API Testing For SDET QA and Manual Tester Roles 1735647881
API Testing For SDET QA and Manual Tester Roles 1735647881
SDET, QA and
Manual Tester roles
explained by Inder P Singh
A: API testing means testing Application Programming Interfaces (APIs) to test if they work
as expected, meet performance standards, and handle errors. APIs handle the
communication between software systems, enabling them to exchange data and
functionality. API testing is important for the following reasons:
• Logic Validation: APIs can encapsulate the core business logic of an application. API
testing finds out if that logic works as intended.
• Cascading Effect Prevention: Since APIs often connect multiple systems, a failure in
one API can disrupt the entire system. For example, in an e-commerce system, if the API
managing payment processing fails, it can prevent order confirmations and impact
inventory updates, customer notifications, and financial records.
• Integration Validation: APIs handle the interactions between different systems. Testing
these interactions for correctness, reliability, performance and security is critical.
• Early Bug Detection: By testing APIs before the UI is complete, defects can be identified
earlier, reducing downstream issues.
• Functionality: Testing if the API executes intended operations and returns accurate
responses. Example: A "getUserDetails" API should return the correct user details based
on the provided user ID.
• Performance: Validating the API’s speed and responsiveness under varying loads.
Example: Testing if the API responds within 300 ms when handling 100 simultaneous
requests.
• Security: Checking data protection, authentication, and authorization mechanisms.
Example: Ensuring unauthorized users cannot access restricted endpoints.
• Reliability: Confirming if the API delivers consistent results across multiple calls and
scenarios. Example: A weather API should always return the correct temperature for a
given city.
A: API testing is generally categorized as functional testing because its main objective is to
validate if the API performs its expected functions accurately. However, API testing also
involves non-functional testing types, depending on the test scope:
• Performance Testing: To measure the API’s responsiveness and stability under different
conditions. Example: Load testing an API that handles ticket booking during a flash sale.
• Security Testing: To validate data confidentiality and access control mechanisms.
Example: Testing an API for vulnerabilities like SQL injection or unauthorized access.
A: API testing focuses on the backend logic, while UI testing validates the user interface.
Their differences include:
Q: Does API testing come under integration testing or system testing test levels?
A: API testing is considered a part of integration testing because it validates how different
components or systems interact with each other. For example, Testing an API that bridges
a payment gateway with an e-commerce platform: The focus would be on testing the
correct and complete communication, accurate data exchange, and correct handling of
alternate workflows like declined payments.
A: Yes, API testing can be a part of system testing when it is used to validate end-to-end
workflows that involve APIs. For example, an order management system involves several
APIs for inventory, payment, and customer notification. System testing would involve
validating the entire order placement process, including all the APIs in the workflow.
A: Classifying API testing determines the test scope and test approach for testing. For
example:
• Endpoints: Endpoints are the URLs where APIs are accessed. Example: A weather API
endpoint might look like https://api.weather.com/v1/city/temperature. Tip:
You should always document endpoints clearly, including required parameters and
response formats.
• Requests and Methods: APIs use HTTP methods to perform operations. The common
ones are:
1. GET: Retrieve data. Example: Fetching user details with GET /user/{id}.
2. POST: Create new data. Example: Creating a new user with POST /user.
3. PUT: Update existing data. Example: Updating user details with PUT /user/{id}.
4. DELETE: Remove data. Example: Deleting a user with DELETE /user/{id}.
Tip: Verify that the API strictly adheres to the HTTP method conventions.
A: Modern software relies heavily on APIs for communication, making their reliability
paramount:
• APIs Drive Application Functionality: APIs implement the key features of applications,
like user authentication, data retrieval, and payment processing. Example: A banking
app’s core functionalities, such as checking account balances, transferring funds, and
viewing transaction history, are implemented with APIs.
• Use Mock Servers: Mock APIs allow you to test scenarios without using the ready APIs.
• Validate Negative Scenarios: Don’t just test happy paths; additionally test invalid
inputs, unauthorized access, and server downtime.
• Automate Tests: Automating repetitive API tests saves time for test coverage. Tools like
REST Assured and Postman can help you automate validations for different test
scenarios.
Note: You can follow me in LinkedIn for more practical information in Test Automation and
Software Testing at the link, https://www.linkedin.com/in/inderpsingh
A: Functional testing tests if the API performs its intended operations accurately and
consistently. It includes the following tests:
Tip: Use tools like Postman to design and execute functional test cases effectively.
Automate repetitive tests with libraries like REST Assured for scalability.
A: Validating API responses involves validating the accuracy, structure, and completeness
of the data returned by the API.
• Status Codes: Confirm that the correct HTTP status codes are returned for each
scenario.
o 200 OK: For successful requests.
o 404 Not Found: When the requested resource does not exist.
o 500 Internal Server Error: For server-side failures.
• Response Body: Validate the structure and data types. Example: If the API returns user
details, validate if the response contains fields like name, email, and age with the
correct types (e.g., string, string, and integer).
• Schema Validation: Check if the API response matches the expected schema Tip: Use
schema validation tools like JSON Schema Validator to automate this process.
Tip: Include assertions for all fields in the response to avoid missed validations during
regression testing.
A: Security testing focuses on protecting APIs from unauthorized access, data breaches,
and malicious attacks. Key test scenarios include:
• Authentication and Authorization: Test if the API enforces authentication (e.g., OAuth,
API keys). Verify role-based access control (RBAC). Example: A DELETE /user/{id}
endpoint should only be accessible to administrators.
• Input Sanitization: Check for vulnerabilities like SQL injection or cross-site scripting
(XSS). Example: Test input fields by submitting malicious payloads like '; DROP TABLE
users;-- to confirm if they are sanitized.
• Data Encryption: Test that sensitive data is encrypted during transmission (e.g., via
HTTPS). Example: Check if login credentials sent in a POST /login request are
transmitted securely over HTTPS.
• Rate Limiting: Validate that the API enforces rate limits to prevent abuse. Example: A
public API should reject excessive requests from the same IP with a 429 Too Many
Requests response.
• Token Expiry and Revocation: Test how the API handles expired or revoked
authentication tokens. Example: Test that a revoked token results in a 401
Unauthorized response.
Tip: Use tools like OWASP ZAP and Burp Suite to perform comprehensive API security testing.
A: The API performance testing evaluates the speed, scalability, and reliability of APIs under
various conditions.
• Response Time: Measure how quickly the API responds to requests. Example: For a
weather API, test if the response time for GET /currentWeather is under 200ms.
• Load Testing: Test the API's behavior under normal and peak load conditions. Example:
Simulate 100 concurrent users hitting the POST /login endpoint to verify stability.
• Stress Testing: Determine the API's breaking point by testing it under extreme
conditions. Example: Gradually increase the number of requests to an API until it fails
to identify its maximum capacity.
• Spike Testing: Validate the API’s ability to handle sudden traffic surges. Example:
Simulate a flash sale scenario for an e-commerce API.
• Resource Usage: Monitor server resource usage (CPU, memory) during API tests.
Example: Confirm that the API doesn’t consume excessive memory during a batch
operation like POST /uploadBulkData.
• Caching Mechanisms: Test if the API effectively uses caching to improve response
times. Example: Validate if frequently requested resources like product images are
served from the cache.
Tip: Use tools like JMeter and Gatling for automated performance testing. Monitor metrics
like latency, throughput, and error rates to identify bottlenecks.
Note: In order to expand your professional network and share opportunities with each
other, you’re welcome to connect with me (Inder P Singh) in LinkedIn at
https://www.linkedin.com/in/inderpsingh
• Understand the API Specification: Study the API documentation, including endpoint
definitions, request/response formats, and authentication mechanisms. Example: For
a GET /user/{id} API, understand its parameters (id), response structure, and
expected error codes.
• Identify Test Scenarios: Convert the API’s functionality into testable scenarios:
o Positive test cases: Validate the expected behavior for valid inputs.
o Negative test cases: Test if the API handles invalid inputs gracefully.
o Edge cases: Test boundary values to identify vulnerabilities.
Example: For a pagination API, test scenarios include valid page numbers, invalid
page numbers (negative values), and boundary values (e.g., maximum allowed page).
• Use a Modular Approach: Create reusable test scripts for common actions like
authentication or header validation. Example: Write a reusable function to generate a
valid authorization token for secure APIs.
• Use Assertions: Verify key aspects like status codes, response time, response structure,
and data accuracy. Example: Assert that the response time for GET /products is under
200ms.
• Automate Wherever Possible: Use tools like REST Assured or Postman to automate
test case execution for scalability and efficiency. Example: Automate regression tests
for frequently changing APIs to minimize manual effort.
• Prioritize test cases based on business impact and API complexity. High-priority features
should have extensive test coverage.
Q: How do you define inputs and expected outputs for API test cases?
A: Inputs:
Expected Outputs:
A: A structured template enables writing test cases that are complete, reusable, and easy
to understand. Below is a suggested template:
A: Functional Testing validates if the API meets its specified functionality and produces the
correct output for given inputs. It tests if the API behaves as expected under normal and
edge-case scenarios.
• Validation of Endpoints: Test that each endpoint performs its intended functionality.
Example: A GET /user/{id} API should fetch user details corresponding to the
provided ID.
A: Load Testing assesses the API’s performance under normal and high traffic to test if it
handles expected user loads without degradation.
• Set the Benchmark: According to the API performance requirements, define the
expected number of concurrent users or requests per second. Example: An e-
commerce API might need to handle 500 concurrent product searches.
• Simulate the Load: Use tools like JMeter or Locust to generate virtual users. Example:
Simulate 200 users simultaneously accessing the GET /products endpoint.
• Monitor Performance Metrics: Track response time, throughput, and server resource
utilization. Example: Verify that response time stays below 1 second and CPU usage
remains under 80%.
• Test with both expected and peak traffic to prepare for usage spikes.
• Use realistic data to simulate production-like scenarios.
A: APIs can be targets for malicious attacks, so Security Testing tests if they are protected
against vulnerabilities and unauthorized access.
• Use tools like OWASP ZAP and Burp Suite for vulnerability scanning.
• Include both manual and automated security tests for more test coverage.
A: Interoperability Testing tests if the API work correctly with other systems, platforms, and
applications.
Common Issues:
A: Contract Testing tests if the API adheres to agreed-upon specifications between providers
(backend developers) and consumers (frontend developers or external systems).
• Define the Contract: Use specifications like OpenAPI (Swagger) to document expected
request/response structures. Example: A GET /users API contract may specify that id
is an integer and name is a string.
• Validate Provider Implementation: Verify the API provider adheres to the defined
contract. Example: Verify that all fields in the contract are present in the actual API
response.
• Test Consumer Compatibility: Verify that consumers can successfully interact with
the API as per the contract. Example: Check that a frontend application can parse and
display data from the API correctly.
• Treat contracts as living documents and update them for every API change.
• Automate contract testing in CI/CD pipelines to detect issues early.
In order to stay updated and view the latest tutorials, subscribe to my Software and Testing
Training channel (340 tutorials) at https://youtube.com/@QA1
A: Postman is a powerful API testing tool that has a user-friendly interface for designing,
executing, and automating API test cases. It’s widely used because it supports various API
types (REST, SOAP, GraphQL) and enables both manual and automated testing.
Features of Postman:
• Collections and Requests: Organize test cases into collections for reusability.
Example: Group all CRUD (meaning Create, Read, Update and Delete) operations (POST,
GET, PUT, DELETE) for a user API in a collection.
• Environment Management: Use variables to switch between different environments
like development, staging, and production. Example: Define {{base_url}} for
different environments to avoid hardcoding endpoints.
• Built-in Scripting: Use JavaScript for pre-request and test scripts to validate API
responses. Example: Use assertions like
pm.expect(response.status).to.eql(200);.
• Automated Testing with Newman: Run collections programmatically in CI/CD
pipelines using Newman, Postman’s CLI tool.
A: SoapUI is a comprehensive API testing tool designed for SOAP and REST APIs. Unlike
Postman, which is more user-friendly, SoapUI provides advanced features for functional,
security, and load testing, making it more suitable for complex enterprise-level APIs.
• Install SoapUI: Download and install the free version (SoapUI Open Source) or the
licensed version (ReadyAPI) for advanced features.
• Create a Project: Import API specifications like WSDL (for SOAP) or OpenAPI (for REST)
to create a test project. Example: Load a WSDL file to test a SOAP-based payment
processing API.
• Define Test Steps: Create test cases with multiple steps such as sending requests,
validating responses, and chaining steps Example: For a login API, test POST /login
and validate that the token from the response is used in subsequent API calls.
• Use Assertions: Use built-in assertions for validating response status codes, time, and
data. Example: Check if the <balance> field in a SOAP response equals $1000.
Advanced Features:
A: REST Assured is a Java library that simplifies writing automated tests for REST APIs. It
integrates with popular testing frameworks like JUnit and TestNG, making it useful for SDETs
familiar with Java.
• Set Up REST Assured: Add the REST Assured dependency in your Maven pom.xml or
Gradle build file. Example (Maven):
• Write Basic Tests: Create a test class and use REST Assured methods to send API
requests and validate responses. Example:
import io.restassured.RestAssured;
import static io.restassured.RestAssured.*;
import static org.hamcrest.Matchers.*;
// connect with me in LinkedIn at https://www.linkedin.com/in/inderpsingh
• Parameterization: Use dynamic query or path parameters for flexible testing. Example:
Pass userId dynamically:
given().
pathParam("id", 1).
when().
get("/user/{id}").
then().
statusCode(200);
• Chaining Requests: Chain API calls for end-to-end scenarios. Example: Use the token
from a login response in subsequent calls.
• Follow Framework Design Principles: Integrate REST Assured into a test automation
framework for reusability and scalability. Use Page Object Model (POM) for API
resources.
• Log API Requests and Responses: Enable logging to debug issues during test execution.
Example:
RestAssured.enableLoggingOfRequestAndResponseIfValidationFails();
A: Here are examples of API test cases for commonly encountered scenarios:
• Validation of Response Status Code: Test that the API returns the correct HTTP status
code. Example: For a successful GET /user/123 request, the status code should be
200. Tip: Include negative test cases like checking for 404 for non-existent resources.
• Response Time Verification: Test that the API response time is within the acceptable
limit. Example: For GET /products, the API should respond in less than 500ms. Tip:
Automate response time checks for frequent monitoring.
• Header Validation: Test if required headers are present in the API response. Example:
Verify the Content-Type header is application/json. Tip: Include test cases where
headers like Authorization are mandatory.
• Pagination: Test that the API returns correct paginated results. Example: For GET
/users?page=2&size=10, ensure the response contains exactly 10 users from page 2.
Tip: Validate totalPages or totalItems fields, if available.
• Error Messages and Codes: Test appropriate error codes and messages are returned
for invalid inputs. Example: Sending an invalid userId should return 400 with the
message, "Invalid user ID". Tip: Test for edge cases like sending null or special
characters.
Q: Can you provide sample test cases for authentication and authorization APIs?
A: Authentication and authorization are important components of secure APIs. Below are a
few test cases:
• Positive Case: Valid Login Credentials: Test that a valid username and password
returns a 200 status with a token in the response. Example:
Request:
POST /login
{ "username": "testuser", "password": "password123" }
• Negative Case: Invalid Credentials: Test that the invalid credentials return 401
Unauthorized. Example:
Request:
{ "username": "testuser", "password": "wrongpass" }
Response:
{ "error": "Invalid credentials" }
• Token Expiry Validation: Test that expired tokens return 401 Unauthorized or a similar
error. Tip: Check token expiration logic by simulating delayed requests.
• Role-Based Authorization: Test that users with insufficient permissions are denied
access. Example: Admin user can POST /createUser. Guest user attempting the
same returns 403 Forbidden.
• Logout Validation: Test that the POST /logout endpoint invalidates tokens,
preventing further use. Example: After logout, GET /user should return 401
Unauthorized.
A: CRUD operations (Create, Read, Update, Delete) are basic in API testing. Below are
the examples:
A: Setting up Postman for API testing is straightforward with the following steps:
• Download and Install Postman: Visit Postman’s official website and download the
application. It’s available for Windows, macOS, and Linux.
• Create an Account: Sign up for a free account to sync your collections and settings
across devices.
• Set Up a Workspace Create a new workspace to organize your API projects. Example:
Use a dedicated workspace for a specific project like E-Commerce APIs.
• Import API Specifications: If your API provides a Swagger or OpenAPI specification,
import it into Postman. Tip: Use the "Import" button to upload JSON/YAML files or
provide the URL of the API specification.
• Set Up Environment Variables: Define environments (e.g., Development, QA,
Production) with variables like {{baseUrl}} or {{authToken}}.Example:
o Development: baseUrl = https://dev-api.example.com
o Production: baseUrl = https://api.example.com
Tip: Use Postman’s built-in "Environment" feature to switch contexts easily.
• Test API Connectivity: Send a basic GET request to an endpoint using the configured
base URL. Example: GET {{baseUrl}}/health should return a 200 OK response.
A: Postman allows writing test scripts using JavaScript to automate checks on API
responses. Below are examples:
Download for reference Like Share
YouTube Channel: Software and Testing Training (81,300 Subscribers)
Blog: Software Testing Space (1.77 Million Views)
Copyright © 2025 All Rights Reserved.
• Basic Assertions: Example: Validate the response status code:
pm.test("Status code is 200", function () {
pm.response.to.have.status(200);
});
• Response Body Validation: Example: Verify a specific field in the response body.
pm.test("Verify user name", function () {
const responseData = pm.response.json();
pm.expect(responseData.name).to.eql("John Doe");
});
• Header Validation: Example: Test that the Content-Type header is correct.
pm.test("Content-Type is JSON", function () {
pm.response.to.have.header("Content-Type", "application/json");
});
• Dynamic Data Handling: Example: Extract values from one API response and use them
in another request.
pm.environment.set("authToken", pm.response.json().token);
• Chaining Requests: Automate a workflow by chaining multiple API calls. Example: Use
the extracted authToken in subsequent requests.
• Error Handling and Debugging: Use try-catch blocks for complex scripts to handle
exceptions gracefully.
try {
// Validation logic
} catch (e) {
console.error("Error in script: ", e.message);
}
• Creating a New Collection: Use the "New Collection" button to group related API
requests. Example: Create a collection named User Management APIs to store
endpoints like GET /users, POST /users, etc.
• Organizing Requests into Folders: Use folders within a collection to categorize
requests.Example:
A: SoapUI is a popular tool for functional, performance, and security testing of APIs. It
supports both SOAP and RESTful web services. Its features include an user-friendly
graphical interface, assertion mechanisms, and the ability to create reusable test cases
and automated workflows.
Advantages of SoapUI:
• Ease of Use: Its user-friendly GUI simplifies API testing, even for manual testers.
A: SoapUI has several features to automate API testing, making it suitable for CI/CD
pipelines.
• Test Steps and Execution Flow: Add Test Steps to a TestCase, such as:
o HTTP Requests
o Property Transfers
o Groovy Scripts (for advanced logic)
o Example: Chain a POST /login request to authenticate and pass the
authToken to subsequent requests.
• Groovy Scripting for Custom Logic:
o Use Groovy scripts for advanced scenarios like extracting dynamic tokens or
performing calculations.
o Example: Extract an authToken and add it to a header for the next request:
def jsonResponse = new
groovy.json.JsonSlurper().parseText(context.response)
testRunner.testCase.setPropertyValue("authToken",
jsonResponse.token)
• Running TestSuites in Bulk: Use the Test Runner feature to execute multiple
TestSuites sequentially or in parallel. Example: Test an entire microservices
architecture by running all its TestSuites.
• Integration with CI/CD Pipelines: Export SoapUI projects as .xml files and integrate
them with Jenkins or other CI/CD tools. Use the testrunner command-line utility to
execute tests:
testrunner.sh -sTestSuite1 -cTestCase1 -r -f ./results MyProject.xml
• Generating Reports: SoapUI generates detailed test execution reports, including
passed/failed test cases and response times. Export reports in formats like HTML or
XML for further analysis.
If you like my document, you’re welcome to Follow me or better, Connect with me (Inder P
Singh) in LinkedIn at https://www.linkedin.com/in/inderpsingh
A: REST Assured is a Java library designed for testing RESTful APIs. It simplifies HTTP request
handling and response validation, integrating with existing Java test frameworks like JUnit or
TestNG. REST Assured is particularly useful for automating end-to-end API tests, including
functional, integration, and regression testing.
• Fluent API Design: Uses an intuitive syntax for writing API tests.
• Built-in Validation: Includes powerful methods for validating HTTP status codes,
response headers, and payloads.
• Support for JSON and XML: Effortlessly handles JSONPath and XMLPath expressions.
• Integration Ready: Works well with Maven and CI/CD pipelines.
• Authentication Mechanisms: Supports OAuth, Basic, and Token-based authentication.
Q: How do you set up REST Assured and write your first test script?
A: Follow these steps to start using REST Assured for API testing:
• Writing Your REST Assured Test Script: Example: Test a GET /users endpoint.
Q: How do you test a POST /login API that requires a JSON payload?
A: Example script:
A: REST Assured supports JSONPath for validating JSON structures and values.
• Use Assertions: Always validate status codes, headers, and response times.
A: API testing involves testing interactions between systems, and errors often arise from
various layers of the application. Here are the common issues and strategies to debug them:
Q: Why is error handling important in API testing, and how should it be implemented?
A: Robust error handling allows your tests to remain reliable and provide meaningful
feedback. Ignoring errors or failing to handle edge cases can lead to incomplete testing or
missed defects.
• Categorize Errors: Identify common error types, such as 4xx client errors, 5xx server
errors, or connection timeouts. Example: Test scenarios for invalid data inputs,
unauthorized access, and server unavailability.
• Log Detailed Information: Include request details (method, endpoint, headers,
payload) and response information (status code, body) in the test logs. Example:
if (response.getStatusCode() != 200) {
System.out.println("Request Failed: " + response.prettyPrint());
}
• Validate Responses for Error Scenarios: Write test cases to ensure that APIs return
correct error codes and messages for invalid inputs or edge cases. Example: Testing a
POST /users API with missing required fields:
• Simulate Failure Scenarios: Use mocking tools to simulate network errors, latency, or
invalid responses.
Q: What are the best practices for maintaining API test suites over time?
A: Maintaining a test suite is needed for the longevity and reliability of your API testing
framework. Follow these best practices to achieve a robust and scalable suite:
A: HTTP status codes are three-digit numbers returned by a server in response to a client's
request. They indicate whether the request was successful, encountered an error, or
requires further action. Understanding and validating status codes is basic in API testing as
they form the foundation of API response validation.
Q: What are the common error codes in APIs, and how can they be handled effectively?
A: Common error codes provide insights into issues and help testers validate the behavior
of the API under different scenarios.
Q: How do you design test scenarios to validate API error responses effectively?
A: Error scenarios should be created to test both expected and edge case behaviors. Below
are common approaches to designing error validation test scenarios:
• Invalid Inputs: Test the API with invalid data types, missing required fields, or exceeding
character limits. Example: Sending a string where an integer is expected should return
400 Bad Request.
Read Test Automation and QA articles with code on my Software Testing Space blog.
A: Data parameterization means testing an API with different sets of input test data without
hardcoding values in the test scripts. It allows test coverage and validation of the API's
response under different conditions. This technique is useful in testing APIs that accept
variable inputs, such as query parameters or JSON payloads.
• Data Files: Use CSV, Excel, or JSON files to store input data.
• Tool Support: Tools like Postman, SoapUI, or REST Assured provide built-in capabilities
for data-driven testing.
• Scripting: Write scripts in programming languages like Python or Java to loop through
test data.
Example in Postman:
Q: What are API mocking and stubbing? How do these help in API testing?
A: Mocking and stubbing means creating simulated versions of APIs to test client behavior
when real APIs are unavailable or incomplete.
A: Mocking (see SoapUI example here) can be used in the following situations:
A:
A: CI enables the API tests to be automatically executed whenever new code is integrated.
It provides immediate feedback on the stability of APIs, reducing the chances of defects
escaping to production.
1. Version Control Integration: Store API test scripts in repositories like GitHub or
GitLab.
2. CI Tools: Use CI/CD platforms such as Jenkins, GitLab CI, or CircleCI to automate the
execution of tests.
A:
• Understand Core Concepts: Be thorough with HTTP methods, status codes, headers,
and payload structures. Familiarize yourself with the REST and SOAP architectures.
A: Break down questions logically, even if you don’t immediately know the answer. Use
examples or analogies to explain concepts. Emphasize practical applications of your
knowledge in real-world project scenarios.
Q: What are the most frequently asked questions during API testing interviews?
A:
• What’s an API?
• Explain the differences between SOAP and REST APIs.
• What HTTP methods are most commonly used in API testing?
• How do you validate an API response?
• What are the common types of API testing?
• Explain how you would test an API for performance.
• How do you handle API errors like 500 Internal Server Error or 429 Too Many
Requests?
• How do you perform data-driven testing in Postman or REST Assured?
• Explain the role of mocking and stubbing in API testing.
• How would you integrate API testing into a CI/CD pipeline?
Scenario-Based Questions:
Lastly, I want to explain the meaning of the image on the first page of this document. Like a
chef serving multiple different diners, an API server serves multiple API clients
If you want other new practical Test Automation and QA material, you can get it from my
LinkedIn posts. Thank you