Table of Contents
API Testing Interview Questions and Answers
New to API Testing?
No Worries. In this post, we’ll cover API Testing Interview Questions. A list of mostly asked API testing questions and answers given below.
What is an API?
API full form- Application Programming Interface. By using this, we can communicate and data exchange between software systems. It acts as an interface between two applications to communicate and share data with each other.
API takes the user’s request (request from the database, request from the source) and return a response to the user without exposing the internal details. API acts as an abstraction.
Example: Google Map API, Amazon advertising API, Twitter etc.
What are the different types of API testing?
API testing uses the following types of testing:
- Unit testing
- Load testing
- Functional testing
- Runtime/Error detection
- UI testing
- Security testing
- Penetration testing
- Fuzz testing
What are the different protocols used in API testing?
Some of the standard protocols used in API testing are as follows:
What are the tools used in API testing?
Best tools for API testing:
Is JMeter used for API testing?
Yes, JMeter used for API testing.
It is an open-source tool—lots of plugins and extensions. It supports Load testing, Fast API testing, Stress testing.
What is a better tool? POSTMAN or SoapUI?
Both tools have different advantages. POSTMAN tool uses to perform manual API testing, whereas SoapUI uses for automation in API testing.
List some most used templates for API documentation?
Some template which makes API documentation much easier and simple. Below is mentioned
- API blueprint
- Web Services API Specification
What is the test environment of API?
The easiest way to test an API to send the request to the server where API service is configured.
The test environment is a localized version of the production where QA can perform testing.
For example, in a test environment, you may have-
A test database
A localized load balancer
A localized API gateway
A localized API server
Kinds of test environments –
Testing on local builds
Testing Sample apps
Testing hardware products
What must be checked when performing API testing?
There are various things that we need to be validating in API testing.
1.Requirement document of API testing-
For better result, we need to write every requirement. So we need to prefer a requirement document.
2. Set the output result of API testing-
Once the requirement document is ready, we need to finalize the output of the API tests.
We need to verify the response status code which could be pass/fail/invalid etc.
3. Need to focus on small API functions-
API testing is different from another testing type so we cannot jump directly to the more significant test case. The small test case in API testing is less chance of uncertainty in the API tests.
4. Organize endpoints-
In testing, the project may have few or even hundreds of APIs for testing. We highly suggest that we need to organize then into categories.
5. Create positive and negative tests–
Positive Test – Send valid input/request to API and receive the expected result.
Negative Test – Send an invalid request to API and receive the expected result and see expected behavior.
What is Web Services?
Web Services is used to interact with the server without open web pages on the browser.
Let’s relate web services to the web application. In the web application, we have a server on which application is deployed. In this we have a URL, we are putting the URL on the browser so that a web page will be open, here we are giving some input and get output. So this is web application.
But in Web Service, application deployed to the server, but we don’t have any URL for access that application on any browser. So web services allow a program (write the program in any programming languages) to interact with the server, sending input to the server and receiving output from the server. So web service does not provide any GUI to interact with the server.
Note: If I am providing a URL or UI of my application, the user can access my application through only one UI. But in the case of web service, we write the business logic.
Any other application written in any programming language could be a web application or a mobile application to interact with me because I interact with any programming language because I am just providing the programming interface.
Google Map web service: Google developed a web service and provided a UI as well, so we can search the location by typing the address in this application.
So if I want to develop an application where I need the map to find the location, I have two choices either I can develop a whole mapping program from scratch or call a Google web service that Google map provides.
Like Ola cabs developed its UI and purchased the web services of Google mapping, So Ola application behind uses Google web services.
The logic is that when searching any cab on Ola application (it means giving request to the server) then by Google web service we get the result of pick up and drop location which shows on Ola cab application’s UI.
Must Read – Web Services Interview Questions
Difference between API and Web Services?
API and Web Services both are tech terms that regularly get confused, but there are some differences in both term.
API (Application Programming Interface):
It is a set of routines, data structures, classes which are developed by any developer. In other words, it defines methods for one software program to interact with other programs.
APIs don’t need a network to perform any operation.
All APIs are not Web Services.
Web Services is used to interact with the server without open web pages on the browser.
It uses the machine-processable format WSDL file to describe the web services.
|It doesn’t require network for operation.||It requires network for operation|
|All API are not a Web Services||All Web services are API|
|It is an open-source but can be used by who know XML or JSON||It is not an open source and can be used by who know XML|
|It supports only HTTP/HTTPs protocol||It supports only HTTP protocol|
|It is used any style of the communication.||It is used for REST, SOAP and XML-RPC for communication.|
Enlist some API testing tools.
Here some of the tools used for API testing are as follows:
What are the different architectural styles used for creating a Web API?
- HTTP for client-server communication
- Stateless communication between client and server
- Simple URI as the address for the web services
- XML/JSON as a formatting language
What exactly needs to test in API testing?
API testing is the part of the integration testing process.
It is testing both request and response needs to be tested.
Response code (200/2xx/3xx etc)
Validity of response data url/image/text
Does API testing need coding knowledge?
In API testing, we do perform both manual and automation testing.
Manual API testing-
In manual testing, we don’t require any type of coding knowledge. We require API path, body and header etc.
For manual API testing, there are lots of tools available in the market like Swagger, POSTMAN, RESTClient and Insomnia.
Automation API testing-
For API automation testing, you should have knowledge of coding for using tools like REST assured and SoapUI.
What are the types of bugs can be found in API testing?
API testing can detect different types of bugs which could make product bad. Here are some common types of defects.
What is SOAP?
SOAP stands for Simple Object Access Protocol.
It is a communication protocol designed to exchange information via the internet. It supports the XML message format.
How is the UI level testing different from API testing?
In UI testing, we test the user interface level is to test the graphical interface of the application, which includes text type, font size, layout etc.
Whereas, in API testing, we test the communication between different software, and it mainly resides in the business logic layer. It never looks on to the application.
What is TestAPI?
TestApi is a library of test and utility API which are essential for developers and testers for creating testing tools and automation tests.TestApi provides common types of data structure and algorithms.
What is the difference between API testing and Unit testing?
Unit testing is done by developer
Unit testing comes under white-box testing
Unit testing is done before prior to the build deployment.
Only basic functionalities testing performs in unit testing
The Source code is involved in unit testing.
API testing is done by QA
API testing comes under black-box testing
API testing performed after build deployment
Scope of testing is wide. The Source code is not involved in this testing.
How do you test API security Testing?
In API security testing, mainly we perform two operation-
Authentication – It determines the identity of an end-user.
Authorization – It determines what resources a user can access. Also, we usedSSL/TLS certificate and used over HTTPS
Can API be hacked?
Yes, because we are sending data over the internet.
We use mostly HTTP protocol, which goes to REST and SOAP and it is a text-based protocol which therefore is fortunately easy to read.
REST API Interview Questions |
API Testing Interview Questions For Experienced
What is Rest API testing and why it is used?
In Rest API testing, we test Restful APIs for web applications. It is used because Restful web services used less bandwidth. It also supports different file format like XML, JSON etc.
What is a resource in REST?
Every content in REST consider as a resource like text file, HTML pages, Images, video etc.
We can access each resources using URI (Uniform resources identifier).
What is the way to represent a resource in REST?
REST uses a different way to represent the resources like text, XML and JSON.
Which protocol is used for RESTful web services?
RESTful web services use the HTTP protocol. It is used for communication between client and server.
What is messaging in RESTful web services?
For the communication, the client sends the request in the form of HTTP request and server send a response in the form of the HTTP response. This process of sending the request and receiving the response is called massaging.
What are the methods used in REST?
There are following methods used in REST-based architecture.
GET – By using this method, we can only access the resources. We can’t modify any resources.
POST – To create new resources on the server.
DELETE – By using this method, we can delete the resources which are identified by a URI.
PUT – By using this method we can update the resources (If resources do not exist then API decide to create a new resource or not)
PATCH – It is similar to the POST and PUT. The difference is that it is used to a partial modification to the resource.
HEAD – It is similar to the GET, but except without the response body. In other words, if GET returns the list of users in response body whereas HEAD can make the same request but wouldn’t return a list of users.
OPTIONS– It returns data describing what other methods supports at given URL.
Can we use GET method to create new resource instead of PUT?
GET has only read-only access. It can only use to get the data from the server.
PUT is used to modification of the resources on the server.
What is addressing in RESTful web services?
Addressing is used to locating a resource or multiple resources lying on the server.
Using URI (Uniform Resource Identifier), it locates the resources on the server.
Format of URI:
What is RESTful Statelessness?
Statelessness means state of any client request will not store on the server.
RESTful web services should not keep the client state on the server. That is why RESTful is a statelessness web service.
What is RESTful web services Caching?
Caching means storing the accessed data into several places. RESTful web services use caching to storing the server response in the client itself. Also, it improves the performance of RESTful.
It also reduces network bandwidth requirements.
What is the Security in RESTful web services?
Some important points are given below for designing security of RESTful web services.
- Use always HTTPS protocol to encrypt the communication data
- Never use sensitive information into URL
- Always validate input data against SQL or NoSQL injection attacks
- Encryption level always should be high.
- Session-based authentication required for the user.
- Restriction on method (GET, POST, DELETE etc) execution.
What are the main components of the HTTP request?
An HTTP request contains different key elements:
1. HTTP methods like GET, PUT, POST, DELETE.
2. Uniform Resource Identifier (URI), which is the identifier for the different resources on the server.
3. HTTP Version, which indicates HTTP version, for example-HTTP v1.1.
4. Request Header, which contains metadata (as key-value pairs) for the HTTP Request message. Metadata can be a client (or browser) type, format supported by the client, format of a message body format, cache settings, and so on.
5. Request Body, which indicates the message content or resource representation.
What is the payload in RESTFul Web services?
“Payload” is the data you are interested in transporting. This is differentiated from the content that wraps the data for transport like the HTTP/S Request/Response headers, authentication, etc.
What are the different status codes and their description?
The Rest API responds of each request with an HTTP response code. Below I have mentioned the response codes and their description.
|200 Ok||Request accepted.|
|201 Created||This response code is returned from PUT or POST, and indicates that a new resource was created.|
|204 No Content||Successful deletion of a queue.|
|400 Bad Request||Given URL is not in correct format.|
|403 Forbbiden||The requester is not authorized to invoke the request.|
|404 Not Found||The object is not exist on given path.|
|405 Method Not Allowed||Requested HTTP method does not supported.|
|409 Conflict||An attempt made to create an object that already exists.|
|500 Internal Server Error||An internal error occurred in the server. This might indicate a problem in the server side code.|
These are the Response codes and their error message which we are receiving during sending HTTP request to the server.
Which is better REST and SOAP?
REST is better than SOAP. It allows different file format (XML, JSON) to process request whereas SOAP only allow XML.
Can SOAP use JSON?
No, it cannot use JSON.
Is SOAP stateful or stateless?
SOAP is a stateless web service. We can make it stateful by changing code on server.
Is HTTP stateful or stateless?
HTTP is a stateless protocol layered on top of TCP.
[API automation testing interview questions]
What is Parasoft SOA?
Parasoft SOAtest is an automated API testing tool or tool for Service Oriented Architecture (SOA) that allows developers and testers to perform functional testing, end-to-end testing, security testing, performance testing etc. It also supports 100 number of protocols such as Web services, JSON, MQ, JMS, HTTP, XML and EDI etc.
Is Parasoft Open Source tool?
This tool offers free supports open source development community with free access to entire Parasoft suite.
What is SOA (Service Oriented Architecture)?
In SOA, a number of services communicate to each other. It is a method of integrating the business applications and processes it together to meet the business needs.
In SOA, Developers either develop or buy the services to use it into SOA.
POSTMAN API Testing Interview Questions
Postman is also used for manual API testing. Here we will see few Questions on POSTMAN.
What is POSTMAN?
POSTMAN is a platform for API development that started as Chrome extension but now it is available in native app also. By using this we can perform API testing using different HTTP methods like Get, Post, Put and Delete.
Using this we can send HTTP requests to the server and receive responses.
Is POSTMAN good for API testing?
POSTMAN is easy to use. Any non-technical person can use this. It provides the number of API calls for testing APIs.
Give URL, set header, parameters and body of the API and you are ready to perform API testing.
How Can I check API in POSTMAN?
Firstly we need to setup the authorization in POSTMAN with the help of below steps.
- Create a new OAuth client id with the Code Authorization and/or Client Credentials grant type and a callback url of https://www.getpostman.com/oauth2/callback for Code Authorization.
2. In Postman, select any API method.
3. Click on the Authorization tab.
4. Choose OAuth 2.0 and add all details like Authorization URL, Access token, Client ID, Client secret, grant type etc.
5. Click on Get access token button.
6. Postman starts the authentication flow and prompts you to save the access token.
7. Select Add token to header.
8. Click the name of your token so Postman will add the token to the authorization header and click Send to make your request.
9. If authentication is successful, the API shows a 200/OK response.
What should be verified in API testing?
The most important thing to test the HTTP response status code. Verify status is 200 or not to decide test case is passed or failed. After this you can verify response data, response time etc.
What is the best tool for API testing?
There are so many tools are available in the market but few are best and popular in the market like-
- SOAP UI
- Katalon Studio
- Rest Assured
Which type of encoding does POSTMAN accept in authorization credentials?
It accepts base64 encoding only. This is already inbuild in Postman.
What is Collection in POSTMAN?
A collection in Postman is like a folder in your system. It groups individual request together. It organize similar request into a folder.
Capgemini API testing interview questions
What are the HTTP methods?
There are different http methods which are mentioned below.
What is the difference between PUT and PATCH?
Both are work same but there are minor differences.
PUT: This method is used to update the resource on the server. In this method we need to send the entire resource on the server.
PATCH: This method is also used to update the resources on the server but in this method, we need to send only those data that you need to update.
What is difference between Path parameter and Query Parameter?
Path Parameter: Path parameter is used to identify the specific resources. It is placed before question mark in URL.
Query Parameter: Query parameter is used to query or filter the resources based on some conditions. It is placed after the question mark in URL.
SOAP API testing interview questions
What are the SOAP UI assertions?
Assertions are used to validate the test result. There are different types of assertions are used in SOAP UI.
- Property Content
- Script Assertion
- Compliance Status
- SLA etc.
For more details about SOAP UI Assertions Read this Post.
What is Groovy scripting and where it can be used?
Groovy is a scripting language based on java library. It supports the java methods.
It is used in SOAP test steps.
Hope this Q&A tutorial was covered all important “API testing Interview Questions” that will helpful to clear your API Interviews.
Bookmark this post “API testing Interview Questions and Answers” for future reference.
In future I will add more real time API testing interview questions.
If you have other questions related API Interview Questions or feedback, the comment section is yours. Don’t forget to leave a comment below!