Basic API Testing Questions & Answers

1. What is API testing, and why is it important?

API testing is the process of verifying the functionality, reliability, performance, and security
of an Application Programming Interface (API). It ensures data exchange between services
works correctly without a UI. It's important because APIs are the backbone of modern
applications.

2. What are the different types of APIs?

 REST (Representational State Transfer) API

 SOAP (Simple Object Access Protocol) API

 GraphQL API

 gRPC API

 WebSockets API

3. What is the difference between REST and SOAP APIs?

Feature REST API SOAP API

Protocol HTTP HTTP, SMTP, TCP

Data Format JSON, XML XML

Performance Faster Slower due to XML processing

Flexibility More flexible Strictly defined rules

Security Uses OAuth, JWT Built-in WS-Security

4. What are the main HTTP methods used in API testing?

 GET – Fetch data

 POST – Create new data

 PUT – Update existing data

 DELETE – Remove data

 PATCH – Partially update data

5. What is the difference between PUT and POST?

 PUT – Updates a resource completely (idempotent)

 POST – Creates a new resource (not idempotent)

6. What status codes do you check in API testing?

  2xx – Success (200, 201, 204)

 4xx – Client errors (400, 401, 403, 404)

 5xx – Server errors (500, 503)

7. What is the meaning of 201, 204, 400, 401, and 500 response codes?

 201 Created – Resource successfully created

 204 No Content – Successful request, but no data returned

 400 Bad Request – Client sent an invalid request

 401 Unauthorized – Authentication required

 500 Internal Server Error – Server-side error

8. How do you test an API manually using Postman?

 Open Postman

 Enter the API URL

 Select HTTP method

 Add headers, request body, and parameters if needed

 Click Send and validate the response

9. What is the difference between authorization and authentication?

 Authentication – Verifies who you are (e.g., login with username/password)

 Authorization – Verifies what you can access (e.g., admin vs. regular user)

10. What is the purpose of API documentation like Swagger?

Swagger helps developers and testers understand API endpoints, parameters, request
methods, and response formats with interactive testing options.

Intermediate API Testing Questions & Answers

11. How do you validate API responses?

 Check status code

 Validate response body (JSON/XML structure)

 Verify headers (e.g., Content-Type)

 Check response time

12. What is the difference between JSON and XML?

Feature JSON XML

Syntax Key-value pairs Tags

Readability More readable Less readable

Data Type Support Yes (int, string, bool) No (everything is a string)

Usage Modern APIs Legacy APIs

13. What are query parameters and path parameters?

 Query Parameter – Sent in the URL after ? (e.g., ?user=123)

 Path Parameter – Part of the URL path (e.g., /users/{id})

14. How do you test APIs with authentication (OAuth, JWT, Basic Auth)?

 Basic Auth – Send username/password in headers

 OAuth 2.0 – Use access tokens

 JWT (JSON Web Token) – Validate token signature

15. How do you handle rate limiting in API testing?

 Check API documentation for limits

 Test API by sending requests rapidly

 Verify response codes (429 Too Many Requests)

16. What is an API contract?

A contract defines request format, response format, methods, and error handling for an
API.

17. What is the difference between synchronous and asynchronous APIs?

 Synchronous API – Client waits for a response before proceeding

 Asynchronous API – Client sends request and continues working (e.g., WebSockets,
message queues)

18. How do you test APIs for security vulnerabilities?

 SQL Injection – Send malicious SQL queries

 Cross-Site Scripting (XSS) – Inject JavaScript code

 Broken Authentication – Test unauthorized access attempts

19. What is API mocking, and when do you use it?

Mocking simulates API responses before the real API is available using tools like WireMock
or Mockoon.

20. How do you test API response time and performance?

Use JMeter, Gatling, or LoadRunner to simulate high user loads and measure response
times.

Advanced API Testing Questions & Answers

21. How do you perform API automation testing?

Using tools like REST Assured, Postman (Newman), or Karate to automate API requests and
assertions.

22. What tools do you use for API testing?

 Postman – Manual and automated testing

 REST Assured – Java-based API automation

 SoapUI – SOAP API testing

 JMeter – Performance testing

23. How do you handle dynamic parameters in API testing?

 Use environment variables in Postman

 Extract dynamic values using regular expressions or JSONPath

24. How do you verify data consistency between API requests and the database?

 Query the database directly using SQL

 Compare API responses with expected database values

25. What are WebSockets, and how do they differ from REST APIs?

WebSockets provide real-time bidirectional communication, while REST APIs use stateless
HTTP requests.

26. How do you test API versioning?

 Test different versions of the API (/v1/users vs. /v2/users)

 Validate backward compatibility

27. What is HATEOAS in REST API?

Hypermedia as the Engine of Application State (HATEOAS) means API responses include
links to related actions, improving discoverability.

28. How do you test APIs in a CI/CD pipeline?

 Integrate API tests with Jenkins, GitHub Actions, or GitLab CI/CD

 Run tests after every deployment

29. How do you test GraphQL APIs compared to REST APIs?

 Validate GraphQL queries and mutations

 Check nested data retrieval

30. How do you handle API dependency in automated API testing?

 Use mocking or stubbing

 Implement test data setup and teardown