1. What is an API?

Application Programming Interface (API) is useful for

communication between different software systems. It acts as an
interface between two applications and allows two software
systems to communicate with one another.
 It is a collection of functions that can be executed by
another software program.
 It takes the request from the user and gives the response
without exposing the internal details.

2. What is API Testing?

API testing is a type of software testing that aims to test the API
directly and as a part of integration testing to determine if it meets
the expectations for functionality, performance, and security. It
aims to analyze multiple endpoints such as databases, web
services, etc.

3. List the differences between API and Web Service.

Paramete
rs API Web Service

API is an Application Web services are a type

Programming Interface of API that must be
that acts as an interface accessed through a
Definition between two applications. network connection.

Protocols It provides support for It provides support for

Support HTTP/s protocol. HTTP protocol.

XML API supports XML and Web service supports

Support JSON. XML.

Hosting It can be hosted on IIS and

It can be hosted on IIS.
Platform self.
Paramete
rs API Web Service

It is used as an interface It is used for REST,

for communication SOAP, and XML-RPC for
Usage between two applications. communication.

4. How do APIs work?

 API takes requests from the user.

 It processes the request which may involve data validation,
data processing, database interaction, etc.
 The response is sent back to the source.

5. What are the different types of API testing?

1. Functional Testing: This aims to verify the API functions

correctly and meets the required specifications.
2. UI Testing: This aims to validate that the API is returning
the expected results and in the correct format.
3. Load Testing: This type of testing aims to test the APIs
performance and stability under stressful conditions.
4. Security Testing: This type of testing aims to identify the
security-related vulnerabilities and flaws in the API and
ensures that the API meets the required security standards.
5. Validation Testing: This type of testing aims to ensure
that the API is returning the expected results and in the
correct format.
6. Runtime and Error Detection: This type of testing aims
to ensure that the API can handle runtime errors and
exceptions by testing for network timeouts, memory leaks,
etc.
7. Penetration Testing: This is a type of security testing
that involves simulating attacks from hackers to detect
vulnerabilities and weaknesses in the API.
8. API Hacking: It is a security testing technique that
exploits vulnerabilities in an API, Attackers can target API
endpoints to gain access to data or disrupt services.
9. Fuzz Testing: It involves giving invalid inputs into the API
to test its ability to handle unexpected input and recover
from errors.
6. What protocols can be tested using API Testing?

 HTTP
 REST
 SOAP
 JMS
 UDDI

7. What are the advantages of API Testing?

 Faster bug fixes: API testing works quickly to provide a

solution, thus it helps to diagnose problems earlier in the
development of the system allowing for efficient bug
detection and removal.
 Reduced costs: API testing provides quick release of
results, easier to maintain, thus reducing the cost of
testing.
 Universal language support: API testing provides
support for many different languages like Javascript, Ruby,
Python, and PHP. Formats like XML, and JSON are
supported during API testing.
 Better test coverage: API testing provides better test
coverage as it drills down to the layers beneath the UI to
ensure databases are communicating correctly with one
another.

8. What are the disadvantages of API Testing?

 Technical skills: API testing requires skilled and trained

testers
 Time-consuming: API testing is time-consuming as it
requires time to develop and execute test scripts for APIs.
 Limited documentation: Limited documentation of the
API makes it difficult for the testers to understand how the
API should behave in response to a particular input.
 Cost: API testing using automated tools can be expensive
and requires a significant budget thus increasing the cost
of testing.
 Security: APIs can introduce security vulnerabilities if not
properly tested and secured.

9. List the differences between API Testing and Unit

Testing.
Paramete
rs API Testing Unit Testing

API testing is used to test Unit testing is used to

the API to ensure that it test each unit and to
meets the expectations for ensure that each unit
functionality, performance, performs as expected
Definition security, etc. or not.

Carried It is carried out by

It is carried out by QA team.
out developers.

Type of It is mostly black-box

It is white-box testing.
testing testing.

Scope It is broader in scope. The scope is limited.

When It is executed after the build It is performed prior to

executed is finished. check-in.

10. What needs to be verified in API testing?

 API testing helps to verify the correctness of data and

responses. The API should return the return correct data
and resposnses according to the specified requirements
and expected behavior.
 API testing should verify the functionality and behavior. The
API should perform its intended functions accurately.
 HTTP status codes of the API needs to verified.
 Error codes if the APIs are expected to throw an error.
 Authorization details.

11. What is Latency in API testing?

Latency in API testing is how long it takes for the request to reach
the server. The shorter the response time, the better the user
experience.
12. What is an API framework?

API framework is a foundation on which a software developer can

build applications for a specific platform. It is defined by the
configuration file which consists the list of all APIs that is reqquired
to be activated and activated for a particular program run.

13. Mention common HTTP methods used in API testing.

 POST: It is used to create new data or resources on an API.

 GET: It is used to retrieve data or resources from an API.
 PUT: It is used to update existing data or resources on an
API.
 PATCH: It is used to update existing data or resources
from an API partially.
 DELETE: It is used to delete data or resources from an API.

14. What is the role of headers in API testing?

Headers in API testing plays an important role in providing

additional information that is not included in the request body.
Herders are important in controlling the behavior of the server in
handling the request, to provide authentication information, or to
provide metadata about the request or response.

15. What is the purpose of authentication in API

testing?

API authentication is a combination of technology or process that

verifies the identities of users who want access to an API. It
involves the use of software protocol to verify identity of the
requester before granting access to protected resources.

API Testing Interview Questions for

Intermediate
16. What is API versioning, and why is it important in
API testing?

API versioning involves specifying a version number in the API

endpoint or headers to ensure the backward compatibility. It
manages the changes in the API over time.
 It ensures the correct version of the API is being tested.
  It ensures that the changes in the API do not break the
existing client applications.

17. What is the purpose of HTTP status codes in API

testing?

HTTP status codes indicate whether a specific request successfully

completed or not. These are embedded in the HTTP header of a
page to tell the browser the result of its request.

18. What is the purpose of the request and response

body in API testing?

The request body is used to send and receive data such as input
parameters, or data to create/ update resources via the REST API.
The response body is the data API send to the client.

19. What is the purpose of the request and response

headers in API testing?

The request headers are used to specify a content type, caching,

authentication, etc. The response header can provide information
about the server, caching, etc.

20. What is API mocking?

API mocking is practice of simulating the behavior of an API

endpoint during testing without actually invoking the real API. It is
beneficial during the development stage.

21. Why API Mocking is used in API Testing?

 Mock APIs are useful when applications have dependencies

with external APIs.
 Mock APIs are useful for testers to plan and validate test
executions and for developers to do unit testing and
identify the initial development stages.
 Mock APIs are useful in situations where the complete API
needs to be made available for consumer testing before
committing it to development stage.

22. What are the advantages of using API mocking in

API testing?
  Development stage: API mocking is useful to simulate
external dependencies and unexpected behavior.
 Functional stage: API mocking is useful to prepare the
API to handle extreme cases detect potential failures and
verify whether the API works as expected or not.
 Non-functional stage: API mocking makes it possible to
evaluate the performance and response times of APIs in
various scenarios.
 Allows API demonstration: API mocking allows
developers to demonstrate an API to clients before
deploying the software.

23. What is API security testing, and why is it

important?

API security testing is the process of testing the vulnerabilities in

the API. This is done through penetration testing or manual
scanning of the APIs. API security testing is important:
 Cloud-based applications rely on APIs to exchange data and
interact with each other. Any security vulnerabilities can
have far-reaching consequences.
 Online operations and businesses rely on APIs to integrate
different systems and services. This causes potential
security risks.
 Organizations rely on security solutions that are built for
web apps to detect and secure from API threats. Such
solutions cannot detect unique vulnerabilities and gaps in
the APIs.

24. How do you ensure the security of APIs in your

tests?

 Use secure communication protocols like HTTPs to encrypt

data transmitted between client and server.
 It is important to properly implement authentication and
authorization mechanisms to ensure that only authorized
users can access the API endpoints and perform the
authorized actions.
 Ensure that all the input data in the API requests are
properly authorized, validated, and sanitized to prevent
injection attacks and cross-site scripting attacks.

25. What are the different types of error responses in

API testing?
  Validation errors: Validation errors occur when the API
request does not meet the validation criteria defined by the
API.
 HTTP error status codes: These can be client-side status
codes or server-side status codes. There are standard HTTP
status codes like 4xx or 5xx that indicate errors in the API
request or response.
 Custom error messages: These are the customer error
messages that are returned by the API in case of errors or
exceptions.

26. How do you handle error responses in your API

tests?

 Clear error messages: One of the best practice to handle

error responses is to provide clear and helpful error
messages that explain the cause of the error and the
solution to the error.
 Error logging: Best practice is to implement error logging
and monitoring tools that can help track, analyze, and
resolve errors in API testing.
 Use consistent error codes: It is important to use
consistent and meaningful error messages that indicate the
type and severity of the error.

27. What is input validation?

Input validation is the process of analyzing the inputs and

disallowing the inputs that are considered unsuitable. It ensures
that all input data in API requests are properly sanitized and
validated to prevent injection attacks.

28. Why input validation is important in API testing?

Input validation is important in API testing as it prevents malicious

data from entering the system. It is important to prevent injection
attacks and other malicious activities. This can be done manually or
using automated tools.

29. What is cross-site request forgery (CSRF)?

Cross-site request forgery is an attack that forces user top execute

unwanted action in the web application in which they are
authorized to perform actions. This attack exploits the trust the
web application has in an authenticated user.

API Testing Interview Questions for

Experienced
30. How CSRF can be prevented in API testing?

 CSRF tokens: CSRF can be prevented by using CSRF

tokens. These are the random tokens that need to be
unique per user session and should be of large random
value to make it difficult to guess.
 SameSite cookies: SameSite is a browser security
mechanism that determines when a website’s cookies are
included in the requests originating from other websites.
 Referer-based validation: HTTP referer header can be
used to defend against CSRF attacks by verifying the
request originated from the application’s own domain.

31. What is API contract testing?

API contract testing is a type of testing that aims to monitor the API
conversation that takes place between the API consumer and the
API producer. It can be performed using tools like Postman,
Swagger, etc.

32. Why API contract testing important?

 System maintenance and Scaling are difficult when

multiple modules are involved.
 The integration testing is slow in development and
returning results, especially when communication modules
need to be tested.
 Debugging is also a hectic task when multiple modules are
involved. It may happen that one is debugging an error due
to a module apart from the one that is being tested.

33. What is API performance testing?

API performance testing is a type of software testing that evaluates

the API performance like response time, throughput, etc under
certain conditions. It can be done using tools like JMeter, Gatling,
etc.
34. Why API performance testing important?

 API performance tetsing helps to improve the API’s overall

performance and stability.
 It helps to provide insight into the API’s overall
performance thus helping to identify the areas of strength
and weakness.
 It helps to identify the performance issues and determine
the impact of changes.
 It helps to ensure that the API is flexible and can handle the
demands of the real world.

35. What is API monitoring?

API monitoring is the practice of monitoring the API to gain visibility

into performance, availability, and functional correctness. These
tools helps to analyze the performance of applications and improve
poorly performing APIs.

36. Why API monitoring important?

 They provide measurements of how long a routine takes to

execute, how often it is called, and how much of total time
is spent in executing the transaction.
 It is important to ensure availability, performance, and
security of the APIs.
 It helps to guarantee a dependable and effective user
experience.
 It helps to track the availability of the critical APIs.

37. What is API virtualization?

API virtualization is the process of using a tool that creates a virtual

copy of the API mirroring all of the specifications of the production
API and using this virtual copy for testing.

38. Why API virtualization is used in API testing?

 It is used in API testing as it allows for testing much earlier

in the development process, removing the key bottlenecks
that would otherwise delay production.
 It is helpful to isolate dependencies, simulate responses,
and ensure consistent behavior.
39. What is the purpose of API documentation in API
testing?

API documentation is a technical document that describes the API

in detail. It includes instructions on how to effectively use and
integrate API and provides updates regarding API’s lifecycle such as
new versions. It is primary resource explaining what is possible with
the API and how to get started with the API.

40. How do you prioritize API test cases for regression

testing?

 Select test cases with frequent defects.

 Select test cases with critical functionalities.
 Select test cases with frequent code changes.
 Cover end-to-end test flows.
 Select risk-based testing approach.

41. How to handle versioning in API testing?

Versioning in API testing can be handled by maintaining backward

compatibility for existing APIs, providing clear versioning
information, and updating tests accordingly.

42. List the challenges faced while performing API

testing.

 Building irrelevant tests: Building tests without

considering how the APIs will be consumed may be quicker
in short term.
 Initial setup of API testing: Setting up an API testing
setup requires certain level of expertise and dedication
among the team members.
 Not including API dependencies: Failure to include API
dependencies as a part of API testing strategy can be a
critical API testing challenge.
 Not validating data: It might be possible that API tests
pass successfully but APIs are not returning the correct
data in their responses. It is important to verify that the API
is returning correct data.

43. What are the different bugs that can be found in

API testing?
  Duplicate or missing functionality.
 Improper messaging.
 Multi-threading issues.
 Security and performance issues.
 Reliability issues.

44. What do you understand by Input injection?

In input injection, a malicious application can inject input into the

user interface to mimic user interaction through Android’s
accessibility APIs. It can lead to denial of service or a full webserver
compromise.

45. Is it possible to hack API while testing?

Yes, it is possible to hack API while testing as requests are being

sent over the internet which mostly follows HTTP protocol which is
a text-based protocol. Hence, it is important to perform security
testing of the APIs to ensure safer systems.

46. How do you perform API Load Testing?

API load testing is a type of performance testing that is done to

check the application’s capability to perform under various user
loads. It is done by simulating many users hitting the API at the
same time to identify if the application is capable of handling the
load by maintaining the consistency in the response times and not
impacting the functionality.

47. What is the test environment of API?

The test environment is an environment where the testing team

analyzes the quality of the API. The test environment can include a
test database, a localized gateway, a load balancer, and a server.

48. What is the procedure to perform API testing?

The API testing flow basically includes three main steps:

 Send the request with the necessary input data.
 Get the response having the output data.
 verify that the response returned is as expected in the
requirement.
49. When writing API document, what must be
considered?

 Use clear language.

 Include reference documentation.
 Incorporate documentation into process.
 Provide quickstart guides.

50. What tools could be used for API testing?

 Katalon: This is easy-to-use tool that supports REST, SOAP

requests, and SSL client certificates. It also enables test
import from Swagger, Postman, WADL, and WSDL.
 JMeter: Apache JMeter is an open-source, 100% Java
application that is created for performance testing. This
tool enables automatic working with CSV files.
 REST-assured: REST-assured is an open-source Java
domain-specific language that enables testing REST
services. It supports POST, GET, PUT, DELETE, PATCH, and
HEAD requests.
 SoapUI: SoapUI is an automated testing tools for Soap and
REST APIs. It is an open-source tool that allows to create
tests effortlessly with drag and drop, point-and-click.
 Postman: Postman is an application that is used for API
testing. It is a standalone platform that is used to build,
test, design, modify, and document APIs.
Conclusion
API testing is a critical part of the software development lifecycle.
By testing APIs, you can ensure that they are working correctly and
that they are meeting the requirements of the application.
In this article, we have discussed some of the most common API
testing interview questions. These questions are designed to
test your knowledge of API testing concepts, tools, and techniques.
If you are preparing for an API testing interview, it is important to
familiarize yourself with these questions. By doing so, you can
increase your chances of success in the interview.
API Testing Interview Questions – FAQs
1. What is API testing?

API testing is the process of testing application programming

interfaces (APIs). APIs are the intermediary between different
software components. They allow different applications to
communicate with each other.

2. What are the different types of API testing?

There are many different types of API testing, such as:

 Functional testing: This type of testing verifies that the
API is working as expected and that it is returning the
correct results.
 Security testing: This type of testing verifies that the API
is secure and that it is not vulnerable to attacks.
 Performance testing: This type of testing verifies that
the API can handle the expected load and that it is not
slowing down the application.
 Stress testing: This type of testing verifies that the API
can handle extreme loads and that it does not crash.
 Regression testing: This type of testing verifies that
changes to the API have not affected its functionality.

3. What are the benefits of API testing?

The benefits of API testing include:

 Increased confidence in the quality of the API.
 Reduced risk of bugs and errors in the API.
 Improved performance and scalability of the API.
 Increased security of the API.
 Reduced development and maintenance costs.

4. What are the challenges of API testing?

The challenges of API testing include:

 The complexity of APIs.
 The lack of documentation for APIs.
 The dynamic nature of APIs.
 The need to test multiple combinations of parameters.
 The need to test APIs in different environments.

5. What are the tools used for API testing?

There are many different tools available for API testing, such as:
 Postman
 SoapUI
  JMeter
 SoapTest
 Apigee
 Katalon Studio

6. How to automate API testing?

API testing can be automated using a variety of tools and

frameworks. Some of the popular tools for automating API testing
include:
 Postman
 SoapUI
 JMeter
 SoapTest
 Apigee
 Katalon Studio

7. What are the best practices for API testing?

Some of the best practices for API testing include:

 Start with a clear understanding of the API.
 Use a variety of testing techniques.
 Automate as much testing as possible.
 Test in different environments.
 Track and report on test results.

8. How to prepare for an API testing interview?

To prepare for an API testing interview, you should familiarize

yourself with the different types of API testing, the tools used for
API testing, and the best practices for API testing. You should also
practice answering API testing questions.