How to Optimize Static and Dynamic User’s Login and API Management in JMeter for Performance Testing

Load testing is essential for evaluating the performance, scalability, and endurance of a web application under real traffic conditions. Apache JMeter is a powerful tool used by testers to simulate multiple user and API scenarios. Performance optimization involves testing both static and dynamic users and APIs. 

This blog presents techniques, tips, and step-by-step approaches to help create realistic and reliable load test scenarios that mimic real-world conditions.

Our Experience with Our Current Project’s API Testing

In a recent project, we were tasked with testing the APIs of an interactive event planning tool for weddings at hospitality venues. This project enables users to design and refine event layouts in 2D and 3D, simplifying the entire process of seating arrangements, decor placement, and event flow management.

Before this, the client was using an industry-standard event planning platform that cost approximately $70,000 per year. By switching to our solution, they not only saved money but also improved operational efficiency. The custom features and real-time inventory management allow planners to create precise floor plans, resulting in a more streamlined event experience.

While API testing was our primary responsibility, we took it a step further by dynamically automating user and API management. This approach enhances the simulation of real-world conditions, leading to more accurate performance metrics. We also explored advanced testing methodologies to ensure scalability, accuracy, and speed in handling different user interactions.

Currently, we have implemented all APIs with 10 unique users, managed them dynamically, and shared the report with stakeholders.

Below, we outline the process for dynamically handling complex websites for future use.

Static and Dynamic Users in Load Testing

To maximize the effectiveness of load testing, it is important to understand the differences between static and dynamic users and their API interactions.

Static Users

Static users use predefined credentials and fixed API parameters throughout the test. Since their settings remain unchanged, they are ideal for baseline performance tests to ensure consistency between test runs.

Common use cases:

• System health monitoring
• Regression testing (where predictable inputs help compare test results over time)

Dynamic Users

Dynamic users mimic real-world scenarios by changing session tokens and credentials with each interaction. Dynamic APIs often require parameters that change with every request, such as:

• Authentication tokens
• User IDs

Key benefits of testing with dynamic users:

• Simulating different user behaviors
• Identifying performance bottlenecks under varying conditions

Managing Users and APIs in JMeter

Proper static and dynamic API user management is critical to simulating user interactions, traffic patterns, and system limitations. Below are some best practices

User-Defined Variables

• Store constants such as API endpoints, credentials, and base URLs.
• Example: Set ${baseURL} to https://api.example.com and use it across all HTTP requests.

HTTP Request Defaults

• Define default values for servers, protocols, and ports to simplify test setup.
• Example: Use ${baseURL} to standardize the server name across requests.

Unique User Logins

• Assign different credentials for each user session to simulate separate interactions.
• Example: Use ${username1}, ${username2} and ${password1}, ${password2} to simulate multiple users.

Managing Dynamic Users and APIs

JSON Extractor

• Extracts user IDs, tokens, and other dynamic values from JSON responses.
• Example: Extract ${authToken} from a login response for subsequent API calls.

CSV Data Set Config

• This feature loads user credentials and API parameters from a CSV file.
• Example: Store usernames and passwords in a CSV file for mass user simulation.

Regular Expression Extractor

It extracts dynamic values from responses that are not in JSON format (e.g., HTML or XML).

• Example: Extract session IDs from hidden fields in an HTML response.

One API Call per Thread

• Fetch unique users from a CSV Data Config file.
• Use user-defined variables to store login tokens and reference them in other API calls.

Case Study: Automating API Testing in JMeter

For the project, we tested 10 users, each making 70+ API calls. To ensure accurate results, we used:

Step-by-Step Approach

1. User-Defined Variables: We stored authentication tokens and commonly used API parameters.

2. JSON Extractor: We extracted user ID, venue IDs, and asset types dynamically.

3. HTTP Headers: We ensured all API requests included tokens and content types.

4. JSR223 Sampler: We used Groovy scripts to generate unique asset names based on timestamps.

5. Concurrent Users: Created Thread Groups where each user made over 70 API calls, ensuring session persistence.

6. Validation: Used JSON Path Assertions and Regular Expression Assertions to verify API correctness.

7. Error Handling: We recorded failed requests for debugging.

• Recorded failed requests for debugging and log analysis.
• Implemented Debug Sampler to verify dynamically handled values using JSON Extractor, Groovy JSR223 Sampler, and user-defined variables.
• Ensured that API keys correctly returned values or displayed NOT_FOUND errors when necessary.

8. Scalability & Concurrency: We simulated multiple users accessing the system simultaneously to assess the performance impact. The summary report provided insights into error rates, average requests per second, and overall system load when running all APIs for user-1.

Best Practices for JMeter Load Testing

To get it right and fast follow these best practices:

• Each User Session is Unique: Assign session tokens to each user.
• Token Expiration: Automate token refresh.
• Load Configuration: Tweak thread settings to match real life.
• Use Assertions for API: Validate API responses with JSON Path and Regular Expression Assertions.
• Use Realistic Data: Use dynamic variables and CSV files to simulate actual user behavior.

Final Thoughts

By leveraging JMeter’s advanced features, we successfully automated API testing. We utilized User Defined Variables, JSON Extractors, JSR223 Samplers, and CSV Data Set Configurations to create realistic load tests that evaluated the system’s ability to handle multiple user interactions.

The result? Faster testing, improved scalability, and more actionable performance metrics. By implementing token management, chained requests, concurrency control, and response validation, this approach closely mirrors real-world scenarios and enhances system reliability under load.