API (Application Programming Interface)

1.What is Client and Server?

Client: It’s a computer hardware device that access the service made by the server.
Server: it’s a physical computer to serve the service. It could be a Database server, File server
and Web server

2.What are the different types of Client-Server Architectures?

3tier Architecture: Application Layer (Business logic layer).

3.What is an API?
API means Application Programming Interface.
It enables communication and data exchange between two separate systems

4.What is API Testing?

API Testing is entirely different from GUI Testing and mainly concentrate on Business logic
layer/Application layer. This Testing won’t concentrate on Look and Feel of an application.

5. Advantages of API Testing?

 Time Effective: API testing usually is less time consuming than functional GUI Testing
GUI Testing has web elements which makes the testing process slower but API requires
less code so it can provide better and faster test coverage compare to GUI Testing.

 Language Independent: In API testing data is exchanged using XML or JSON.These

transfer modes are completely language-independent.

 Easy Integration with GUI: I can Sign up using API Testing and I can Login using GUI
Application

6.Difference among API, Web service and Micro services?

Web Service: If the communication happens through Web/Https called web service.
Here all web services are APIs but not all APIs are web services.

Micro services: Small autonoums services.

-------------- ---------- -------------
|Registration|--API---| Products |--API----|Cart services|-----All these are individual
microservices and connected through APIs.

7.Types of Web Service?

 SOAP (Simple object Access Protocol)

 Restful (Representational state transfer)
Difference between SOAP&REST?

SOAP REST

 Paid Version Free and Open source.

 Supports only POST request
 Supports only XML format
 Soap is more secure than Rest
Because it uses WS (Web service)
Security along with SSL security
Supports GET, POST, UPDATE, DELETE
Supports XML, JSON, TEXT formats
Uses only SSL (Secure socket layer)
security.

Difference between MONOLITHIC and MICROSERVICES?

Monolithic: All the functionalities come under one roof.

MICROSERVICES: Where functionalities are divided into individual autonomous
services.

HTTP Methods:
 GET-----to retrieve the resource from server
 POST---create recourse on database
 PUT-----update the resource on database
 PATCH—partially update the resource on database
  DELETE—delete the existing resource on database

POSTMAN
It’s an API Testing tool for Manual.

URI = Domain + Path parameter + Query parameter

https://reqres.in /api /users /page=2

Data Driven Testing:

Testing the test case with multiple sets of data
File Format supported is
 CSV
 Notepad (save with. json extension)

DDT should be run using Runner in Postman tool by mentioning no. of iterations and delay
time.

*Changes to be made in Body section.

Example:
{
"name”: “{{name}}",
"salary":"{{salary}}",
"age":"{{age}}"
}

8.How to run API through CMD Prompt?

1. Install node.js
2. Install Newman (npm install -g newman) from cmd.
3. Export collection and then run from cmd prompt

Command to Run: Newman run file location

Example: D:\> newman run "Data driven Testing.postman_collection.json"
9.How to get html report in API?
Command to run: D:\> newman run "Data driven Testing.postman_collection.json" -r html

10.How to execute collection remotely?

Share the collection and select public link:
https://www.getpostman.com/collections/8c47945db57473baaf63

Command to run: D:\> newman run

https://www.getpostman.com/collections/8c47945db57473baaf63
-r html

Variables:
Variables will be used for script reusability means suppose I have multiple requests and if there
is any change in URL I don’t need to go and change all requests URL just create one variable like
URL (either global/local) = http://localhost:3000 then provide this URL to every request
Example {{URL }}Students/1
Environment variable will be used to executes our resources on multiple environments like QA,
DEV and BETA or Production
Note: It will accessible only when we switch our environment to particular environment
(QA_Environent or DEV_Environemt etc.)

Local Variables will be created under Inside Pre-request Script and its applicable to particular
request only.
pm.variables.get (“url_local”,” http://localhost:3000/”)
11) What is meant by the term Environment with respect to Postman?
An Environment in Postman is a set of Key-value pairs.
They are two types of environment Global, Local these defines the scope of the variable to use
in the request

Postman Variables (key and Value pair)

1)Collection variable /Local variable (will be accessible within the same collections)
2)Environmental variable/Global variable (will be accessible to any collections)

12) Can we have two global scope variables with the same name in Postman?
Since Global variables are global without any environment, they cannot have duplicate names
as it creates confusion for the software but Local variables can have same name but in different
environments.

13)Which one has the higher priority in Postman? A global variable or a Local variable?
In Postman, if two variables have same name one being local and one being global
then the higher priority is of the local variable. It will override the global variable.

Workflow: Used to execute your requests in customized order

postman.setNextRequest (“request name”) this statement will be written in Test tab after
writing validations.

14) What is API Chaining?

The output of one request will be input for another request.

Example:
Request1-Output
Input-Request2

uniqueId will be stored in collection variable

Now get this variable (user id) and pass in the URL line

Authentication:
15.What is the difference between Authentication and Authorization?

Authentication: is the process of presenting your credentials to the system

and the system validate your credentials which tells the system about who are you.

Authorization: Is a process of following or denying someone from accessing something, once

authentication is done.

Types of authentication:

1. Basic Auth (provide username and password)

2. API Key
3. Bearer/OAuth
  Session/Cookie Based Authentication (Once you log in with credentials it will generate
one token with the help of this token you work on application)

 Basic Authentication (need to provide username and password uses non encrypted
base64 encoding)

 Digest Authentication (need to provide username and password in an encrypted mode.)

 OAuth1(Whenever request is made server sends auth token first then we need to use
that auth token to get access token from the server by using this access token we do
further testing)

 Oath2 (Here authorization is simplified whenever we made a request server sends

access token, we should pass that token to do further testing) my project working on
this authentication once I provided username, password and ClientID in the body
section it will generate access token and this token will be used for further testing in the
authentication as Bearer token (if we don’t provide this access token then it will throw
unauthorized code: 401)

16. Pre-requisite is a script it will execute before request.

Test-script will execute after completion of your request.

*Order of maintain execution is:

Collection level
Folder level
Request level

17. What is the difference between Postman Monitors and Postman Collection Runner?
The Postman Monitor is an automated way of running collections. Collections are triggered
automatically as per specified parameters whereas Postman collections require some manual
effort to start and monitor the execution.
A Postman monitor will run your collection at regular user defined intervals till the time you
have specified your collection will be run even if your system has shut down as it is continued
through postman cloud.

A postman collection runner runs the collection for the iteration you want to.
It will be stopped when you stop the software and is not automated.

Postman Order of Execution:

Postman Scripting using JavaScript and CHAI BDD:
Writing Assertions in Test tab using Java script chai bdd

Pre request script:

Test tab script Validations: body Validations

To find proper json for id, email go through the JsonPathFinder (google it).
Handling/Validating responses that don’t parse:
header validation
pm.test ("header value”, function ())
{
pm. expect (pm.responce.headers.get("content-Type")).to.eql ("application/json;charset=utf-
8");
}

response time
pm.test("response time less than 20 ms”, function())
{
pm.expect (pm.response.responceTime).to.be.below(20)
};

RestAssured:
Representational state transfer

Minimum Required Dependences for API RestAssured:

 Rest Assured
 JSON Path----used to handle and validate the headers, response body
 JSON Schema validator
 hamcrest---for equals method in body validations
 TestNG
 Json
 Gson
 Scribejava-apis
 XML Schema validator
Along with these following Static imports need to be pasted in classes
import static io.restassured.RestAssured. *;
import static io.restassured.matcher.RestAssuredMatchers.*;
import static org.hamcrest.Matchers.*;
18.What are all we can validate in APIs?
In the API We can validate Headers, Status Codes, body and Response etc.
Headers/Cookies: Means We are sending additional details to API to process our request.
Example: Authentication details (username and password)

19.How BDD approach is mapped to RestAssured?

Given (pre condition):

Cookie’s setup, headers setup, add parameters, add authentication

When (actual condition):

Request section get/put/post/delete

Then (post condition):

Validation section

20.What are static imports in RestAssured and why we need it?

import static io. restassured. RestAssured. *;
import static io. restassured. matcher. RestAssredMatchers. *;
import static org. hamcrest. matchers. *; -----------------------------used for, to validate the body
with equalTo () method

21. What type of authentication you are following in your project?

OAuth 2.0 Authentication

 My project working on this authentication once I provided username, password and
ClientID in the body section it will generate access token and this token will be used for
further testing in the authentication as Bearer token (if we don’t provide this access
token then it will throw unauthorized code: 401)
22. What exactly needs to verify in API Testing?
We can verify

 Accuracy of the data

 HTTP Status code
 response time
 headers
 body
 Response

23. What is the best approach to perform API Testing?

 Defining the correct input parameters
 Test case execution with proper http method
 Comparing the test result with the expected
24.What is the diff between API, Unit Testing?

API Testing Unit Testing

 API testing also one of software testing A piece of code to be tested

If developed API's meet expectations
regarding the functionality, reliability,
performance of the application.

 Done by Testers Done by Developers

 E2E functionality is tested Separate functionality is tested

 Run before build release Run after build is release

25. What is Json serialization & Deserialization in rest assured?

 Serialization: Conversion of java object into request body(payload)
Java object will be created using POJO classes and these classes will be converted to
payload using JACKSON API.
 Deserialization: Conversion of request body(payload) into java object

26.Why is API Testing considered as the most suitable form for automation testing?
Because
 It provides the most stable interface
 It is easier to maintain and provides fast feedback

27. What are common API errors that often founded?

Documentation errors
 Parameter validation errors (sometime we may pass alphanumeric in place of numeric)
 Some time we may pass wrong methods which results "Method not allowed" error

28.When writing API doc what must be considered?

 Source of the content
 Information needed for every function in the document

29. What are challenges included under API Testing?

  API Documentation: API docs must include all necessary information like Uri, end point,
payloads and correct responses sometimes it may miss in the document then it’s
difficult to do the testing
 Access DB: Sometimes database details are not shared for security reasons
 Another important challenge is providing input data as the GUI is not available.
 Parameter selection
 Call sequencing

30.What are the exceptions (status codes) that you got when you work with your project?

401-------------Unauthorized (If we trying to access with wrong credentials like wrong username
and password or wrong access key)
404-------------Not found (if particular data is not present in the server but we are trying to
access that)
405-------------Method not allowed (if we use get method in place of post method)

503--------------Service unavailable (means when server is down)

504--------------Gateway timeout (means many users hitting the server at the same then server
delays giving response)

31.What is Session Filter and where does it use in project?

SessionFilter is a class which is used to use validated credentials to the other requests without
using JsonPath and extract the value and use in other requests.

E.g.:
SessionFilter session = new SessionFilter ();
use this Filter(session) in other requests for Authentication.

32.STATUS CODES:
200-------------SUCCESS
-----------------------
200-------------Success
201-------------When we creating new recourse
200-------------When you update new recourse
204-------------When you delete some content successfully.

400-------------CLIENT ERRORS
-----------------------------
400-------------Bad Request (like sending with wrong URL or wrong payload, pathpara, querypara
etc.)
401-------------Unauthorized (If we trying to access with wrong credentials like wrong username
and password or wrong access key)
403-------------Forbidden (client logged in but don’t have proper authorization to access that
particular content)
404-------------Not found (if particular data is not present in the server but we are trying to
access that)
405-------------Method not allowed (if we use get method in place of post method)

500--------------SERVER ERRORS
------------------------------
500--------------Internal server error
501--------------Not implemented (The server either does not recognize the request method, or it
cannot fulfill the request)
502--------------Bad gateways (any network related issues)
503--------------Service unavailable (means when server is down)
504--------------Gateway timeout (means many users hitting the server at the same then server
delays giving response)