Important API Testing Interview Questions

Background and Vision

I welcome you all to my new learning blog which is about "API testing interview questions". Here, I have also covered 'Postman' related interview questions. If your next interview on API testing is up to the doors, then I am glad that you have landed over here. I have included complete crust of my industrial knowledge and experience of API testing into this blog and I believe if you are going to appear in any upcoming interviews for API testing then you won't need to put much efforts apart from going through this learning once and try to understand all API testing terminologies, questions and their explanations or answers mentioned over here. I have not only covered all the interview questions that I have faced in my career journey but also included all the possible concepts of API testing on which interviewers have been focused and can frame questions on it.

I have tried to put this possibly in the question-answer format so that it would be easier for all to relate it to the interviews.
Below are the most popular questions over API testing & API testing using Postman along with their best possible answers and explanations.


Postman & API testing interview questions

Q1. What is an API?

Ans: The term API stands for Application Programming Interface and it is a way for different programs to work together in various ways. API's can be of different types and can be used for different purposes.
API's can be used to get access to data from third parties.
API's allow different applications and services to exchange information.
API's can be used to perform some tasks and also to extend existing functionalities. It can also be used for security of data.


Q2. Define API testing and its significance?

Ans: API testing is a type of software testing conducted directly on APIs. Its primary purpose is to ensure the accurate operation of APIs, meet functional requirements, and handle various inputs and outputs without issues. The importance of API testing lies in its role as a key component in building modern software applications. Proper testing ensures stability, security, and reliability.


Q3. What are all different types of HTTP methods?

Ans: Below are common HTTP methods we often call it as CRUD operations.
(C-Create, R-Read, U-Update, D-Delete)

  1. GET - Retrieve data from server.
  2. POST - Create record on the server.
  3. PUT - Replace an existing record on the server.
  4. PATCH - Update an existing record on the server.
  5. DELETE - Delete record on the server.


Q4. What is the difference between PUT, POST & PATCH method?

Ans:

  • POST request - creating a new record on the server. POST method should be used when we just want to create a new record on the server and then server will let us know at what location it has stored it.
  • PUT request - Replace an existing record on the server. PUT can also be used to create records when user tells the location on the server where it should be stored.
  • PATCH request - Update an existing record for some values on the server.


Q5. What are the commonly used authentication types for API's?

Ans: Below are commonly used authentication types:

  • Basic Auth - Username & Password required.
  • OAuth1.0 - Consumer key, Consumer secret, Access token required.
  • OAuth2.0 - Client ID, Client secret, grant type, Scope required.
  • Bearer token - Token generated from the token generation URL required.


Q6. What is the difference between SOAP and REST API?

Ans: SOAP is a protocol, while REST is an architectural style. Using an API that establishes communication guidelines, the two programs or applications share data. There are two different methods for designing APIs: SOAP and REST. The SOAP technique uses an XML data format and is quite organized. Because REST is more versatile, apps can exchange data in a variety of formats like JSON, XML, HTML, JavaScript, simple text, etc. API's communicate over HTTP protocol. REST is more lightweight, flexible, and widely used in web applications.


Q7. What exactly we validate in API testing?

Ans: In API testing we send an input message (payload) in any of the above mentioned formats and then we get a response message from the server.
Then we need to validate below things from the response:

  1. Response should be correct and as expected.
  2. HTTP response code should be as expected.
  3. Response time.
  4. Response body parameters.
  5. Schema validation.
  6. Non-functional such as load and performance testing.


Q8. What is path parameters and query parameters in any URL and how can we identify them?

Ans:
ex) URL - "https:/softwaretestingbypassion.blogspot.com/blog_1/pages?page=1&&page=2"
                

  • softwaretestingbypassion.blogspot.com  => Domain/Hostname/BaseUrl
                 
  • blog_1 and pages  => Path parameters (Separated by "/")
                 
  • page=1 and page=2  => Query parameters (Separated by "?" and comes in 'key=value' pairs and if they are multiple then separated by "&&")


Q9. What are the core components of a HTTP request?

Ans:

  1. Base URI (Uniform Resource Identifier)/ URL (Uniform Resource Locator).
  2. HTTP request methods like POST, PUT, GET, PATCH, DELETE, etc.
  3. Parameters (Query/Path).
  4. Request headers which have metadata (Additional-information about request).
  5. Request body which contains a request message to be sent. (Request payload).


Q10. What is the difference between API testing and UI testing?

Ans:

  • GUI testing (Graphical User Interface) testing means frontend testing of the website or web-application so the focus of UI testing is on validation all links, buttons, elements on the page are working as expected. It is more about the validating the look, feel and interaction of user with the web elements present on the web page.

  • API testing is nothing but validating whether applications are communicating properly or not. API testing doesn't require any UI, it can be done from backend only and because of this reason whenever any application's UI is in construction phase or it is not ready yet, still we can validate business functionalities using APIs and by doing this practice we can inculcate testing in comparatively early stages of software development life cycle and can ensure defect identification in early stages which would be beneficial for clients. That's why API testing is essential.


Q11. Commonly observed http response status codes and their meaning?

Ans: 

1xx informational response – the request was received, continuing process.

  • 100 Continue
  • 101 Switching Protocols

2xx successful – the request was successfully received, understood, and accepted.

  • 200 OK - Standard response for successful HTTP requests.
  • 201 Created - Request fulfilled, new record created.
  • 202 Accepted - Accepted for processing.

3xx redirection – further action needs to be taken in order to complete the request

  • 307 Temporary Redirect
  • 308 Permanent Redirect

4xx client error – the request contains bad syntax or cannot be fulfilled

  • 400 Bad Request
  • 401 Unauthorized
  • 403 Forbidden
  • 404 Not Found
  • 405 Method Not Allowed

5xx server error – the server failed to fulfil an apparently valid request

  • 500 Internal Server Error
  • 501 Not Implemented
  • 502 Bad Gateway
  • 503 Service Unavailable
  • 504 Gateway Timeout


Q12. What challenges you have faced while doing API testing?

Ans: 

a) Unavailability of proper API documentation or Incomplete API documentation.
b) Internal Server Error (500 response code): Sometimes server from which we expect response back are down due to some ESB (Enterprise Service Bus) issues.
c) Communication gap between development and testing teams.
d) Unawareness of authorization type implemented and its convention of getting access of the API's.
e) Understanding the correct input values to use for the API input request.


Q13. What is Collection in Postman?

Ans: Collection is a set or group of API requests. For example collection is like a parent folder in which different requests are stored similar to the folder-file hierarchy. We can create as much requests as we want in a collection. We usually get collections from developers for testing then we can import it into our workspace.


Q14. Which are different types of variables in Postman and what's their scope?

Ans: There are four type of variables in Postman as below:

1. Local variable:
Local variables can be created and used in the pre-request or test scripts and their scope is limited to that particular script only.

2. Collection variable:
Collection variables can be created over the collection level and their scope is limited to that collection only.

3. Environment variable:
Environment variables are environment specific so their scope is for that environment only. The beauty of postman is we can switch over any environment so easily to use variables created into that environment while executing any collection.

4. Global variable:
Global variables as the name suggests are scoped for complete workspace and can be used anywhere in that workspace.


Q15. What is Pre-request script and Test script in Postman?

Ans: Pre-request scripts and Test scripts are nothing but Javascript codes which can be used to perform some tasks before and after the actual request executes.

Pre-request script:
As the name suggests pre-request script gets executed before the actual request is sent. By putting our code into pre-request tab we can do preprocessing tasks like setting up variables, headers, parameters and extra data. We can create pre-request script for a request or complete collection.

Test script (Tests):
Test script is executed after we get the response for a request. By writing our code into tests tab we can validate our API response. We can validate complete response body and response body parameters also we can validate status codes, response time, etc.
Test scripts are essential for testing of our API's. We can also test negative scenarios using test scripts by passing wrong request payload.


Q16. Explain the advantages of using Postman as an API testing tool?

Ans: Postman streamlines the API testing process and automates various testing tasks. Its benefits include:

  • Quick and efficient API testing.
  • A user-friendly interface for manual testing.
  • Support for automated testing.
  • Multiple request types and formats.
  • Additional features such as collections, environments, and monitors.


Q17. Differentiate between JSON and XML?

Ans: JSON (JavaScript Object Notation) and XML (Extensible Markup Language) are commonly used data exchange formats. JSON is lightweight and easily readable, making it ideal for high-performance web applications. On the other hand, XML is more verbose and suited for exchanging complex data structures between systems.


Q18. What is the difference between Authentication and Authorization?

Ans: 
Authentication: 

Authentication is the process of verifying and validating the identity of a user. It verifies the user's identity before allowing them access to a system or application. Authentication involves verifying the credentials or access tokens provided by the client to authenticate its identity.

For example, when a user tries to access an API, they might be required to provide their username and password. The system then verifies these credentials against stored user information to authenticate their identity. If the provided information matches, authentication is successful, and the user is granted access.

Authorization:

Authorization, on the other hand, is the process of determining what actions or resources a user is allowed to access after successful authentication. It sets the permissions and privileges that define what a user can do or access within an application or system.

Authorization ensures that authenticated users have the appropriate rights to perform certain operations on the API. It involves defining and enforcing access controls and permissions based on user roles, groups, or other criteria. Authorization helps protect sensitive data or functionalities by limiting access to authorized users only.

To summarize: Authentication verifies the identity of a user or entity, ensuring they are who they claim to be. Authorization determines what actions or resources an authenticated user can access, based on their granted permissions or privileges.

*Note: For a user, Authentication needs to be done first then Authorization comes into the picture.


Q19. What is monitors in Postman?

Ans: In Postman, the term "monitors" pertains to a feature designed to facilitate the automated testing and scheduling of API requests. These monitors offer a valuable means to execute collections of requests at predetermined intervals, ensuring that APIs function correctly.
               We can setup monitors over our collection of requests from the "Monitors" tab in postman. where we have to fill out information like time interval at which we want to execute that collection, Environment needed for execution, Where to send report of your execution, etc. Monitors can be of best use for regression testing where we have to execute our automated collections at predefined time intervals with proper reports generated. 


Q20. What is Data-driven API testing in Postman?

Ans: Data-driven API testing in Postman is a testing methodology that involves systematically altering the input data used in API requests by leveraging external datasets, such as CSV or JSON files. This approach allows for a comprehensive evaluation of an API's behavior under various scenarios without the need to manually create individual test cases for each condition. 
              In postman we can create CSV or JSON files where we basically create two columns one for variable name and another for variable value. then while running the collection via collection runner postman have options to incorporate or map that data file with your request body parameters where you have used that variables. so while executing requests it will automatically use all data values in your request body while execution. We can also iterate execution multiple times. This method of API testing where we feed data from external files is known as Data-driven testing.


Conclusion:

I hope this will help you for your upcoming interviews. We appreciate your doubts and queries about software testing in comments also suggestions about new questions which are not covered here and you feel it is important or asked in any of the interviews.

If you like this learning, please do share with your needful friends.
Keep learning, Keep growing!




Location: India

Popular posts from this blog

Software Testing Job Updates: Your Gateway to Exciting Opportunities.

Image
Are you a skilled software tester looking for your next career move? Look no further! In this blog post, we bring you the latest software testing job updates from top-notch companies across India. Dive into these exciting opportunities, explore diverse roles, and take the next step in your professional journey.  This blog is a hub for software testers out there looking for a fresh job or want to make a switch to their next software testing job. You will get all the details about current Software Testing jobs in Pune, Mumbai, Hyderabad, Bangalore, Noida, etc. In short, you will get to know open positions for software testing across India here with complete details of the company, how to apply, job description and HR person contact details to whom you can send out your resume for scheduling your interview. Current Job Openings Company: Systems Plus Pvt Ltd, Pune *For references, you just need to contact me over LinkedIn and share your updated resume with the position...
Read more

Monitors in Postman and How to Set Up Monitoring Over Collections in Postman

Image
Introduction You can automate the testing and monitoring of your APIs with Postman's useful feature of being able to monitor collections of API requests. To help you assure the dependability and performance of your APIs, we'll walk you through the process of setting up monitoring over collections in Postman in this blog article. Why is monitoring API collections essential? Monitoring API collections in Postman is essential because of below reasons: Automated testing: This feature enables you to conduct a specified set of queries at certain intervals to automate the testing of your APIs. This assists in identifying problems early in the development cycle. Tracking performance: By keeping tabs on response times and error rates over time, you can keep an eye on how well your APIs are working. This information is essential for locating problems and implementing fixes. Alert notifications: When a collection run experiences failures or deviates from expected behavior...
Read more

A Comprehensive Guide on How to Prepare a Well-Structured Test Plan for Software Testing

Image
A Comprehensive Guide on How to Prepare a Well-Structured Test Plan for Software Testing How to Prepare a Well-Structured Test Plan for Software Testing Table of Contents Introduction What is Test Plan? What is the importance of creating Test Plan? How is test planning done, and what does it contains? Step 1: Understand the Project Requirements and Objectives Step 2: Define Test Objectives and Scope Step 3: Identify Test Deliverables Step 4: Define Testing Strategy and Approach Step 5: Create a Test Schedule Step 6: Identify Test Environment and Tools Step 7: Develop Test Cases and Test Scripts Step 8: Determine Test Data Requirements Step 9: Define Entry and Exit Criteria Step 10: Plan for Test Execution and Reporting Step 11: Allocate Resources Step 12: Review and Approval Conclusion Introduction:  Software testing is a crucial phase in the software development life cycle (SDLC) that ensures the quality and reliability of the product. A well-str...
Read more

Manual to Automation Testing: A Complete Beginner's Roadmap.

Image
Introduction: Switching from manual to automation testing offers significant benefits for an individual tester, enhancing their professional growth and efficiency. It is not just a professional necessity but also a strategic move for personal and career development. It enhances your skill set, improves job satisfaction, and positions you as a valuable asset in the rapidly evolving field of software testing. Embarking on the journey from manual to automation testing is an exciting step for any testing enthusiast. As technology continues to advance, the demand for efficient and automated testing processes is on the rise. If you're a complete beginner looking to make the switch, this roadmap will guide you through the essential steps to successfully transition from manual to automation testing.
Read more

Mastering JIRA: A 15-Day Learning Plan for Project and Test Management

Image
Mastering JIRA: A 15-Day Learning Plan for Project and Test Management Hello everyone! Today, I’m excited to share my comprehensive learning plan for mastering JIRA, the leading project management and test management tool. Whether you're a beginner or looking to enhance your skills, this 15-day roadmap will help you navigate the intricacies of JIRA and leverage it effectively in your projects.
Read more

Linux and Unix Commands, Shell Scripting Concepts, Operating System, for Beginners and Experts - The Essential Linux and Unix Handbook

Image
Linux and Unix Commands, Shell Scripting Concepts, Operating System, for Beginners and Experts - The Essential Linux and Unix Handbook Introduction Linux and Unix are powerful operating systems widely used in various industries, including web development, networking, and system administration. With the increasing demand for skilled Linux/Unix professionals, it's essential to have a comprehensive understanding of the commands, concepts, and scripting techniques that make up these operating systems. In this blog post, we'll take you on a journey to master Linux and Unix operating systems covering all the essential commands, concepts, and shell scripting techniques. Whether you're a beginner or an experienced user, this guide will help you improve your skills and become proficient in using Linux and Unix. Unix/Linux Basics Unix/Linux is a multiuser operating system, which means that multiple users can access the system simultaneously. It's also a multitasking o...
Read more