LinkedIn: Japneet

Sachdeva

API CheatSheet
for SDETs
 LinkedIn: Japneet
Sachdeva

REST API Methods

GET
Explanation: Retrieves data from the
server without modifying it.
Example: GET /users/123 retrieves
the user with ID 123.
Useful Detail: Use GET requests for
safe and idempotent operations.

1
 LinkedIn: Japneet
Sachdeva

POST
Explanation: Sends data to the
server to create a new resource.
Example: POST /users with a JSON
payload { "name": "John Doe" }
creates a new user.
Useful Detail: POST is neither safe
nor idempotent, so be cautious
about retrying failed POST requests.

2
 LinkedIn: Japneet
Sachdeva

PUT
Explanation: Updates an existing
resource or creates a resource if it
does not exist.
Example: PUT /users/123 with a
JSON payload updates the user
with ID 123.
Useful Detail: PUT should be
idempotent, meaning repeated
requests with the same data should
produce the same result.

3
 LinkedIn: Japneet
Sachdeva

DELETE
Explanation: Removes a resource
from the server.
Example: DELETE /users/123 deletes
the user with ID 123.
Useful Detail: DELETE operations
should also be idempotent.

4
REST API Considerations
CORS (Cross-Origin Resource
Sharing)
Explanation: CORS is a security
feature that allows or restricts
resources on a web page to be
requested from another domain.
Example: Implementing CORS by
setting HTTP headers like Access-
Control-Allow-Origin on the server.
Useful Detail: CORS is essential for
modern web applications that
interact with APIs hosted on different
domains.
LinkedIn: Japneet
Sachdeva

5
Idempotence
Explanation: An operation is
idempotent if it can be
performed multiple times
without changing the result
beyond the initial application.
Example: PUT /users/123 with
the same data should always
yield the same outcome.
Useful Detail: Ensure that GET,
PUT, and DELETE operations are
idempotent.

LinkedIn: Japneet
Sachdeva

6
Auth (Authentication)
Explanation: Authentication is
the process of verifying the
identity of a user or application
accessing the API.
Example: Implementing
OAuth2, JWT, or basic
authentication in your API.
Useful Detail: Always use HTTPS
to protect authentication
credentials.

LinkedIn: Japneet
Sachdeva

7
Input Validations
Explanation: Validate all
incoming data to ensure it
meets the required format and
constraints before processing.
Example: Check that an email
field contains a valid email
address format.
Useful Detail: Use validation
libraries like Hibernate
Validator in Java to simplify
this process.

LinkedIn: Japneet
Sachdeva

8
TLS (Transport Layer Security)
Explanation: TLS is a protocol
that provides encryption for
data in transit between the
client and server.
Example: Ensure that your API is
accessible only via https://
URLs.
Useful Detail: Always use TLS for
APIs that handle sensitive data.

LinkedIn: Japneet
Sachdeva

9
Rate Limiting
Explanation: Rate limiting
controls the number of
requests a client can make to
an API within a given time
frame to prevent abuse.
Example: Implement rate
limiting to restrict a client to 100
requests per minute.
Useful Detail: Provide
meaningful error messages
and headers to inform clients
of rate limit status.
LinkedIn: Japneet
Sachdeva

10
Filtering/Ordering
Explanation: Filtering allows
clients to specify criteria to
narrow down the results
returned by an API, while
ordering lets them sort the
results.
Example: /users?
age=30&sort=name returns
users aged 30 and sorts them
by name.
Useful Detail: Provide flexible
filtering and ordering options to
make your API more usable.
LinkedIn: Japneet
Sachdeva

11
Security
Explanation: Security is crucial
for protecting data and
ensuring that only authorized
users can access and modify
resources.
Example: Implement security
measures like OAuth2, API keys,
and HTTPS.
Useful Detail: Conduct regular
security audits and keep your
API up to date with the latest
security patches.

LinkedIn: Japneet
Sachdeva

12
Pagination
Explanation: Pagination breaks
large sets of data into smaller
chunks, making it easier for
clients to process and display
results.
Example: /users?
page=2&limit=50 returns the
second page of users with a
maximum of 50 users per
page.
Useful Detail: Provide links to
the next and previous pages in
the response to facilitate easy
navigation.
LinkedIn: Japneet
Sachdeva

13
API Status Codes
1xx Informational Responses
These status codes indicate that the
request was received and is being
processed.
1. 100 Continue
Explanation: The server has received
the initial part of the request and the
client should continue with the
request.
Example: Occurs during a large file
upload when the server
acknowledges the initial headers
and waits for the rest of the data.
2. 101 Switching Protocols
Explanation: The server agrees to
switch protocols as requested by the
client.
Example: When upgrading from HTTP
to WebSocket protocol during a
handshake.
LinkedIn: Japneet
Sachdeva

14
2xx Successful Responses
These status codes indicate that the request
was successfully received, understood, and
accepted.
1. 200 OK
Explanation: The request was
successful, and the server has returned
the requested resource.
Example: Occurs when fetching data
from an API (e.g., a successful GET
/users request).
Useful Detail: The most commonly used
status code.
2. 201 Created
Explanation: The request was
successful, and a new resource was
created.
Example: Occurs after successfully
creating a new user with a POST /users
request.
3. 202 Accepted
Explanation: The request has been
accepted for processing, but the
processing is not yet complete.
Example: When a server accepts a
request to process an image but
returns before the image processing is
finished.
LinkedIn: Japneet
Sachdeva

14
4. 204 No Content
Explanation: The server successfully
processed the request, but there is
no content to send in the response.
Example: Occurs after a successful
DELETE request where the resource
is deleted and nothing needs to be
returned.

LinkedIn: Japneet
Sachdeva

15
3xx Redirection Messages
These status codes indicate that further
action is needed to complete the request.
1. 301 Moved Permanently
Explanation: The resource has been
permanently moved to a new URL.
Example: Occurs when a website
has permanently changed its
domain, and the old URL redirects to
the new one.
2. 302 Found
Explanation: The resource is
temporarily located at a different
URL.
Example: Occurs when a user is
redirected to a login page before
accessing a restricted resource.
3. 304 Not Modified
Explanation: The resource has not
been modified since the last
request, so the client can use the
cached version.
Example: Occurs when checking if a
cached version of a webpage is still
valid with a GET request that
includes If-Modified-Since headers.
LinkedIn: Japneet
Sachdeva

16
4xx Client Error Responses
These status codes indicate that there
was an error in the request, often due to
incorrect input or authentication issues.
1. 400 Bad Request
Explanation: The server cannot
process the request due to client
error (e.g., malformed request
syntax).
Example: Occurs when sending a
POST request with invalid JSON.
2. 401 Unauthorized
Explanation: The client must
authenticate itself to get the
requested response.
Example: Occurs when accessing
a protected resource without
providing valid credentials.
Useful Detail: Requires
authentication headers like Bearer
Token.
3. 403 Forbidden
Explanation: The client does not
have permission to access the
resource.
Example: Occurs when trying to
access an admin panel without
sufficient privileges.
LinkedIn: Japneet
Sachdeva

17
404 Not Found
Explanation: The server cannot
find the requested resource.
Example: Occurs when requesting
a non-existent endpoint like GET
/nonexistent-page.

409 Conflict
Explanation: The request could
not be completed due to a
conflict with the current state of
the resource.
Example: Occurs when
attempting to create a resource
that already exists.

429 Too Many Requests

Explanation: The user has sent too
many requests in a given amount
of time.
Example: Occurs when hitting a
rate limit on an API.

LinkedIn: Japneet
Sachdeva

18
5xx Server Error Responses
These status codes indicate that the
server failed to fulfill a valid request.

500 Internal Server Error

Explanation: The server encountered an
unexpected condition that prevented it
from fulfilling the request.
Example: Occurs when a server-side
script fails or throws an exception.
Useful Detail: Typically requires server-
side debugging.

502 Bad Gateway

Explanation: The server was acting as a
gateway or proxy and received an
invalid response from the upstream
server.
Example: Occurs when a reverse proxy
server (like Nginx) can't get a valid
response from the backend server.

503 Service Unavailable

Explanation: The server is not ready to
handle the request, often due to being
overloaded or down for maintenance.
Example: Occurs when the server is
temporarily offline for updates.

LinkedIn: Japneet
Sachdeva

19
504 Gateway Timeout
Explanation: The server was
acting as a gateway or proxy
and did not get a response in
time from the upstream server.
Example: Occurs when the
backend server is too slow to
respond.

LinkedIn: Japneet
Sachdeva

20
REST API Principles
Layered System
Explanation: A REST API should be
designed in layers, where each layer
interacts only with the adjacent
layers. This allows for scalability and
modularity.
Example: Separate the presentation
layer from the data access layer,
and add caching as a middle layer.
Useful Detail: Use proxies, gateways,
and load balancers to distribute and
manage traffic efficiently.

Uniform Interface
Explanation: A uniform interface
simplifies and decouples the
architecture. It includes using
standard HTTP methods, consistent
resource naming, and standard
status codes.
Example: Use GET to retrieve data,
POST to create data, PUT to update
data, and DELETE to remove data.
Useful Detail: Follow REST
conventions strictly to make your API
predictable and easier to use.
LinkedIn: Japneet
Sachdeva

21
Code on Demand (Optional)
Explanation: Servers can temporarily
extend or customize the functionality
of a client by transferring executable
code (e.g., JavaScript). This is optional
in RESTful services.
Example: A server might send a script
to be executed on the client side to
validate a form before submission.
Useful Detail: Use with caution, as it
can introduce security risks.

Cachable
Explanation: Responses should be
explicitly marked as cacheable or
non-cacheable to improve
performance by reducing the need to
fetch the same resource repeatedly.
Example: Use HTTP headers like
Cache-Control and ETag to manage
caching.
Useful Detail: Cache static resources
aggressively, but ensure that dynamic
or sensitive data is not cached
inappropriately.

LinkedIn: Japneet
Sachdeva

22
Follow for more such
useful content!
My Courses:
Become SDET & Future SDET Manager: Link

Interview Q&A Bank with 950+ Q’s from top

product based companies and service: Link

Mastering Gen AI for QA and QA Automation:

Link

LinkedIn: Japneet
Sachdeva