HTML
   HTML5
   CSS
   CSS3
   JavaScript
   jQuery
   AngularJS
   Articles
   Tech Articles
   Blog
Google News
logo
API Testing Interview Questions
1 .
What is API and How do API's work?
API (Application Programming Interface) helps in communication and data exchange between two software systems. API is a collection of functions which can be executed by another software program.
 
Let us now understand how an API works. When you use an application on your smartphone, the application connects to the Internet. It sends data to a server. The server will retrieve that data, interpret it, and perform the required actions. Then it sends it back to your phone. The application interprets that data and provides you with the information in a readable way without exposing the internal details.
 
Examples of API :
 
Google maps API
Amazon API
Twitter API
Third-party payment processing etc,.
2 .
What is API testing?
API testing is a type of software testing that involves testing APIs directly. API is a part of integration testing to check whether the API meets expectations in terms of functionality, reliability, performance, and security of applications. Multiple API system can performed API testing. In API testing, our primary focus is on Business Logic Layer of the software architecture.
3 .
What are the different types of API testing?
There are various types of API testing they are following :
* Unit Testing
* Load Testing
* Security Testing
* UI Testing
* Functional Testing
* Fuzz Testing
* Penetration Testing (Pen Test)
* Interoperability and WS compliance Testing.
4 .
What are main differences between API and Web Service?
* All Web services are APIs but not all APIs are Web services.
* Web services might not contain all the specifications and cannot perform all the tasks that APIs would perform.
* A Web service uses only three styles of use: SOAP, REST and XML-RPC for communication whereas API may be exposed to in multiple ways.
* A Web service always needs a network to operate while APIs don’t need a network for operation.
5 .
What are the protocols used in API Testing?
Protocols used in API testing are :
 
* HTTP
* REST
* SOAP
* JMS
* UDDI
6 .
What are the principles of an API test design?
Here, are the seven principles of API test design.
 
Exhaustive Testing : Exhaustive testing is not possible. Instead we need optimal amount of testing which is based on the risk assessment of the application.

Defect Clustering : Defect Clustering states that a small number of modules contain the most of the defect detected. Approximately 80% of the defect found in 20% of the modules. By experience we can identify such risky modules. But this approach has its own problems. If the same tests are repeated over and over again, eventually the same test case will no longer find new bugs.

Pesticide Paradox : Testers cannot depend on existing technique. They must have to look continually to improve the existing method to make testing more effective. But even all these hard work in testing we can never claim our product is bug free. To overcome this, test cases need to be regularly reviewed and revised add new and different test cases to help find more defects.

Testing shows presence of defects : Testing principle states that- testing talks about the presence of defects not about the absence of defect. Software testing reduces the probability of undiscovered defects remaining in the software but even if no defects found, it is not a proof of correctness.

But if we work hard, taking all precautions and make our software products 99% bug free. The software does not meet the needs and requirements of the client.

Absence of error -fallacy : This can be possible the software which is 99% bug free is still unusable. The case can be if the system is tested for the wrong requirement. Software testing is not finding the defects but also to check that software addresses the business needs. The absence of error is fallacy i.e. finding and fixing defects does not help if the system build is unusable and doesn't fulfill the user's needs and requirements.

Early Testing : Testing should start as soon as possible in the software development lifecycle. So that defects in the requirement or design phase captured in the early stages. It is cheaper to fix defect in the early stages of testing. We should start finding the bug at the moment the requirements are defined.

Testing is context dependent : Testing is context dependent that we test an e-commerce site will be different from the way we test the commercial. All the developed software's are not identical. We will use different methodology; techniques and type of testing depend on the application type.
7 .
What are the tools used for API Testing?
The most popularly used tool in the market is PostMan. This tool helps to create manual and automated test cases for testing the APIs in a well-designed manner. Apart from this, there are different tools like JMeter, Parasoft SOAtest, SoapUI, Apigee, API fortress, JUnit, etc.
8 .
What are some architectural styles for creating a Web API?
Bellows are four common Web API architectural styles :
 
* HTTP for client-server communication
* XML/JSON as formatting language
* Simple URI as the address for the services
* Stateless communication
9 .
Who can use a Web API?
Web API can be consumed by any clients which support HTTP verbs such as GET, PUT, DELETE, POST. Since Web API services do not require configuration, they can be easily used by any client. In fact, even portable devices such as mobile devices can easily use Web API, which is undoubtedly the biggest advantage of this technology.
10 .
What are the advantages of API Testing?
Test for Core Functionality : API testing provides access to the application without a user interface. The core and code-level of functionalities of the application will be tested and evaluated early before the GUI tests. This will help detect the minor issues which can become bigger during the GUI testing.

Time Effective : API testing usually is less time consuming than functional GUI testing. The web elements in GUI testing must be polled, which makes the testing process slower. Particularly, API test automation requires less code so it can provide better and faster test coverage compared to GUI test automation. These will result in the cost saving for the testing project.

Language-Independent : In API testing, data is exchanged using XML or JSON. These transfer modes are completely language-independent, allowing users to select any code language when adopting automation testing services for the project.

Easy Integration with GUI : API tests enable highly integrable tests, which is particularly useful if you want to perform functional GUI tests after API testing. For instance, simple integration would allow new user accounts to be created within the application before a GUI test started.
11 .
What are the differences between API Testing and Unit Testing?
API testing UNIT testing
This testing is owned by the Quality Analyst team. This testing is owned by the developers working on the corresponding modules.
This belongs to the category of black box testing. This belongs to white box testing.
Full system functionality is considered in API testing as the API would be used by external developers. As the name indicates, this testing verifies whether the unit of code works as expected or not in isolation.
In this testing, the testers do not have access to the internal source code and it focuses only on the functionality of the API. The developers who work on developing unit test cases have access to the source code as they need to ensure the modules developed are passed before delivery.
12 .
What is API framework?
A framework or software framework is a platform for developing software applications. API framework is a foundation on which software developer can build applications for a specific platform.
 
Example: A framework can include predefined classes and functions that can be used to process input, manage hardware devices and interact with system software.
 
Framework is similar to an Application Programming Interface, technically framework includes API. Framework serves foundation for programming while API provides access to the elements supported by the framework. Framework also includes code libraries, compiler and other programs used in the software development process.
 
API framework is defined by configuration file which consists the list of all APIs that is required to be activated and activated for a particular program run.
13 .
What exactly needs to verify in API testing?
In API testing, we send a request to API with the known data and then analysis the response.
 
* We will verify the accuracy of the data.
* Will see the HTTP status code.
* We will see the response time.
* Error codes in case API returns any errors.
* Authorization would be check.
* Non-Functional testing such as performance testing, security testing.
14 .
What are the differences between API and Web Services?
Sr. No. API Web Services
1. API may or may not need network for its operations. Web Services always need network for its operation.
2. API can be communicated through SOAP, REST, XML-RPC and CURL calls as well.
API can also be exposed in number of ways like JAR, DLL, XML over HTTP, JSON over HTTP etc.		 Web service can be communicated through SOAP, REST, AND RPC.
3. API can perform all the operations which web service can't perform. Web service can't perform all the operations like API.
4. All APIs are not web service. All web services are API
15 .
What are the best practices that need to be followed for writing test cases?
* We need to write test cases that correspond with the perspective of end-users.
* Steps defined in the test cases needs to be simple so that anyone can replicate the steps.
* Ensure that the test cases are reusable.
* Define and set the priority of test cases.
* Provide a valid description, test input parameters, test data, expected outcome after running the test cases so that we can compare the actual outcomes of the test cases with the expected ones.
* Make sure to develop test cases that cover negative test scenarios too.
* Naming conventions need to be properly followed while developing test cases.
* Review them regularly and update them as and when the functionality gets updated.
16 .
Define Test Data.
Test data is the input data used by the testers to execute their test cases. This data can be prepared either manually or by making use of tools. For instance, to test the login functionality of an application, testers would need input data such as username and password which constitutes the test data.
17 .
Define test coverage.
Test coverage is a measure that signifies the amount of testing performed by making use of our test cases. It can be either functional testing or non-functional testing of the application. This provides a fair idea about what the testers need to cover in their test cases.
18 .
Define the basic difference between API testing and UI level testing?
UI testing means the testing of the graphical interface. Its focus is basically on the feel and looks of an application. Within user interface testing, things like how the user interacts with app elements such as images, fonts, layouts, etc are checked.
 
On the other hand API, testing allows communicating between two different software systems. During this testing, a software system that implements an API includes sub-routines or functions that can be performed by other software systems.
19 .
What's the procedure to test API's?
For testing API's one must follow the below-mentioned steps :
 
* Make a selection of the suite you like to add the API test case to
* Now choose the test development mode
* Next demands the development of test cases for the required API methods 
* After this, you need to configure the control parameters of the application and then test conditions
* Once done with all the previous steps, configure method validation
* Now is the time for execution of the API test
* After this, you can check test reports and filter API test cases 
* Last but not least, sequence all API test cases. That’s it!
20 .
Explain what is REST API?
It is a set of functions to which the developers performs requests and receive responses. In REST API interaction is made via HTTP protocol
 
REST : stands for Representational State Transfer, it is quickly becoming defacto standard for API creation.
21 .
What are the types of Bugs will API testing finds?
The types of Bugs, API will find
 
* Stress
* Reliability
* Security
* Unused flags
* Not implemented errors
* Performance
* Multi-threading issues
* Improper errors
* Inconsistent error handling
* Missing or duplicate functionality
* Fails to handle error conditions gracefully
22 .
What are the tools used for API test automation?
Automation testing is a must when we talk about agile development in API testing. However, the language in which the code is written is also an important factor as it decides the tool language.
 
Some important API test automation tools are :
 
* SOAPUI : It is an open-source API testing tool which is considered as the best testing tool because of its feature like creating complex validation scripts and test cases, efficient test coverage, etc.

* HP QTP/UFT : This is now known as HP UFT i.e. Unified Functional Testing. This tool is basically used for systems without user interface like web services, etc.

* PARASOFT : This testing tool runs on various platforms and is used to test API which does not have a Graphical User interface (GUI).

* HTTP master

* NUnit and JUnit testing tools are used where the code is written in .Net and Java respectively.
23 .
Explain in brief the different types of output observed of an API.
API is considered as the essential connecting part of this digital world. It basically resides in the business logic layer where it performs functions like processing commands, application coordination, initiates logical decisions, etc.
 
The main consideration is returning correct results under any type of conditions. Mainly, the output or results observed of an API are divided into three sections as follows:
 
* Returning the result status values as ‘Pass’ or ‘Fail’.
* Result as data or any specific information.
* An event where the call to any API function will initiate the call to another API function.
24 .
Explain API documentation.
As it is a well aware fact that, for any foundation, there has to be good documentation. API documentation likewise, serves as a quick reference for accessing the library or working within a program.
 
When we go through any such documents, it must consist of a proper plan, content source, proper layout or sketch for delivery, information related to each function, etc.
 
API documentation tools are :
 
* JavaDoc
* Doxygen

Enlisted below are the categories in which every function is being documented which mainly revolve around the parameters :
 
* Function description
* Sequence, syntax, and elements required for each parameter.
* Syntax and type of error message that can occur.
* Links related to functions.
25 .
Enlist some of the API examples which are very well known and popular.
There are several such examples. Enlisted below are some most popular ones:
 
Google Maps API : These are designed mainly for mobile and desktop use with the help of a flash interface and JavaScript.

Amazon Advertising API : Amazon is known for their products and thus their advertising API accesses their product to discover their functionality and thus advertise accordingly.

Twitter API : The API for twitter is usually in two categories, one for accessing data and the other for interacting with the twitter search.

YouTube : This API used for YouTube includes various functionalities including videos, live streaming, player, etc.
26 .
Describe some of the types of status codes.
Some status codes are :
 
1xx informational response : the request was received, continuing process

2xx successful : the request was successfully received, understood, and accepted

3xx redirection : further action needs to be taken to complete the request

4xx client error : the request contains bad syntax or cannot be fulfilled

5xx server error : the server failed to fulfill a valid request
27 .
What is the difference between PUT, POST, and PATCH?
PUT : Put request is used for both creating and updating a new object in the database. If the resource already exists, then Put will update the resource. If not, it will create one.
 
POST : Post request is used for creating a new object in the database. It allows clients to create resources without knowing the URI of the new resources.
 
PATCH : Patch is used to apply the partial modification to a resource.
28 .
What is Simple Object Access Control(SOAP)?
Simple Object Access Control(SOAP) it is an XML-based protocol for exchanging information between computers. It is a communication protocol for communicating through the Internet. SOAP is platform-independent and language-independent and can be used for broadcasting a message.
29 .
What is the difference between SOAP and REST API?
SOAP REST API
SOAP stands for Simple Object Access Protocol. REST stands for Representational State Transfer.
It is a protocol and follows a strict standard to allow communication between the client and the server. It is an architectural style that follows six constraints – Uniform Interface, Client-Server, Layered System, Stateless, Cacheable, Code on Demand.
SOAP only uses XML for exchanging information. REST is not restricted to XML. It permits different data formats such as Plain text, XML, HTML, and JSON.
SOAP cannot use REST. REST can use SOAP protocol.
Difficult to implement. Easy to implement.
Requires more bandwidth. requires less bandwidth.
30 .
What are the limits on API usage?
Many providers set up limits on API usage. It is important to have an estimate of your usage and understand its impact on the overall cost of the offering. You need to consider the issue may arise depending on how data is leveraged.
31 .
What are API restrictions?
API restrictions enable you to specify exactly which Google Cloud APIs can be called through the API key. You should add both client and API restrictions to every API key. It is possible to specify one and more services in the API restrictions.
32 .
What should the Delete request return?
Delete request returns the HTTP status code 200(OK) if the response contains an entity describing the status. If the response does not include an entity then it will return 204(No content) and we will get 202(Accepted) if the action has been queued.
33 .
Is it possible to hack API while testing?
Yes, it is possible. This is because we are sending requests over the internet which mostly follows HTTP protocol. This protocol is text-based and is easier to read. Hence, it is required to perform security testing of the APIs to ensure safer systems.
34 .
What do you mean by input injection? Explain different ways of doing it.
The term Input injection is the act to stimulate user input. User input can be simulated in many different ways such as :
 
* Direct Method Invocation 
* Invocation with the help of accessibility interface
* Doing simulation with the help of low-level input
* Doing simulation with the help of a device driver 
* Doing simulation with the help of a robot
35 .
What are common API errors that often founded?
Not only API fundamental questions, the interviewer also determine your knowledge and experience by asking about the API errors in a Web API testing interview. So the most common ones are :
 
* Missing module errors
* Documentation errors
* Parameter validation errors
* And some standard error expectations as if the result is not so predicted then the occurrence of errors can be seen and for the same warnings are specified in the form of a message. There can be one or more warnings within an individual module.
36 .
What are API documentation templates that are commonly used?
There are several available API documentation templates help to make the entire process simple and straightforward, which could be  answered in your API testing interview, such as :
 
* Slate
* FlatDoc
* Swagger
* Miredot
* API blueprint
* RestDoc
* Web service API specification
37 .
How often are the APIs changed and, more importantly, deprecated?
APIs, especially modern RESTful APIs, are a nice creation that can certainly simplify and accelerate integration efforts, which makes it more likely you will benefit from them. But APIs can and do change for various reasons, sometimes abruptly, and hence REST APIs do not differ from traditional integration methods in this respect. If an API call is obsolete and disappears, your procedure will interrupt and it is important to understand how often the APIs you depend on change or are deprecated.
38 .
When to use SOAP API?
Use the SOAP API to create, retrieve, update or delete records, like accounts, leads, and user-defined objects. With more than 20 different calls, you can also use the SOAP API to manage passwords, perform searches, etc. by using the SOAP API in any language that supports web services.
39 .
How users utilize the facilities provided by SOAP?
PutAddress() : It is used to enter an address in the webpage and has an address instance on the SOAP call.

PutListing() : It is used to allow the insertion of a complete XML document into the web page. It receives the XML file as an argument and transports the XML file to XML parser liaison, which reads it and inserts it into the SOAP call as a parameter.

GetAddress() : It is used to get a query name and gets the result that best matches a query. The name is sent to the SOAP call in the form of text character string.

GetAllListing() : It is used to return the full list in an XML format.
40 .
What is the major obstacle users faced when using SOAP?
When using SOAP, users often see the firewall security mechanism as the biggest obstacle. This block all the ports leaving few like HTTP port 80 and the HTTP port used by SOAP that bypasses the firewall. The technical complaint against SOAP is that it mixes the specification for message transport with the specification for message structure.
41 .
What are the major functionalities provided by the SOAP protocol class?
The SOAP protocol is used to provide simple access methods for all the applications available on the Internet, providing the following functionalities :
 
Call : A class which provides the main functionality for a remote method for which a call is needed. It is used to create the call() and to specify the encoding style of the registry that will be assigned when if necessary. This call() function is used by the RPC call, which represents the options of the call object.

Deployment Descriptor : A class used to provide the information about the SOAP services. It enables easy deployment without the need for other approaches.

DOM2 Writer : A class that serializes and uses DOM node as XML string to provide more functionalities.

RPC Message : A class used as the base class that calls and replies to the request submitted to the server.

Service Manager : A class that provides, lists and then outputs all SOAP services.
42 .
How do you document an API functionality? What are the tools available for achieving the same?
API documentation represents any description of the functionality of the API. Since this documentation will be used by external developers, we need to follow some best practices. They are :
 
* Plan what needs to be shown in your documentation.
* Do not exclude any fundamental sections of the API functionality.
* Use simple words by avoiding technical jargon.
* Include various interactive examples and resources to understand the API functionality clearly.
* Consistently maintain the documentation as and when the functionality gets updated.

Some of the popular tools used for achieving API documentation are :
 
* JavaDoc
* Doxygen
* OpenAPI
* Redoc
* Swagger UI
43 .
What are the web relation functionalities provided by SOAP protocol?
HTTPUtils : This provides the functionality of the POST method to safely meet the requirements.

Parameter : It is an argument for an RPC call used by both the client and the server.

Response : It is an object that represents an RPC reply from both client and server, but the result will not be displayed until after the method call.

TCPTunnel : It is an object that provides the ability to listen on a specific port and to forward all the host and port names.

TypeConverter : It helps to convert an object of one type into another type and this is called using the class in the form object.
44 .
What are the major blockers or challenges faced while performing API testing?
Some of the challenges faced while doing API testing are :
 
* Proper Parameter Selection
* Proper Parameter Combination
* Knowing which API needs to be called in what sequence
* Proper knowledge of output verification
* Knowing what are the proper input values that needs to be provided to the API inputs.
45 .
How do you perform API Load Testing?
* Load Testing is a category of Performance Testing that is used for checking an application’s capability to perform under various user loads.

* This is done for identifying bottlenecks in performance before the application becomes live.

* It is done by simulating many users hitting the API at the same time or in other words, artificial traffic is simulated to identify if the application is capable of handling the load by maintaining consistency in the response times and not impacting the functionality.

* One such tool to perform Load Testing is JMeter. It provides flexibility to create a test plan, define the thread groups and record test scripts to simulate artificial load to the API. It finally provides a feature to visualize the result of load testing done. For more information about using JMeter..
46 .
What is the difference between top down & bottom up approach in SOAP Web services?
Top down SOAP Web services include creating WSDL document to create a contract between the web service and the client, with a required code as an option. This is also known as Contract-first approach. The top-down approach is difficult to implement because classes must be written to confirm the contract defined in WSDL. One of the benefits of this method is that both client and server code can be written in parallel.

Bottom up SOAP web services require the code to be written first and then WSDL is generated. It is also known as Contract-last approach. Since WSDL is created based on the code, bottom-up approach is easy to implement and client codes must wait for WSDL from the server side to start working.