API Testing Interview Questions and Answers

Application Programming Interfaces (API) is a specification that acts as an interface for software components. While most functional testing involves testing a user interface like a web page or a dot net form, API testing involves bypassing a user interface and communicating directly with an application by making calls to its APIs.API testing allows you to test headless technologies like JMS HTTP, databases and Web services.

API testing is a one of the software testing that involves testing APIs directly and also as a part of integration testing to check whether the API meets expectations in terms of functionality, reliability, performance, and security of an application. In API Testing our main focus will be on Business logic layer of the software architecture. API testing can be performed on any software system which contains multiple APIs.

API documentation refers to complete and accurate technical instructions on how to effectively use and integrate with an API. It includes all the information needed to work with the API and helps project members understand all the API testing questions, including details on functions, classes, return types, arguments, and also examples and tutorials.

The five most important principles of an API test design are:

Setup: Create objects, start services, initialize data, etc

Execution: Steps to apply API or the scenario, including logging

Verification: Oracles to evaluate the result of the execution

Reporting: Pass, failed or blocked

Clean up: Pre-test state

The main categories of API testing’s:-

• Functional Testing
• Validation Testing
• Creativity testing
• UI testing
• Load testing
• Runtime/ Error Detection
• Security testing
• Penetration testing
• Interoperability and WS Compliance testing
• Fuzz testing
• Negative testing
• Proficiency testing

The move to cloud computing has highlighted the importance of Application Programming Interfaces (APIs). With the rise in cloud applications and interconnect platforms, API testing is a necessity. Many of the services that we use every day rely on hundreds of different interconnected APIs, if any one of them fails then the service will not work!

REST API is a set of functions helping developers in performing requests along with receiving responses. Through HTTP protocol interaction is made in REST API. The term REST refers to Representational State Transfer. In very short span of time, it has become an effective standard for API creation.

It is a testing technique that evaluates a system’s ability to perform in the future and usually carried out by test teams. As the system gets older, how significantly the performance might drop is what is being measured in Age Testing.

Some of the protocols using in API Testing are as follows:

• HTTP
• REST
• SOAP
• JMS
• UDDI

Web services:

• All web services are APIs
• All web services need to be exposed over web(HTTP)
• A Web service uses only three styles of use: SOAP, REST and XML-RPC for communication
• A Web service always needs a network to operate
• APIs:
• All APIs are web services
• All APIs need not be exposed over web(i.e. HTTP)
• API uses multiple ways for communication e.g. DLL files in C/C++, Jar files/ RMI in java, Interrupts in Linux kernel API etc.
• APIs don’t need a network for operation

There are certain factors that determine the API testing approach. Let’s check them below:

• Defining the accurate input parameters
• Verifying the calls of the blend of two or more than two value added parameters
• Defining the basic functionality and scope of the API program
• Writing suitable API test cases and making use of testing techniques like equivalence class, boundary value, etc. to verify the functionality
• Testing case execution
• Testing result comparisons with the results expected
• Verifying behaviour of API under conditions like the connection with files etc.

Some of the tools used for API Testing are as follows:

1. Postman
2. Katalon Studio
3. Run Scope
4. Karate DSL
5. Chakram
6. SoapUI
7. RAML
8. Assertible
9. Tricentis Tosca
10. Apigee
11. JMeter
12. API Fortress
13. Parasoft
14. HP QTP(UFT)
15. vREST
16. Dredd
17. Airborne
18. API Science
19. APIpray Inspector
20. API Blueprint
21. Citrus Framework
22. Hippie-Swagger
23. HttpMaster Express
24. Mockbin
25. Ping API
26. Pyresttest
27. REST-Assured
28. REST Bird
29. REST Console
30. REST Client
31. Rapise
32. RoboHydra Server
33. SOAP Sonar
34. Unirest
35. WebInject
36. Wizdl
37. Video Cloud
38. Poster
39. Fiddler
40. Quadrillian
41. LoadUI NGPro

• Missing module errors
• Documentation errors
• Parameter validation errors
• Stress, performance, and security issues
• Duplicate or missing functionality
• Reliability issues
• Improper messaging
• Incompatible error handling mechanism
• Multi-threaded issues
• Improper errors

Some other standard error expectations: if the result is not so predicted, then the occurrence of errors can be seen and for the same warnings are specified in the form of a message. There can be one or more warnings within an individual module.

The different integration styles includes

Shared database

Batch file transfer

Invoking remote procedure (RPC)

Swapping asynchronous messages over a message oriented middle-ware (MOM)

Key characteristics of REST are likely asked in a Web API Testing interview. So please get the answer ready in your mind with these 2 ones:

REST is stateless, therefore the SERVER has no status (or session data) With a well-applied REST API, the server could be restarted between two calls, since all data is transferred to the server

Web service uses POST method primarily to perform operations, while REST uses GET for accessing resources.

The API framework is easy to understand. During the process, config file is used to hold the configurable parts as well as to value the test run. Besides, within config file automated test cases should be represented in the format of parse table. During the process of API testing, it is not mandatory to test each API as a result the config file contains some sections whose API is activated for all that specific run.

API Builder is a PLSQL utility that includes 4 square files. To place API parameters and to begin the technique only one report is liable. API builder allows you to create and make use of API endpoints that can be guzzled by any client application.

There are several components that lead to the making of API Builder. During the working, files and formed for brief tables as well as master bundles for creating the output code. Lastly fourth record generates spooled output of the code into a record relating to as output_script_.sq.

RESTful web services use the HTTP protocol as a communication tool between the client and the server. The technique that when the client sends a message in the form of an HTTP Request, the server sends back the HTTP reply is called Messaging. These messages comprise message data and metadata, that is, information on the message itself.

Unit Testing

• It is conducted by Development Team
• It is a form of White box testing
• It is conducted prior to the process of including the code in the build
• Source code is involved in Unit testing
• In unit testing, the scope of testing is limited, so only basic functionalities are considered for testing

API Testing

• It is conducted by QA Team
• It is a form of Black box testing
• It is conducted after the build is ready for testing
• Source code is not involved in API testing
• In API testing, the scope of testing is wide, so all the issues that are functional are considered for testing.

GET: It enables you to retrieve data from a server

POST: It enables you to add data to an existing file or resource in a server

PUT: It lets you replace an existing file or resource in a server

DELETE: It lets you delete data from a server

PATCH: It is used to apply partial modifications to a resource

OPTIONS: It is used to describe the communication options for the target resource

HEAD: It asks for a response identical to that of a GET request, but without the response body

Caching is just the practice of storing data in temporarily and retrieving data from a high-performance store (usually memory) either explicitly or implicitly.

When a caching mechanism is in place, it helps improve delivery speed by storing a copy of the asset you requested and later accessing the cached copy instead of the original.

<GET> appends data to the service URL. But, its size shouldn’t exceed the maximum URL length. However, <POST> doesn’t have any such limit.

So, theoretically, a user can pass unlimited data as the payload to POST method. But, if we consider a real use case, then sending POST with large payload will consume more bandwidth. It’ll take more time and present performance challenges to your server. Hence, a user should take action accordingly

PUT and POST methods are sometimes confused in regards to when each should be used. Using POST request, our intent is to create a new object on the server whereas with PUT request, our intent is to replace an object by another object.

POST should be used when the client sends the page to the server and then the server lets the client know where it put it. PUT should be used when the client specifies the location of the page

UI testing means the testing of graphical interface. It‘s focus is basically on the feel and look of an application. Within user interface testing, things like how user interacts with app elements such as images, fonts, layouts, etc is checked.

On the other hand API testing allows communicating between two different software systems. During this testing, a software system that implements an API includes sub-routines or functions that can be performed by other software system.

Enlisted below are some free templates which make API documentation much easier and simple:

• Slate
• FlatDoc
• Swagger
• API blueprint
• RestDoc
• Miredot
• Web service API Specification.