://docs.locust.io/en/stable/writing-a-locustfile.html#writing-a-locustfile.
9. greenlet. PyPI. URL: https://pypi.org/project/greenlet/.
10. Retrieve test statistics in CSV format – Locust 2.18.4 documentation. Locust Documentation – Locust 2.18.4 documentation. URL: https://docs.locust.io/en/stable/retrieving-stats.html.
ISSN 
