API TESTING INTERVIEW QUESTIONS 2023 UPDATED

API TESTING INTERVIEW QUESTIONS 2023 UPDATED

List of most important API testing interview questions.

API stands for Application Programming Interface. Generally, APIs are used to establish the interaction between two different applications. When API is used over a web network, we call them ‘Web Services’. In recent times APIs have become the backbone of programming. As in an application, writing APIs to communicate with the database, or with another module has become a common practice now and that is why as a tester we must test the APIs for maximum test coverage.

1- What are the main challenges you face in the API testing in your project?

Challenges are for example,

API documentation

Access to the database

Call sequencing

2- What is the difference between the PUT and the POST method?

This is the most common API testing interview question these days.

• Firstly, the POST request means to create a new object in the database.
• Secondly, a PUT request means to update the existing object in the database with the new value.

3- What are the most commonly used HTTP methods?

For example:

4- List a few authentication techniques used in API testing.

• Session / Cookies based Authentication
• Basic Authentication
• Digest Authentication
• OAuth

Above all are the few most important authentication techniques.

5- What is the REST API?

REST – Representational State Transfer, is a set of functions that helps developers performing requests and receive responses. Interaction is made through HTTP protocol in REST API.

6- What exactly you verify in API testing?

Accuracy of data

HTTP status code

Response time

Error codes if API returns an error

Authorization

Performance

Security

Above all are the most important verification checks.

7- Differentiate API testing and UI testing.

UI (User Interface) testing means testing the graphical user interface. The focus of UI testing is on the look and feel of the application, like how the user interacts with the application elements, such as images, font, layout, etc.

API testing allows communication between two software systems. It determines if the developed APIs meets the expectation regarding functionality, reliability, performance, and security. It works on the backend and also knows and the backend testing.

To clarify, describe some scenarios while answering this question in an interview.

8- What protocol RESTFUL Web services use?

RESTFUL web services use the HTTP protocol as the medium of communication between client and server.

9- Can we use POST instead of PUT to create a resource?

Yes, we can because POST is the superset of all HTTP requests except GET requests.

10- What do you understand by payload?

Payload/body is a secured input data that is sent to API to process the request. The payload is generally constructed in JSON format in REST API.

11- What kind of bugs that API testing can find?

Missing or duplicate functionality

Fail to handle error conditions gracefully

Stress

Reliability

Security

Unused flags

Performance

Multithreading issues

Improper errors

Above all are the most frequent bug that API testing can detect.

12- Describe the term Environment with respect to Postman?

The environment in Postman is a set of key-value pairs. We can create multiple environments in postman.

There are two types of environment, the global environment, and the local environment. They define the scope of the variable to use it in the requests.

The most common variable we use is URL because the URL is used in every request and changing it in every request can be very time-consuming.  When we create an environment inside Postman, we can change the value of the key-value pairs and the changes are reflected in the requests.

13- State the common status code you encounter in API testing.

This is the most common API testing interview question.

200 (OK) Defines that the request was correct.

201 (Created) The value wrapped with the request has been created in the database.

204(No Content) This status code means that the request was correct and received but there is no response to send to the client by the server.

400 (Bad Request) A bad request means that the syntax of the request was incorrect. It can happen if you have sent the wrong parameters along with the request URL or in the body of the request.

401 (Authorized)  We can incur such a status code when you are not authorized to access the server or you have entered the wrong credentials.

404 (Not Found) A response code 404 means that the server was connected but it could not find what was requested. You can normally see this status code when you request a web page that is not available.

500(Internal Server Error) A response code 500 means there was some exception at the server level while executing the request.

502(Bad Gateway) The server, while acting as a gateway or proxy, received an invalid response from the upstream server it accessed in attempting to fulfill the request.

503(Service Unavailable) The server is currently unable to handle the request due to a temporary overloading or maintenance of the server. 

504(Gateway Timeout) The server, while acting as a gateway or proxy, did not receive a timely response from the upstream server specified by the URI 

Above all are the most common status codes.

14- What is Pre-Request Script in Postman?

In short, a pre-request script is a script that runs before the execution of a request.

15- What is the difference between authorization and authentication?

• Authentication is a process of presenting your credentials to the system and then the system validates your credentials. These credentials tell the system about who you are.
• Authorization is a process of allowing or denying someone from accessing something once authentication is completed.

16- What is the importance of setNextRequest in Postman?

setNextRequest is used to define the workflow of API testing. setNextRequest is needed to control the order of the execution of requests.

17- What are the two types of scripts in Postman?

• Tests script
• Pre-request script

Above are the types of scripts in postman.

18- What is REST?

Representational State Transfer is an architectural style of developing web services. In this architecture, the server provides access to resources and the client presents those resources. Each resource is identified by URI. REST uses different ways to represent a resource like JSON, text and XML. XML and JSON are the most popular one. Resource are accessed by a common interface using HTTP standard methods.

19- Which is the most popular way to represent a resource in REST?

JSON is the most popular and important way to represent resources.

20- What do you understand by messaging in RESTful web services?

RESTful web services use HTTP as a medium of communication between client and server. The client sends a message in the form of an HTTP request and then the server transmits the HTTP response. This technique of interaction is called messaging. These messages contain both message data and metadata (information about the message itself).

21- List the core components of an HTTP request?

• HTTP methods type such as GET, PUT, POST, DELETE
• URI that acts as an identifier for the resource on the server
• HTTP Version
• Request Header, Metadata, Cache Settings, Authentication Parameters
• Request Body or the Payload

Above are the core components of an HTTP request.

22- What is Rest Assured?

Rest Assured is a java based library that is used to test the RESTful Web Services. It acts as a headless client to access REST services. REST Assured provides a lot of features, which makes API automation testing very easy. Like it offers friendly DSL-like syntax, XPath-Validation, Specification Reuse, Easy file uploads.

23- Define what is a URI?

Uniform Resource Identifier, URI consists of base URL, path parameter, and query parameter

URI= Base URL + Path Parameter + Query Parameter

Example: 

URI-   https://reqres.in/api/users?page=2

24- What do you mean by the HTTP status code?