API Testing Interview Questions and Answers 2024

Anh Tester chia sẻ đến bạn bộ câu hỏi và câu trả lời phỏng vấn Kiểm thử API năm 2024 tiếng Anh.

  1. What is an API?

API stands for Application Programming Interface. It is a set of rules, protocols, and tools that allow different software applications to communicate and interact with each other. APIs define the methods and data formats applications can use to request and exchange information.


  1. What is API Testing?

API Testing is a type of software testing that focuses on testing APIs directly, examining their functionality, reliability, performance, and security. It involves validating the API's endpoints, requests, responses, data formats, error handling, and more.


  1. How does SOAP compare to REST?

SOAP (Simple Object Access Protocol) and REST (Representational State Transfer) are two different approaches for building web services. SOAP is a protocol with strict standards and uses XML for message formatting, while REST is an architectural style that relies on simpler, lightweight standards like JSON, XML, or others.


  1. What are the advantages of API Testing?

Advantages of API Testing include faster test execution, broader test coverage, early detection of issues, easier automation, improved security testing, and reduced overall testing efforts.


  1. What Is The Difference Between Web Services and APIs?

Web services are a type of API that specifically uses web protocols and technologies for communication between different applications or systems. APIs, on the other hand, can include various interfaces beyond web services, allowing different types of software systems to communicate.


  1. What are HTTP status codes?

HTTP status codes are standardized responses provided by servers to indicate the outcome of a client's request. They are three-digit numeric codes sent as part of the HTTP header when a request is made to a server.


  1. What are common HTTP status codes?

HTTP status codes are grouped into different categories: 1xx (informational response), 2xx (success), 3xx (redirection), 4xx (client errors), and 5xx (server errors). Each category indicates a specific class of responses.


  1. What are the common API testing types?

Common API testing types include functional testing, performance testing, security testing, load testing, interoperability testing, and fuzz testing.


  1. What are the Limits of API Usage?

API usage limits refer to restrictions set by API providers on the number of requests, rate limits, access privileges, or data usage for a specific API endpoint within a certain time frame.


  1. What is an API, and what is an Endpoint?

An API is a set of rules and protocols allowing different software applications to communicate. An endpoint refers to a specific URL or URI that a client application accesses to interact with the API.


  1. How do you validate the Endpoints?

Endpoint validation involves checking the correctness and functionality of the endpoints by sending requests and verifying responses. It includes checking endpoint availability, response times, and returned data.


  1. How do you validate the Search, Filtering, and Sorting Endpoint?

Validating Search, Filtering, and Sorting Endpoints involves verifying that these functionalities return accurate results based on search queries, filter criteria, and sorting parameters provided in the API requests.


  1. How do you validate the Request Methods?

Request method validation ensures that different HTTP methods (e.g., GET, POST, PUT, DELETE) work correctly and perform the intended actions as specified in the API documentation.


  1. How do you validate the Request Header?

Validating Request Headers involves verifying that the headers sent in API requests contain the expected information, such as content types, authentication tokens, or any other required headers.


  1. How do you validate the Request Body?

Validating Request Body involves ensuring that the data or payload sent in API requests matches the expected format, structure, and content defined in the API specification or documentation.


  1. How do you validate Rate Limits and Caching in API?

To validate rate limits, simulate requests exceeding the defined rate limit, and verify that the API rejects additional requests as expected. For caching, test by sending requests and checking if the expected cached responses are returned, avoiding unnecessary calls to the server.


  1. How do you validate Pagination and cursors?

For pagination, test by fetching a large dataset and validating if the API returns the correct number of records per page with accurate metadata like page numbers, next/previous links, and total records. Cursors can be tested by ensuring the cursor-based navigation returns the expected data sets.


  1. What are some architectural styles for creating a Web API?

Some architectural styles for creating Web APIs include RESTful architecture, SOAP (Service-Oriented Architecture Protocol), GraphQL, and RPC (Remote Procedure Call).


  1. Who can use a Web API?

Web APIs can be used by developers, third-party applications, or any entities that require access to specific functionalities or data provided by the API.


  1. What are the request methods for API?

Common request methods for APIs include GET (retrieve data), POST (create data), PUT (update data), DELETE (remove data), PATCH (partially update data), and OPTIONS (get supported methods).


  1. What are the advantages of API Testing?

Advantages of API Testing include faster test execution, broader test coverage, early detection of issues, easier automation, improved security testing, and reduced overall testing efforts.


  1. Some common protocols used in API testing?

Common protocols used in API testing include HTTP/HTTPS (RESTful APIs), SOAP (XML-based protocols), and protocols like TCP/IP for some specialized APIs.


  1. What is the test environment of API?

The test environment for API testing involves a setup where APIs can be tested independently from the production environment, often using tools like Postman, SoapUI, or custom scripts.


  1. What are the principles of an API test design?

Principles of API test design include understanding API specifications, focusing on key scenarios, prioritizing input validation, designing reusable test cases, handling security aspects, and ensuring test data management.


  1. What are the common API testing types?

Common API testing types include functional testing, performance testing, security testing, load testing, interoperability testing, and fuzz testing.


  1. What is the procedure to perform API testing?

The procedure for API testing involves planning, designing test cases, preparing test data, executing tests, analyzing results, reporting issues, and retesting after fixes.


  1. What must be checked when performing API testing?

During API testing, key aspects to check include endpoint functionality, response accuracy, error handling, data format (JSON/XML), security, rate limiting, and performance under different loads.


  1. What is the best approach method to perform API testing?

The best approach for API testing involves understanding requirements, designing test cases covering positive/negative scenarios, automating repetitive tests, validating responses, and continuously improving test coverage.


  1. What tools could be used for API testing?

Tools for API testing include Postman, SoapUI, RestAssured, JMeter, Karate, pytest, Newman, and others, depending on requirements and the type of testing needed.


  1. What are the differences between API Testing and Unit Testing?

API testing validates an application's APIs, focusing on functionality, performance, security, and integration, while Unit testing verifies individual units or components of the code for correctness.

API testing

UNIT testing

This testing is owned by the Quality Analyst team.

This testing is owned by the developers working on the corresponding modules.

This belongs to the category of black box testing.

This belongs to white box testing.

Full system functionality is considered in API testing as the API would be used by external developers.

As the name indicates, this testing verifies whether the unit of code works as expected or not in isolation.

In this testing, the testers do not have access to the internal source code and it focuses only on the functionality of the API.

The developers who work on developing unit test cases have access to the source code as they need to ensure the modules developed are passed before delivery.



  1. What are the major challenges faced in API testing?

Major challenges in API testing include endpoint availability, proper authentication, data format validation, handling rate limits, versioning, maintaining test data, handling dependencies, and dynamic responses.


  1. What are the testing methods that come under API testing?

Testing methods in API testing include functional testing, load testing, security testing, performance testing, fuzz testing, interoperability testing, and validation of request/response data.


  1. What are common API errors that are often found?

Common API errors include 4xx client errors (e.g., 400 Bad Request, 401 Unauthorized, 404 Not Found) and 5xx server errors (e.g., 500 Internal Server Error, 503 Service Unavailable).


  1. What kinds of bugs that API testing would often find?

API testing commonly identifies bugs related to incorrect responses (e.g., incorrect data format, missing fields), security vulnerabilities, performance bottlenecks, improper error handling, and rate-limiting issues.


  1. What is the API documentation?

API documentation is a comprehensive guide that provides information about available endpoints, request/response formats, parameters, authentication methods, rate limits, error codes, and usage examples of an API.


  1. How often are the APIs changed and, more importantly, deprecated?

API changes and deprecations vary widely based on providers. Some APIs have frequent changes due to feature updates or improvements, while others might remain stable for longer periods. Deprecated APIs are often phased out gradually over time.


  1. What is REST?

REST stands for Representational State Transfer, an architectural style that defines a set of principles for designing networked applications. It uses standard HTTP methods (GET, POST, PUT, DELETE) for communication. What is a RESTful Web Service? -A RESTful Web Service is a web service based on REST principles. It exposes resources through standardized URLs and uses HTTP methods to perform CRUD (Create, Read, Update, Delete) operations on these resources.


  1. What is a “Resource” in REST?

In REST, a resource is any information or entity that can be accessed via a unique identifier (URL) and manipulated using standard CRUD operations.


  1. What is the most popular way to represent a resource in REST?

The most popular way to represent a resource in REST is by using JSON (JavaScript Object Notation) or XML (eXtensible Markup Language) for data serialization.


  1. Which protocol is used by RESTful Web services?

RESTful Web services primarily use the HTTP protocol for communication, leveraging its methods (GET, POST, PUT, DELETE) and status codes to interact with resources.


  1. What are some key characteristics of REST?

Key characteristics of REST include statelessness, client-server architecture, uniform interface (using URLs), layered system, cacheability, and a stateless communication model.


  1. What is messaging in RESTful Web services?

In REST, messaging refers to the process of exchanging representations of resources between clients and servers using standardized HTTP methods and data formats.


  1. What are the core components of an HTTP request?

The core components of an HTTP request include the request line (method, URL, protocol/version), request header (metadata), request body (optional for some methods), and sometimes query parameters.


  1. Can "GET request" be used instead of "PUT" to create a resource?

No, according to RESTful principles, GET requests should not be used to create resources. PUT requests are typically used to update or create resources, while POST requests are specifically for creating resources.


  1. Is there any difference between "PUT" and "POST" operations?

Yes, in RESTful services, PUT is used to update or create a resource if it doesn't exist, while POST is specifically used to create new resources.


  1. Which purpose does the OPTIONS method serve for the RESTful Web services?

The OPTIONS method in RESTFUL Web services allows a client to determine which HTTP methods and headers are allowed for a specific resource. It provides information about supported operations for the resource.


  1. What is URI? What is the main purpose of REST-based web services and what is its format?

URI (Uniform Resource Identifier) is a string of characters that identifies a particular resource. In REST, URIs are used to uniquely identify resources, typically formatted as URLs.


  1. What is the payload in RESTful Web services?

In RESTful Web services, the payload refers to the data transmitted in the HTTP request or response body. It contains the representations of resources exchanged between the client and server.


  1. What is the upper limit for a payload to pass in the POST method?

There is no standardized upper limit defined for the payload size in the POST method. It can vary based on server configurations, network limitations, and API-specific constraints.


  1. What is Latency in API testing?

Latency refers to the response time or the delay taken by the request to reach the server. We need to ensure that the latency involved in reaching the server is minimum as higher the latency, greater is the impact in the application’s speed and performance.


  1. Why is automated API testing useful?


Automated testing is useful in the long run as it helps to maximize the test coverage of the applications in a shorter period of time meaning it helps to test large test sets very easily and quickly. It enables parallel execution and helps to reduce human-generated errors in testing. It saves the time required to test applications thereby saving the overall cost.


  1. What do you understand by Input injection?

Input injection is the act of simulating inputs for testing APIs. It can be simulated in different ways:

  • Direct Method Invocation
  • Accessibility interface invocation
  • Low-level input simulation
  • Device driver simulation
  • Robot Simulation.


  1. Is it possible to hack API while testing?

Yes, it is possible. This is because we are sending requests over the internet which mostly follows HTTP protocol. This protocol is text-based and is easier to read. Hence, it is required to perform security testing of the APIs to ensure safer systems.


  1. How should we test the API security?

To test the security of the API during API testing, we need to validate 2 things:

Authentication: Whether the identity of the end-user is correct.

Authorization: Whether the user is allowed to access the resource.

We can also validate whether the TLS or the SSL certificate used over the HTTPS protocol is valid or not.


  1. How do you perform API Load Testing?
  • Load Testing is a category of Performance Testing that is used for checking an application’s capability to perform under various user loads.
  • This is done for identifying bottlenecks in performance before the application becomes live.
  • It is done by simulating many users hitting the API at the same time or in other words, artificial traffic is simulated to identify if the application is capable of handling the load by maintaining consistency in the response times and not impacting the functionality.
  • One such tool to perform Load Testing is JMeter. It provides flexibility to create a test plan, define the thread groups and record test scripts to simulate artificial load to the API. It finally provides a feature to visualize the result of load testing done. For more information about using JMeter.
  • Anh Tester

    Đường dẫu khó chân vẫn cần bước đi
    Đời dẫu khổ tâm vẫn cần nghĩ thấu