QA Interview: Top 40: Most Frequently Asked API Testing Interview Questions (21:40)

 Other Useful Links:

1. Manual Testing Interview Questions (01-40)
2. Manual Testing Interview Questions (41-80)
3. Selenium With Java Interview Questions - (01-35)
4. Selenium With Java Interview Questions - (36-70)
5. Java Interview Questions for QA (01-50)
6. Java Interview Questions for QA (51-100)
7. Java Programs for QA Automation Interview (01-15)
8. Java Programs for QA Automation Interview (16-30)
9. TestNG Interview Questions for QA (01-20)
10. TestNG Interview Questions for QA (21-40)
11. Maven Interview Questions for QA Automation Interview (01-15)
12. Maven Interview Questions for QA Automation Interview (16-30)

---

Previous: Top 40: Most Frequently Asked API Testing Interview Questions (01-20)

---

21. What is the upper limit for a payload to pass in the POST method?

• <GET> appends data to the service URL. However, it should not be longer than the maximum URL length. However, <POST> doesn’t have any such limit.
• As a result, a user can theoretically give a limitless amount of data as the payload to the POST method. However, in a real-world scenario, sending a POST with a huge payload will take more bandwidth. It will take longer and cause performance issues for your server.

---

22. Is it possible to hack API while testing?

• Yes, it is possible. This is due to the fact that we are sending queries over the internet using the HTTP protocol. This protocol is written in text and is easier to understand.

---

23. How should we test the API security?

To test the security of the API during API testing, we need to validate 2 things:

• Authentication: Whether the end-identity user's is correct.
• Authorization: Whether the user has permission to use the resource.
• We can also check whether or not the TLS or SSL certificate used over the HTTPS protocol is legitimate.

---

24. What is the most commonly used command-line tool to explore API?

• Curl

---

25. Which component helps to hide the distinction between different micro-services?

• API Gateway

---

26. What among the following options provides security to JWT token content?

• Signature
  

---

27. API testing belongs to which among the following categories?

• Black Box Testing

---

28. What is Latency in API testing?

• The response time or delay that the request takes to reach the server is referred to as latency. We need to ensure that the latency involved in reaching the server is minimum as higher the latency, greater is the impact on the application’s speed and performance.

---

29. What is Rest Assured?

• Rest Assured is a java-based framework for evaluating RESTful Web Services. It accesses REST services as a headless client. REST Assured comes with a slew of capabilities that make API automation testing a breeze. It offers friendly DSL-like syntax, XPath-Validation, Specification Reuse, Easy file uploads.

---

30. What is the difference between 406 (Not Acceptable) and 415 (Unsupported Media Type)?

• The server returns 406 when it is unable to respond based on the request headers.
• 415 is returned by the server when the entity sent in a request (content in a POST or PUT) has an unsupported media type 
• so, 406 when you don’t send what they want, 415 when they send what you don't want.

---

31. What is a postman? Why do we need it?

• Postman is an application that is used for API Testing.
• Postman sends an API request to the server and receives the response.
• No extra work or set up framework is required while sending and receiving
• request/response in postman.
• Extensively used by testers and developers.
• Easy to use and friendly interface.
• We can get scripts in different programming language.

---

32. What are Collections in Postman?

Collections in postman is a group of API requests that are already saved in Postman and can be arranged into a folder. Advantages:

• Easy API import and export.
• For convenient access, requests can be organised into folders and collections.
• Data can be sent across API queries using scripts.
• Run Collection option is available.
• API documentation.
• Time Saving

---

33. Web Services vs API

Web Services	API
All Web Services are API.	All API’s are not Web Services.
It Supports XML.	Supports XML, JSON and any other given format
You need SOAP protocol to send or receive data over a network. It doesn’t have a lightweight architecture	API has a lightweight architecture.
It can be used by any client that knows XML.	It can be used by any client who understands XML and JSON.
It provides support for the HTTP protocol.	It provide support for HTTP and HTTPS

34. SOAP vs REST

SOAP	REST
SOAP stands for Simple Object Access Protocol.	REST stands for Representational State Transfer.
SOAP is a protocol.	REST is an architectural style.
SOAP cannot use REST as SOAP is a protocol and REST is architecture style.	REST can make use of SOAP.
SOPA only uses XML.	REST can use XML, JSON, plain text.
SOAP is more harder to set up and uses more bandwidth.	REST is easy to set up and consumes less data.
The Java API for SOAP web services is referred to as JAX-WS.	JAX-RS stands for Java API for REST services.
SOAP is less preferred than REST.	REST is more preferred than SOAP.

35. Get vs Post

Get	Post
Because data is sent in the header, only a limited amount of data can be delivered.	Because data is delivered in the body, a large amount of data can be sent.
Because data is exposed in the URL bar, it is not secure.	Data isn't exposed in the URL bar, thus it's safe.
Can be bookmarked.	Cannot be bookmarked.
Idempotent.	Non-Idempotent.
It is more useful and efficient than Post.	It is less efficient and used.

36. PUT vs POST

PUT	POST
The Put method is idempotent.	Post method is not idempotent.
Put is used when you want to modify existing resources in a collection.	Post method is used when you want to add the new resource under a resource collection.
Put method response can be cached.	Post method response cannot be cached
Generally, Put is used for update operation.	Generally, Post is used for create operations.
Put work as specific.	Post work as abstract.

37. PUT vs PATCH

PUT	PATCH
Put is a method of modifying a resource where the client sends the data that updates the entire resource.	Patch is a method of modifying a resource where the client sends the partial data that is to be updated without modifying the entire data.
The Put method is idempotent.	Patch method is not idempotent.
It has high bandwidth.	It has low bandwidth.

38. Points to remember while writing test cases for API scenarios. Positive Testing:

• Execute with valid and required request parameters.
• Check whether it supports different parameters like XML, JOSN.
• Validate response contents.
• Validate response code.
• Validate header.
• Validate Json schema
• Validation in Database
• Validation in server/access logs.
• Performance: if it returns the response in a timely manner.
• Output support: XML and JSON

Negative Testing:

• Valid input but illegal operations: Attempt to create a resource with duplicate name
• Attempt to delete a resource that doesn’t exist.
• Update resource with illegal/incorrect data.
• Missing / invalid authentication.
• Missing Required Parameters
• Invalid endpoints
• Invalid payload
• Huge Payload
• Executing same requests multiple times: DOS, D-DOS scenarios
• Incorrect content types.
• Maximum number of characters in a filed.
• If a third party server is used and is down.

---

39. Sample Code: GET Request With Query Params: import io.restassured.RestAssured; import io.restassured.http.ContentType; import io.restassured.response.Response; import org.junit.jupiter.api.*; import static io.restassured.RestAssured.given; public class RestAssuredRequests { @BeforeAll public static void setup() { RestAssured.baseURI = "https://jsonplaceholder.typicode.com"; } @Test public void getRequestWithQueryParam() { Response response = given() .contentType(ContentType.JSON) .param("postId", "2") .when() .get("/comments") .then() .extract().response(); Assertions.assertEquals(200, response.statusCode()); Assertions.assertEquals("abc@test.com", response.jsonPath().getString("email[3]")); } } POST Request: import io.restassured.RestAssured; import io.restassured.response.Response; import org.junit.jupiter.api.*; import static io.restassured.RestAssured.given; public class RestAssuredRequests { private static String requestBody = "{\n" + " \"title\": \"foo\",\n" + " \"body\": \"bar\",\n" + " \"userId\": \"1\" \n}"; @BeforeAll public static void setup() { RestAssured.baseURI = "https://jsonplaceholder.typicode.com"; } @Test public void postRequest() { Response response = given() .header("Content-type", "application/json") .and() .body(requestBody) .when() .post("/posts") .then() .extract().response(); Assertions.assertEquals(201, response.statusCode()); Assertions.assertEquals("TestTitle", response.jsonPath().getString("title")); Assertions.assertEquals("TestBody", response.jsonPath().getString("body")); Assertions.assertEquals("1", response.jsonPath().getString("userId")); Assertions.assertEquals("101", response.jsonPath().getString("id")); } }

---

40. API Automation Using Robot FrameWork: Link

---

Greetings, reader! Your input is highly important to us. Please share your thoughts in the comments section below.

---

Contact:

Email:  piyushagrawal.automation@gmail.com

Follow on LinkedIn: Piyush Agrawal - LinkedIn

Follow on YouTube: Piyush Agrawal - Youtube

Happy to Help You !!