Scribd
Upload
12 views12 pages

What Is API Testing

Uploaded by

archvivek.mishra
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
12 views12 pages

What Is API Testing

Uploaded by

archvivek.mishra
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 12

API Testing Cheat Sheet

── A Guide by Usman Qiass ── 1


What is API Testing?
Testing APIs to validate functionality, reliability,
performance, and security of application endpoints.

🛠 Why it matters

● APIs connect frontend ↔ backend


● Detects bugs early in data flow
● Faster than UI testing

🧪 Common Types

● Functional Testing
● Integration Testing
● Load Testing
● Security Testing

── A Guide by Usman Qiass ── 2


Key API Testing Concepts

1. HTTP Methods

2. Status Codes

3. Authentication Methods

4. Common Validation Checks

5. Headers to Verify

── A Guide by Usman Qiass ── 3


1. HTTP Methods

● GET: Retrieve data

● POST: Create data

● PUT: Update data

● DELETE: Remove data

── A Guide by Usman Qiass ── 4


2. Status Codes

200 OK: Success

201 Created: Resource added

204 No Content: Success, no data returned

400 Bad Request: Invalid input

401 Unauthorized: Missing token

403 Forbidden: Access denied

404 Not Found: Resource missing

409 Conflict: Duplicate or version error

500 Internal Server Error: Backend failure

503 Service Unavailable: Server overloaded/down

── A Guide by Usman Qiass ── 5


3. Authentication Methods

● API Key → Simple but less secure

● Bearer Token (JWT) → Common & stateless

● OAuth 2.0 → Secure and preferred for


user-based apps

● Basic Auth → Username + password (not


recommended for production)

── A Guide by Usman Qiass ── 6


4. Common Validation Checks

● 🔍 Status code is correct

● 📦 Response body contains expected fields

● ⏱ Response time is within limits

● 🔐 Authentication & authorization work as


expected

● 🧾 Data formats (JSON, XML) are valid

── A Guide by Usman Qiass ── 7


5. Headers To Verify

● Content-Type: Ensure correct format (e.g.,


application/json)

● Authorization: Required for secured APIs

● Cache-Control: Check caching behavior

● Set-Cookie: Relevant for session-based auth

── A Guide by Usman Qiass ── 8


Tools You Should Know

🛠 Postman – Manual & automated testing with


collections

⚙ Swagger – API documentation and try-it-out


console

🐍 Rest Assured – Java-based API testing

🚀 JMeter – Load testing of REST/SOAP APIs

🌐 Insomnia – Lightweight Postman alternative

🧪 SoapUI – Ideal for SOAP API testing

── A Guide by Usman Qiass ── 9


✅ Best Practices

● Always test both positive & negative scenarios

● Use environment variables for different stages


(dev/stage/prod)

● Validate response schema & headers

● Automate tests in CI/CD pipelines

── A Guide by Usman Qiass ── 10


💡 Pro Tips

● Use mocks/stubs when backend isn't ready

● Monitor rate limits & throttling

● Always check error handling & fallback logic

── A Guide by Usman Qiass ── 11


── A Guide by Usman Qiass ──

♻ Repost this if you learned something new.

👉 Follow Usman Qiass for more QA insights,


testing tips, and real-world examples.

You might also like