API INTERVIEW QUESTIONS

1. What is an API?
API stands for Application Programming Interface is a set of rules and protocols that allows different
software applications to communicate with each other. It defines how systems exchange data while
keeping their internal code hidden.
For example, a weather app uses an API to fetch weather updates from a server.

2. What is an API Testing?

API testing is basically testing an API to ensure if it works correctly. We check if it gives the right responses,
handles errors properly, and performs well. Instead of testing the UI, we focus on the business logic to
make sure everything runs smoothly.
ADVANTAGE OF API TESTING:-
- Faster testing by focusing on core functionality before the UI.
- More reliable, reducing UI-related issues.
- Easier to automate compared to UI tests.
- Better test coverage with multiple request-response scenarios.
- Early detection of bugs in the development cycle.
- Language-independent, works with any programming language.
- Measures API performance and efficiency.
- Validates API security, including authentication and data handling.

3. What are the different types of API testing?

API testing typically involves the following practices:
- Unit testing
- Functional testing
- Load testing
- Runtime/ Error Detection
- Security testing
- UI testing
- Interoperability and WS Compliance testing
- Penetration testing
- Fuzz testing

4. Which common protocols are used in API Testing?

- HTTP
- REST
- SOAP
 - JMS
- UDDI

5. Difference between API and Web services?

The main differences between API and Web Service are as follows:
a) All web services are APIs, but not all APIs are web services.
b) A web service uses only three communication styles: SOAP, REST, and XML-RPC, whereas an API can be
exposed in multiple ways.
c) A web service always requires a network to operate, while APIs don’t need a network for operation.
d) Web services might not include all the specifications and cannot perform all the tasks that APIs can.

6. What are the most commonly used tools for API testing?
- Postman
- SoapUI
- Newman
- Requests
- Swagger

7. What are the differences between API Testing and Unit Testing?
 API testing is typically handled by the QA team, while unit testing is handled by the
development team.
 API testing is a black box testing approach, focusing on functionality, while unit testing is white
box testing, focusing on internal code logic.
 API testing verifies the full functionality of the system as it will be used by external developers,
whereas unit testing checks if individual code units work as expected in isolation.
 API testers do not have access to the source code, whereas developers performing unit testing
have access to the source code.

8. What is SOAP?
SOAP is a protocol for exchanging messages in web services. It uses XML for formatting and typically works
over HTTP or SMTP. It's platform-independent and ensures secure communication between systems.

9. What is REST API?

REST is an architectural style for web services that uses HTTP for communication. It’s stateless, meaning
each request contains all the information needed. Data is usually exchanged in JSON or XML format. It's
simple, scalable, and widely used.
10. What are the difference between SOAP and REST?
SOAP:
1. SOAP is a protocol using XML for communication between systems.
2. It only supports XML format for data exchange.
3. SOAP doesn’t support caching and is slower than REST.
4. SOAP is tightly coupled with the server, like a custom desktop app.
5. SOAP runs over HTTP but wraps the message in an envelope.

REST:
1. REST is an architectural style for designing network-based services.
2. REST supports multiple data formats (XML, JSON, etc.).
3. REST supports caching and is faster than SOAP.
4. REST works like a browser, using standard HTTP methods (GET, POST, etc.).
5. REST uses HTTP headers to store meta information.

11. What is the procedure to perform API testing?

a. Create the suite to add API test cases.
b. Define the test development mode.
c. Develop test cases for the required API methods.
d. Configure the control parameters of the application and test conditions.
e. Validate API methods.
f. Arrange all API test cases.
g. Execute the API tests.
h. Check test reports.

12. What must be checked when performing API testing?

During the API testing process, a request is sent to the API with known data. This helps analyse the
validation response. While testing an API, you should consider:

- Accuracy of data
- Schema validation
- HTTP status codes
- Data types, validations, order, and completeness
- Authorization checks
- Response timeout handling
- Error codes returned by the API
- Non-functional testing, such as performance and security testing
13. What are the principles of API test design?
- Setup – Prepare test data and start necessary services.
- Execution – Run the API call and log the process.
- Verification – Check if the response is correct.
- Reporting – Mark the test as pass, fail, or blocked.
- Clean up – Restore the system to its original state.

14. What are the main challenges of API testing?

 Parameter Selection – Identifying the right set of input parameters, including valid, invalid, and
edge cases.
 Parameter Combination – Handling different parameter mixes without missing critical scenarios.
 Call Sequencing – Ensuring API calls happen in the right order, especially for dependent requests.

15. What is an HTTP request and HTTP response?

An HTTP request is a message sent by a client to a server to retrieve or manipulate data. It consists of:
 Method – Defines the action (GET, POST, PUT, DELETE).
 URL – Specifies the resource location.
 Headers – Contain metadata like authentication, content type, etc.
 Body (optional) – Holds data for methods like POST and PUT.

An HTTP response is the server's reply to an HTTP request. It consists of:

 Status Code – Indicates the result Exp- 200, 301, 404, 500 (these are the most common ones)
 Headers – Contain metadata like content type and cache control.
 Body (optional) – Holds the response data (e.g., JSON, XML, HTML).

16. What is a URL?

A URL (Uniform Resource Locator) is the address used to access resources on the internet. It specifies the
protocol (like HTTP or HTTPS), domain name, and path to the resource.
For example, https://www.example.com/page.

17. What are HTTP verbs?

HTTP verbs, also known as HTTP methods, define the action to be performed on a resource. The most
commonly used ones are:

GET: Retrieves data from the server.

POST: Sends data to the server to create a new resource.
PUT: Updates an existing resource on the server.
DELETE: Removes a resource from the server.
PATCH: Partially updates a resource on the server.
18. What types of bugs can API testing find?
- Missing or Duplicate Functionality: Missing or redundant endpoints.
- Stress: Ability to handle high traffic without crashing.
- Reliability: Ensures consistent, available, and functional API.
- Security: Vulnerabilities like insecure data or unauthorized access.
- Unused Flags: Unnecessary parameters in requests.
- Not Implemented Errors: Errors for unimplemented functionality.
- Performance: Slow response times or issues with scaling.

20. What is Latency in API testing?

Latency is the time it takes for a request to reach the server and for the server to respond. Lower latency is
important as higher latency impacts the speed and performance of the application.

21. What is the process of API Specification Review?

API Specification Review is the first step in documenting the API testing requirements. It should clearly
explain the purpose of the API, how the application works, and its key features. This review helps gather all
necessary details to plan the API testing process effectively and smoothly.

22. What are API documentation templates that are commonly used?
- Swagger/OpenAPI
- RAML
- API Blueprint
- WSDL
- Postman Collections
- RestDoc

23. What is the difference between PUT and POST methods?

POST: Creates a new resource on the server.
PUT: Updates or replaces an existing resource.
Questions For Experienced:-
24. What is the role of headers in API testing?
Headers in API testing provide metadata about the request and response. They help in authentication,
content type specification, caching, and controlling data format (e.g., Content-Type: application/json).
Proper validation of headers ensures secure and efficient API communication.

25. What are some common authentication methods used in API testing?
Common authentication methods in API testing include:
API Key – A unique key sent in headers or query parameters.
Basic Authentication – Uses a username and password encoded in Base64.
Bearer Token – Uses tokens like JWT for secure authentication.
OAuth 2.0 – A more secure method using access tokens.
Digest Authentication – Encrypts credentials before sending.
HMAC (Hash-based Message Authentication Code) – Uses a secret key to sign requests.

26. What is API documentation?

API documentation is a technical manual that provides details on how an API works. It includes endpoint,
request parameters, response formats, authentication methods, status codes. Good documentation helps
developers integrate and test APIs efficiently.

27. What are the differences between API Testing and UI Testing?
API enables communication between software systems by providing functions that another system can
execute.
UI Testing focuses on testing graphical elements like fonts, images, layouts, and user interactions to ensure
a smooth user experience.

28. What is API mocking, and why is it used in API testing?

API mocking is the practice of simulating the behavior of an API endpoint during testing without actually
invoking the real API. It is beneficial during the development stage.
- Early Testing – Allows testing before the real API is developed.
- Faster Development – Reduces dependency on backend teams.
- Cost-Effective – Avoids hitting paid or rate-limited APIs.
- Consistent Responses – Helps test different scenarios reliably.
- Simulating Edge Cases – Tests error handling and unusual responses.

29. How do you handle API authentication and authorization in testing?

In API tests, authentication is handled by using credentials such as tokens, API keys, or OAuth credentials in
the headers or query parameters to verify the user’s identity.
Authorization is tested by verifying user roles and permissions to ensure the authenticated user has
appropriate access. Unauthorized attempts are blocked with proper error codes like 403 or 401.

30. How do you test API performance, and which tools do you use?
API performance is tested by evaluating its speed, scalability, and resource usage under various conditions.
Response Time: Measure how quickly the API responds to requests.
Throughput: Test how many requests the API can handle within a given time frame.
Stress Testing: Simulate high traffic to see how the API performs under stress.
Load Testing: Check how the API performs under normal and peak load conditions.
Scalability: Test how well the API scales with an increasing number of requests.

Tools used:
JMeter – For load and stress testing.
Postman – For basic performance testing and response time tracking.
LoadRunner – For large-scale performance testing.
Gatling – For high-performance load testing.