What is REST API?

Ajeet Kumar Maurya

3 years ago

Hi All, In this post we will see – what is REST API testing and what are the different http methods, http status code with description, what is authentication and its types. Also we will see basic interview questions on API testing .

Table of Contents

What is REST API or RESTful API?

REST stands for Representational state transfer. Means change the state of the resources or objects.

This state of the object can be either in XML or JSON.

API stands for Application programming interface. Means it is the interface between two different applications. It allows two applications to communicate with each other. Every time you access an app like Facebook or check the weather on your smartphone, API is used.

So, Restful API is an architectural style for an API that uses HTTP requests (GET, POST, PUT, DELETE) to access and use data.

REST is a stateless API means the server does not store any state about the client session on the server side.

Terms used in Request:

Endpoint
Method
Headers
Data or body

Endpoint: It is the request URL. It is below like-

root-endpoint/?

Root-endpoint is the starting point of API. Example – for twitter is https://api.twitter.com.

The path determines the resources where it is exist.

For example In my site to get the list of all posts tagged under “Selenium”, you navigate to

https://automationtestings.com/category/selenium/

so here

https://automationtestings.com/ – is the endpoint

category/selenium/ – is the path.

Final part of endpoint is query parameters. Query parameter give you option to modify your request in key and value pairs. It is always start with question mark (?). Each parameter is separated by ampersand (&) like this.

?query1=val1&query2=val2

Methods:

HTTP request methods is used to send the client request to the server. Below are the methods-

GET
POST
PUT
PATCH
DELETE

Above methods provide use of four possible actions: Create, Read, Update, Delete (CRUD).

GET – This request is used to get the request from the server.

The server looks for the data what you have requested and send back response to the server.

POST – This request is used to create new resource on a server. When you perform POST request then server create new entry in database and send a response to you whether the creation is successful.

PUT and PATCH – These both request is used to perform update operation on server.

DELETE – This request is used to perform delete operation from a server. Its delete an entry from the database.

Headers:

Headers are used to provide information to both client and server.

It can be used for many purposes like authentication and providing information about the body content.

Headers information is always in the form of property and value pairs.

The example below shows a header that tells server to expect JSON format.

“Content-Type: application:json”

Data or Body:

The data (sometimes called body or message) content information that sent to the server. This is used only in case of POST, PUT and PATCH request.

Must Read: API Testing Interview Questions

Authentication:

Means: validating the user before using the data or any service.

Example – When you access any website and login with username and password, you are authenticated and you can enter the website. Here you can access some section of the website but may not be able to access some other section which are like admin section.

In simple word-

Authentication means – Who you are? And
Authorization means- what you can do or what access do you have?

Authentication Types:

Basic authentication – String is encoded with Base64.
Digest authentication – This authentication is performed by transmitting the password in an encrypted form.
OAuth – This allows you to approve one application interacting with another on your behalf without giving away your password.

Why do we have Authorization and NOT Authentication in API Requests:

In API, we are using always a URL which is actually an endpoint and endpoint is an address of a resource of the particular application. When we run the API or hit that URL means we are try to access that resource from the server so here authorization will happen. In authorization, authentication also involved because before authenticating username and password or secret token, authorization is not possible.

That is why we always used this term authorization in API.

REST API Response:

HTTP Status Code and Error Message:

Status code is issued by server in response to a client’s request made to the server.

There are different types of status code like informational (1xx), Success (2xx), Redirection (3xx), Client error (4xx) and Server error (5xx).

Here we will discuss only important status codes.

200+ – Means the request has succeeded.

300+ – Means the request is redirected to another URL.

400+ – Means an error which is originated from client side.

500+ – Means an error which is originated from server side.

Response Codes	Description
200 Ok	Request accepted.
201 Created	This response code is returned from PUT or POST, and indicates that a new resource was created.
202 Accepted	Request is successful but process is not yet finished
204 No Content	Successful deletion of a queue.
400 Bad Request	Given URL is not in correct format.
401 Unauthorized	The client needs to authorize to access the resources.
403 Forbidden	The requester is not authorized to invoke the request.
404 Not Found	The object is not exist on given path.
405 Method Not Allowed	Requested HTTP method does not support.
409 Conflict	An attempt made to create an object that already exists.
500 Internal Server Error	An internal error occurred in the server. This might indicate a problem in the server side code.
503 Service Unavailable	When server is not available due to excessive load or may be down for maintenance.

In case of API response, it can be simple xml or in JSON format or any other type. One REST API can be used by different applications. One application might need the response in the form of XML and other application might need response in the form of JSON. But we can develop REST API which sends the response according to the input header of the HTTP request.

Example of response of student record-

XML Response-

<Student>
    <rollno>10</rollno>
    <firstName>Amit</firstName >
    <lastName>Agarwal</lastName>
    <age>25</age>
</Student>

JSON Response –

{
    "rollno":"10",
    "firstName":"Amit",
    "lastName":"Agarwal",
    "age":"25"
    "contactNumber":"98877271127"
}

JSON Basics:

JavaScript Object Notation.

When exchanging data between a browser and server, the data can only be text.

JSON is text and we can convert any JavaScript object into JSON and send JSON to the server.

We can also convert any JSON message received from server into JavaScript object.

JSON is language independent.

JSON data types –

JSON String: – {“name”: “AMIT”}

JSON Number: – {“age”:”25”}

JSON Object: – {

“employee”: {“name”:”AMIT”,

“Age”:”30”,

“city”:”New York”

}

JSON Array: –

{“employee”: [John, Anna, Peter]}

JSON Boolean: –

{“sale”: true}

[dropshadowbox align=”center” effect=”raised” width=”auto” height=”” background_color=”#df8bda” border_width=”3″ border_color=”#dddddd” ] Frequently Asked Questions[/dropshadowbox]

Q1. What is API testing?

API testing is the testing that APIs and its integration with the web services. The purpose of API testing is to check functionality, performance, reliability and security of the application.

In API testing, we mainly focus on business layer of the software. We won’t focus on GUI of the application.

It is one of the most challenging types of testing if we miss the certain cases in API testing it may cause a big issue on production after full integration of the system and it will hard to debug.

Q2. What to test in API testing?

Validate key with min. and Max range of APIs (e.g maximum and minimum length)
Have a test case to do XML and JSON Schema validation.
Keys verification. If we have JSON, XML APIs we should verify it’s that all the keys are coming.
Validation of different types of http codes error.

Q3. What are the types of bugs that API can detect?

Fails to handle error conditions gracefully
Unused flags
Missing or duplicate functionality
Reliability issues. Difficulty in connecting ad getting a response from API
Security issues
Performance issues. API response time is very high
Response data is not proper structure correctly(JSON or XML ).

Summary:

In this post, we have covered ‘What is REST API and HTTP request methods’.

We have also covered – ‘HTTP status code and error description‘ , ‘Authentication and its types’, JSON data types and few interview questions on API testing.

I am sure this content added some additional value in your skills and also helpful to preparation of your interviews.

Final word, Bookmark this post “What is REST API” for future reference.

If you have other questions or feedback, the comment section is yours. Don’t forget to leave a comment below!