hr process, hr, selection


List of most important API testing interview questions.

API stands for Application Programming Interface. Generally, APIs are used to establish the interaction between two different applications. When API is used over a web network, we call them ‘Web Services’. In recent times APIs have become the backbone of programming. As in an application, writing APIs to communicate with the database, or with another module has become a common practice now and that is why as a tester we must test the APIs for maximum test coverage.

1- What are the main challenges you face in the API testing in your project?

Challenges are for example,

API documentation

Access to the database

Call sequencing


2- What is the difference between the PUT and the POST method?

This is the most common API testing interview question these days.

  • Firstly, the POST request means to create a new object in the database.
  • Secondly, a PUT request means to update the existing object in the database with the new value.


3- What are the most commonly used HTTP methods?

For example:

GETUsed to retrieve data from the server
POSTcreate a new object in the server
PUTUsed to update an existing object in the server
DELETEused to delete data from the server


4- List a few authentication techniques used in API testing.

  • Session / Cookies based Authentication
  • Basic Authentication
  • Digest Authentication
  • OAuth

Above all are the few most important authentication techniques.


5- What is the REST API?

REST – Representational State Transfer, is a set of functions that helps developers performing requests and receive responses. Interaction is made through HTTP protocol in REST API.

6- What exactly you verify in API testing?

Accuracy of data

HTTP status code

Response time

Error codes if API returns an error




Above all are the most important verification checks.

7- Differentiate API testing and UI testing.

UI (User Interface) testing means testing the graphical user interface. The focus of UI testing is on the look and feel of the application, like how the user interacts with the application elements, such as images, font, layout, etc.

API testing allows communication between two software systems. It determines if the developed APIs meets the expectation regarding functionality, reliability, performance, and security. It works on the backend and also knows and the backend testing.

To clarify, describe some scenarios while answering this question in an interview.

8- What protocol RESTFUL Web services use?

RESTFUL web services use the HTTP protocol as the medium of communication between client and server.

9- Can we use POST instead of PUT to create a resource?

Yes, we can because POST is the superset of all HTTP requests except GET requests.

10- What do you understand by payload?

Payload/body is a secured input data that is sent to API to process the request. The payload is generally constructed in JSON format in REST API.

11- What kind of bugs that API testing can find?

Missing or duplicate functionality

Fail to handle error conditions gracefully




Unused flags


Multithreading issues

Improper errors

Above all are the most frequent bug that API testing can detect.

12- Describe the term Environment with respect to Postman?

The environment in Postman is a set of key-value pairs. We can create multiple environments in postman.

There are two types of environment, the global environment, and the local environment. They define the scope of the variable to use it in the requests.

The most common variable we use is URL because the URL is used in every request and changing it in every request can be very time-consuming.  When we create an environment inside Postman, we can change the value of the key-value pairs and the changes are reflected in the requests.


13- State the common status code you encounter in API testing.

This is the most common API testing interview question.

200 (OK) Defines that the request was correct.

201 (Created) The value wrapped with the request has been created in the database.

204(No Content) This status code means that the request was correct and received but there is no response to send to the client by the server.

400 (Bad Request) A bad request means that the syntax of the request was incorrect. It can happen if you have sent the wrong parameters along with the request URL or in the body of the request.

401 (Authorized)  We can incur such a status code when you are not authorized to access the server or you have entered the wrong credentials.

404 (Not Found) A response code 404 means that the server was connected but it could not find what was requested. You can normally see this status code when you request a web page that is not available.

500(Internal Server Error) A response code 500 means there was some exception at the server level while executing the request.

502(Bad Gateway) The server, while acting as a gateway or proxy, received an invalid response from the upstream server it accessed in attempting to fulfill the request.

503(Service Unavailable) The server is currently unable to handle the request due to a temporary overloading or maintenance of the server. 

504(Gateway Timeout) The server, while acting as a gateway or proxy, did not receive a timely response from the upstream server specified by the URI 

Above all are the most common status codes.

14- What is Pre-Request Script in Postman?

In short, a pre-request script is a script that runs before the execution of a request.

15- What is the difference between authorization and authentication?

  • Authentication is a process of presenting your credentials to the system and then the system validates your credentials. These credentials tell the system about who you are.
  • Authorization is a process of allowing or denying someone from accessing something once authentication is completed.


16- What is the importance of setNextRequest in Postman?

setNextRequest is used to define the workflow of API testing. setNextRequest is needed to control the order of the execution of requests.

17- What are the two types of scripts in Postman?

  • Tests script
  • Pre-request script

Above are the types of scripts in postman.

18- What is REST?

Representational State Transfer is an architectural style of developing web services. In this architecture, the server provides access to resources and the client presents those resources. Each resource is identified by URI. REST uses different ways to represent a resource like JSON, text and XML. XML and JSON are the most popular one. Resource are accessed by a common interface using HTTP standard methods.

19- Which is the most popular way to represent a resource in REST?

JSON is the most popular and important way to represent resources.

20- What do you understand by messaging in RESTful web services?

RESTful web services use HTTP as a medium of communication between client and server. The client sends a message in the form of an HTTP request and then the server transmits the HTTP response. This technique of interaction is called messaging. These messages contain both message data and metadata (information about the message itself).

21- List the core components of an HTTP request?

  • HTTP methods type such as GET, PUT, POST, DELETE
  • URI that acts as an identifier for the resource on the server
  • HTTP Version
  • Request Header, Metadata, Cache Settings, Authentication Parameters
  • Request Body or the Payload

Above are the core components of an HTTP request.

22- What is Rest Assured?

Rest Assured is a java based library that is used to test the RESTful Web Services. It acts as a headless client to access REST services. REST Assured provides a lot of features, which makes API automation testing very easy. Like it offers friendly DSL-like syntax, XPath-Validation, Specification Reuse, Easy file uploads.

23- Define what is a URI?

Uniform Resource Identifier, URI consists of base URL, path parameter, and query parameter

URI= Base URL + Path Parameter + Query Parameter


URI-   https://reqres.in/api/users?page=2

24- What do you mean by the HTTP status code?

REST APIs use HTTP status codes to tell what exactly happened when the server processed the request.

 Grouping for HTTP Status Codes will be :

  • 1xx – Informational
  • 2xx – Success e.g. 200 Success, 201 Created
  • 3xx – Redirection e.g. 302 Temporary Redirect
  • 4xx – Client Error e.g. 400 Bad Request, 404 Not Found
  • 5xx – Server Error e.g. 500 Internal Server Error

The type of status code you receive depends on the application you are interacting with. Usually, a 4xx error means that you have done something wrong and a 5xx error means that something has gone wrong with the application server you are interacting with.

25- Explain the main differences between API and Web Service?

  • All web services are APIs but not all APIs are web services.
  • A web service uses only three styles of use: SOAP, REST and XML-RPC for communication whereas API may be exposed to in multiple ways.
  • A web service always needs a network to operate while APIs don’t need a network for operation.
  • Web services might not contain all the specifications and cannot perform all the tasks that APIs would perform.


26- Who can use a Web API?

Clients that support HTTP verbs such as GET, PUT, DELETE, POST. Since Web API services do not require configuration, they can be easily used by any client. Portable devices such as mobile devices can easily use Web API, which is undoubtedly the biggest advantage of API.

27- List the advantages of API Testing?

  • Compatibility and easy integration with GUI: Simple integration would allow new user accounts to be created within the application before a GUI test started.
  • Language-Independent: In API testing, data is exchanged using XML or JSON. These transfer modes are completely language-independent that allows users to select any coding language while adopting automation testing services for the project.
  • Time Effective: In comparison to functional GUI testing API testing usually is less time-consuming. The web elements in GUI testing must be polled, which makes the testing process slower. Particularly, API test automation requires less code so it can provide better and faster test coverage compared to GUI test automation.
  • Test for Core Functionality: API testing provides the ability to access the application without a user interface. The core and code-level functionalities of the application will be tested and evaluated early before the GUI tests. This helps in detecting the minor issues which can become bigger during the GUI testing.


28- What are the principles of an API test design?

Basically, there are the five most important principles of an API test design:

Setup: Create objects, start services, initialize data, etc

Execution: Steps to apply API or the scenario, including logging

Verification: Oracles to evaluate the result of the execution

Reporting: Pass, failed, or blocked

Clean up: Pre-test state


29- List the common API testing types?

Validation Testing

Functional Testing

UI testing

Load testing

Runtime/ Error Detection

Security testing

Penetration testing

Fuzz testing

Interoperability testing


30- What is the procedure to perform API testing?

Create the suite to add the API test case

Create the test development mode

Demand the development of test cases for the required API methods

Configure the control parameters of the application and then test conditions

Configure method validation

Arrange all API test cases

Execute the API test

Check test reports


31- What must be checked when performing API testing?

Accuracy of data

Non-functional testing like performance and security testing

Implementation of response timeout

Schema validation

HTTP status codes

Data type, validations, order, and completeness

Authorization checks

Error codes in case API returns


32- Difference between API Testing and UI Testing?

API enables communication between two separate software systems. A software system implementing an API contains functions or subroutines that can be executed by another software system.

On the other hand, UI ( User Interface) testing refers to testing graphical interfaces such as how users interact with the applications, testing application elements like fonts, images, layouts, etc. UI testing basically focuses on the look and feel of an application.


33- What are the types of Bugs API testing can find?

The types of Bugs, API will find

Missing or duplicate functionality





Unused flags

Not implemented errors

Inconsistent error handling

Improper errors

Fails to handle error conditions gracefully

Multi-threading issues

34- What is API Automation?

We often need to automate the test cases which are repeatedly executed in every sprint. Like regression cases. Similarly, in the case of API testing, there are some cases that we need to execute before every release and those cases should be automated.

There are many tools for API automation like-


Katalon studio




CloudQA TruAPI

35- How we can segregate the entire system into three layers?

Presentation Layer – This is the user interface (GUI) that is open to end-users. QA performs functional testing at this layer.

Business Layer – This is the Application user interface where the logic is written. In technical terms, this is where code/algorithm resides. APIs come into the picture at this layer.

DataBase Layer – Where application data is present.

36- List the main differences between SOAP and REST?

1. SOAP is a protocol through which two computers communicates by sharing XML document.1. Rest is a service architecture and design for network-based software architecture.
2. SOAP supports the only XML format.2. It supports many different data formats.
3. SOAP does not support caching.3. It supports caching.
4. SOAP is like a custom desktop application, closely connected to the server.4. A REST client is just like a browser and uses standard methods. An application has to fit inside it.
5. SOAP is slower than REST.5. It is faster than SOAP.
6. It runs on HTTP but envelopes the message.6. It uses the HTTP headers to hold meta information.


37- What is the caching mechanism?

Caching is a process in which we store server responses at the client end. It allows the server to save significant time from serving the same resource again and again.

The server response holds information that leads a client to perform the caching. It helps the client to decide how long to archive the response or whether not to store it at all.

38- Is there any upper limit for a payload to pass in the POST method?

Theoretically, one can pass unlimited data as the payload to the POST method. But, while considering a real use case, then sending a POST with a large payload will consume large bandwidth. It will take more time and cause performance challenges to the server.

39- State some of the API examples which are very well known.

Google Maps API:

These are designed mainly for mobile and desktop use with the help of flash interface and JavaScript.
Amazon Advertising API:
Amazon is known for its products and thus their advertising API accesses their product to discover their functionality and thus advertise accordingly.
The API for Twitter is usually in two categories, one for accessing data and the other for interacting with Twitter search.
This API used for YouTube includes various functionalities including videos, live streaming, player, etc.


40- What is REST parameters? 

The REST API has four types of parameters:


Request parameters – These are submitted as JSON parameters present in the request.

Header parameters – These are present in the request header.

Query string parameters – These are provided at the endpoint of the query.

Path parameters – These are provided in the endpoint path.


Leave a Comment

Your email address will not be published.