Basic Questions

What is API testing? Why is it important?

API testing involves verifying APIs to ensure they meet functional,

performance, and security requirements. It's important because APIs connect
different software systems, and any failure can impact the overall application
functionality.

What are the types of API testing?

1. Functional Testing
2. Load Testing
3. Security Testing
4. Validation Testing
5. Integration Testing
6. Penetration Testing
7. Error Detection
8.
Explain the difference between SOAP and REST APIs.

1. SOAP: Uses XML, is protocol-based, and provides stricter security and transaction
compliance.
2. REST: Uses JSON, XML, or other formats, is lightweight, and operates over HTTP
with more flexibility.

What is the difference between API testing and Unit testing?

1. API Testing: Focuses on testing API functionality, reliability, performance, and

security.
2. Unit Testing: Focuses on testing individual units or components of the code.

What tools do you know for API testing?

1. Postman
2. SoapUI
3. JMeter
4. Swagger
5. RestAssured
6. cURL

What is the difference between GET, POST, PUT, and DELETE methods
in REST API?

1. GET: Retrieves data.

2. POST: Creates new data.
3. PUT: Updates existing data.
4. DELETE: Deletes data.
 What is the purpose of HTTP status codes? Can you name some common
ones?

HTTP status codes indicate the result of an API request.

1. 200: OK
2. 201: Created
3. 400: Bad Request
4. 401: Unauthorized
5. 403: Forbidden
6. 404: Not Found
7. 500: Internal Server Error

Practical and Scenario-Based Questions

How do you test an API without a front-end?

Use tools like Postman or cURL to send requests and validate responses.
Alternatively, use scripting languages like Python or Java for automation.

What are the main components of an API request and response?

1. Request: URL, Method, Headers, Parameters, Body

2. Response: Status Code, Headers, Body, Time

Explain what headers, parameters, and body mean in an API request.

1. Headers: Contain metadata (e.g., authorization, content type).

2. Parameters: Define specific query values (e.g., ?id=10).
3. Body: Holds data for POST/PUT requests.

How would you validate the response of an API?

1. Verify HTTP status code.

2. Check response body against expected data.
3. Validate headers and response time.
4. Test for error messages or edge cases.
What would you do if an API test fails?
 Verify if the endpoint is correct.
 Check if authentication/authorization details are accurate.
 Debug request payload or parameters.
 Validate the test environment settings.
 Consult API documentation for any missing information.

What is the difference between Functional and Non-Functional API Testing?

 Functional Testing: Ensures API functions as expected. Focuses on input/output and

validation of business logic.
 Non-Functional Testing: Focuses on performance, scalability, security, and reliability of the
API.
 What tools are commonly used for API Testing?

Some popular tools are:

 Postman (Manual testing)
 SoapUI (Functional and security testing)
 JMeter (Performance testing)
 Swagger (API documentation and testing)
 RestAssured (Automated testing using Java).

What is the difference between SOAP and REST APIs?

Feature SOAPUI RESTAPI

Protocol Uses strict protocols Lightweight, uses HTTP
Data Format XML only JSON, XML, HTML, etc.
Performance Slower due to payload Faster and efficient
Scalability Less scalable Highly scalable
Ease of Use Complex Easy to implement

What is JSON and XML? How are they used in API testing?

1. JSON: Lightweight data format (key-value pairs).

2. XML: Structured markup language.
APIs use them to exchange data in request and response payloads.

What would you do if an API returns a 500 error?

1. Check the API server logs for internal errors.

2. Validate the request format and data.
3. Retry with correct parameters.
4. Communicate with the development team.

How do you ensure API security during testing?

1. Test for authentication and authorization mechanisms.

2. Check data encryption and secure protocols (HTTPS).
3. Perform penetration testing for vulnerabilities.
4. Validate sensitive data exposure and access controls.
5. Simulating attacks to check for robustness.

What are common challenges in API Testing?

 Lack of proper documentation.

 Ensuring test coverage for all scenarios.
 Handling authentication and authorization mechanisms.
 Managing API changes during development.
 Verifying complex data structures.
 Practical/Hands-On Questions
 How do you handle API versioning in testing?

 Test all available versions (e.g., v1, v2).

 Verify backward compatibility.
 Check deprecated features in older versions.
 Ensure new features in updated versions work as expected

Tool-Based Questions
Have you used Postman or any similar API testing tool? What features do
you like the most?

Yes, Postman is widely used for its:

1. Easy-to-use interface
2. Collections and scripting
3. Automated tests
4. Environment variables

How do you create and validate test cases in Postman?

1. Use the Tests tab in Postman to write JavaScript-based assertions.

2. Validate response status, body, headers, and time.

What is a collection in Postman, and how do you use it?

A collection is a group of API requests organized for easy execution and

testing. It can store pre-defined requests, scripts, and test cases.

How would you test an API using cURL?

1. Use cURL commands to send requests from the terminal.

Example:
bash
Copy code
curl -X GET "https://api.example.com/data" -H "Authorization:
Bearer token"

Have you heard of tools like Swagger or JMeter? What is their use in API
testing?

1. Swagger: Used to document and test APIs.

2. JMeter: Used for performance and load testing of APIs.

Automation and Advanced Questions

What is the difference between manual and automated API testing?

1. Manual: Performed using tools like Postman.

2. Automated: Uses scripts (e.g., in Java, Python) to automate repetitive tests.
 How can you automate API testing?

Use tools like Postman, RestAssured, or libraries in languages like Python (e.g.,
requests) to write automated test scripts.

Have you written any scripts for API testing using tools like Postman,
Python, or Java?

Example in Python using requests:

import requests
response =
requests.get("https://api.example.com/data")assert
response.status_code == 200
What is API mocking, and why is it used?

API mocking creates fake responses for APIs that are not fully developed or
unavailable, enabling testing in isolated environments.

What is an API mock server?

A mock server mimics the behavior of a real API. It is used during testing
when the actual API is unavailable or incomplete. Mock servers help simulate
responses to test client applications.

What challenges have you faced (or do you think you might face) in API
testing?

1. Unstable APIs during development

2. Lack of documentation
3. Managing test data
4. Handling API versioning

Behavioral Questions
What steps do you follow to test an API from scratch?

1. Understand the API requirements.

2. Set up the testing environment.
3. Test using tools like Postman.
4. Validate requests and responses.
5. Automate tests if needed.
6.
Can you explain an experience (or hypothetical scenario) where API
testing revealed critical bugs?

Example:
"During API testing, I found that the API was exposing sensitive user data in
plain text. Reporting it to the development team helped secure the data and
avoid a potential breach."
Can you write a sample API request in Postman?

Answer:
POST Request Example:

Set the URL (e.g., https://api.example.com/users).

Select POST as the method.
Go to the Headers tab and add:
Content-Type: application/json.
In the Body tab, select raw and enter the JSON payload:
json
Copy code
{
"name": "John Doe",
"email": "[email protected]",
"password": "123456"
}
Click Send to execute the request.