To start with, what is API testing? API testing is a software testing type that validates Application Programming Interfaces (APIs). The purpose of API Testing is to check the functionality, reliability, performance, and security of the programming interfaces.
Below are the top 25 API testing Interview Questions and Answers. Also, there are sample answers that should guide you on how to answer the questions
1. Why Are You Interested In This Role?
“After I learned that there was an API tester opening in your company, I was motivated to apply for this job since it fits me best because it is my profession and I have all the qualifications that you had indicated in your advertisement. I have majored in API testing and this is what I have been doing in the most time of my career. I want to use the skills and knowledge that I have to better your business in terms of programming interfaces. In addition, I have always dreamt of getting a job like this after I have completed my university studies and internship program. Lastly, I would also like to grow more in my career by learning from you as well. I believe that I have a long way to go and so I should grow my skills and knowledge through learning from your company.”
2. What Are The Roles Of An API Tester?
“The topmost roles and responsibilities of API testing are;
- Creating and verifying web services, API requests, SOAP protocols.
- Involving themselves in creating a test environment for web services testing.
- Actively participating in reviews and status meetings.
- Preparing the status reports daily and weekly.
- Being involved in functional specification documents to develop test cases and test scenarios.
- Finding the defects in the Jira defect tracking tool.
3. What Are The Principles Of An API Test Design?
· Exhaustive Testing – Exhaustive testing is not possible. Instead, we need an optimal amount of testing which is based on the risk assessment of the application.
· Defect Clustering – Defect Clustering states that a small number of modules contain most of the defects detected. Approximately 80% of the defect found in 20% of the modules. By experience, we can identify such risky modules. But this approach has its own problems. If the same tests are repeated over and over again, eventually the same test case will no longer find new bugs.
· Pesticide Paradox – Testers cannot depend on existing techniques. They must have to look continually to improve the existing method to make testing more effective.
· Testing shows the presence of defects – Testing principle states that- testing talks about the presence of defects not about the absence of defects. Software testing reduces the probability of undiscovered defects remaining in the software but even if no defects are found, it is not proof of correctness.
But if we work hard, take all precautions, and make our software products 99% bug-free. The software does not meet the needs and requirements of the client.
· Absence of error –fallacy – This can be possible the software which is 99% bug-free is still unusable. The case can be if the system is tested for the wrong requirement. Software testing is not finding the defects but also checking that software addresses the business needs. The absence of error is a fallacy i.e. finding and fixing defects does not help if the system build is unusable and doesn’t fulfill the user’s needs and requirements.
· Early Testing – Testing should start as soon as possible in the software development lifecycle. So that defects in the requirement or design phase are captured in the early stages. It is cheaper to fix defects in the early stages of testing. We should start finding the bug at the moment the requirements are defined.
· Testing is context-dependent – Testing is context-dependent that we test an e-commerce site will be different from the way we test the commercial. All the developed software’s are not identical. We will use different methodology; techniques and type of testing depend on the application type.”
4. What Is API Framework?
“API frameworks are code libraries that provide commonly-used functionality when building your own web application programming interfaces (APIs).”
5. What Are The Different Types Of API Testing
· Validation Testing. Validation testing occurs among the final steps and plays an essential role in the development process.
· Functional testing. Includes testing particular functions in the codebase.
· UI testing.
· Security testing.
· Load testing.
· Runtime and error detection.
· Penetration testing.
· Fuzz testing.”
6. What Are The Common Tests Performed By API?
“There are several tests that can be performed by API. Some of them are;
- The response of the API should be verified based on the request. We will verify that the return value is based on request.
- When API is updating any data structure we should verify the system is authenticating the outcome.
- We will verify whether the API is trigger another event or request another API.
- We will verify the behavior of the API when no value is returned.’’
7. What Needs To Be Looked At When Doing API Testing?
“When performing an API Test, the following need to be checked.
· HTTP status code
· Authorization checks
· Ímplementation of response timeout
· Error codes in case API returns
· Non-functional testing
· The data accuracy
· The schema validation.”
8. What Are The Common Protocols Used In API Testing?
“The most used protocols used in API testing are;
· HTTP
· REST
· UDDI
· SOAP
· JMS’’
9. What Are The Key Differences Between SOAP And REST?
- SOAP stands for Simple Object Access Protocol whereas REST stands for Representational State Transfer.
- SOAP is a protocol whereas REST is an architectural pattern.
- SOAP uses service interfaces to expose its functionality to client applications while REST uses Uniform Service locators to access the components on the hardware device.
- SOAP needs more bandwidth for its usage whereas REST doesn’t need much bandwidth.
- Comparing SOAP vs REST API, SOAP only works with XML formats whereas REST work with plain text, XML, HTML, and JSON.
- SOAP cannot make use of REST whereas REST can make use of SOAP.
10. What Are The Common Protocol Not Used In API Testing
· SOAP is a protocol through which two computers communicate by sharing XML documents.
· SOAP supports only XML format.
· SOAP does not support caching.
· SOAP is slower than REST.
· SOAP is like a custom desktop application, closely connected to the server.
· SOAP runs on HTTP but envelopes the message.”
11. When Should REST Services Be Used?
“REST services should be used in the following instances;
- Limited resources and bandwidth – Since SOAP messages are heavier in content and consume a far greater bandwidth, REST should be used in instances where network bandwidth is a constraint.
- Statelessness – If there is no need to maintain a state of information from one request to another then REST should be used. If you need a proper information flow wherein some information from one request needs to flow into another then SOAP is more suited for that purpose.
- Caching – If there is a need to cache a lot of requests then REST is the perfect solution. At times, clients could request for the same resource multiple times. This can increase the number of requests which are sent to the server. By implementing a cache, the most frequent query results can be stored in an intermediate location. So whenever the client requests a resource, it will first check the cache. If the resources exist then, they will not proceed to the server. So caching can help in minimizing the number of trips that are made to the webserver.
- Ease of coding – Coding REST Services and subsequent implementation is far easier than SOAP. So if a quick win solution is required for web services, then REST is the way to go.
12. What Are The Limits Of API Usage?
“In the API Console, there is a similar quota referred to as Requests per 100 seconds per user. By default, it is set to 100 requests per 100 seconds per user and can be adjusted to a maximum value of 1,000.”
13. What Are The Top Benefits Of API Testing?
· Finding bugs at an early stage of software development
· Effective use of time
· Reduced testing costs.
· Non-attachment to programming languages
· Improved test coverage
14. What Does API Testing Service Include?
· Integration testing – This is the most commonly used form of API testing, as an API is at the core of the majority of integrations between services. This type of check makes it possible to find errors in the interaction between program modules or systems.
· Functional testing – These checks are carried out to ensure that the software system meets the functional specifications and requirements. To test each API function, an engineer provides the appropriate input parameters in XML or JSON format and then validates the output against the functional requirements.
· Security testing – The API security check detects any risks and vulnerabilities. Testers find potential loopholes and flaws that can lead to loss of information, revenue, and reputation in the event of an attack.
· Load testing – By applying this type of test, one can check the performance of an API under a certain load.
15. Give 10 Tips To An API Testing Beginner
· Understand API requirements
· Specify the API output status
· Focus on small functional APIs
· Organize API endpoints
· Leverage automation capability for API testing
· Choose a suitable automation tool
· Choose suitable verification methods
· Create positive and negative
· Live testing process
· Do not underestimate API automation testing
16. What Are The Benefits Of Automated API Testing
· Test data and execution history can be saved along with API endpoints. This makes it easier to rerun tests later.
· API tests are stable and changed with care. An API reflects a business rule of the system. Any change in the API needs an explicit requirement; so testers can always stay alert of any changes and adjust them on time.
· Test execution is much faster compared to Web UI test.
· API testing is considered black-box testing in which the users send input and get output for verification. Automation with a data-driven approach — i.e. applying different datasets in the same test scenario — can help increase API test coverage.
· Data input and output follow some specific templates or models so that you can create test scripts only once. These test scripts can also be reused throughout the entire testing project.
· API tests can be performed at the early stage of the software development lifecycle. An automation approach with mocking techniques can help verify API and its integration before the actual API is developed. Hence, the level of dependency within the team is reduced.
17. What Creterias Would Use To Chose A Suitable Automation Tool
· Does the tool support test the API/Web service types that your AUT (Application Under Test) is using? It will not make sense if the selected tool supports testing RESTful services while your AUT is using SOAP services.
· Does the tool support the authorization methods that your AUT services require?
· Does the tool support import API/Web service endpoints from WSDL, Swagger, WADL, and other service specifications? This is an optional feature. However, it will be time-consuming if you have hundreds of APIs to test.
· Does the tool support data-driven methods? This is also an optional feature. However, your test coverage will increase dramatically if the tool has this function.
· Last but not least, besides API testing, do you need to perform other types of testing, such as WebUI or data source? API testing is performed at the business layer between data sources and UI. It is normal that all these layers have to be tested.
18. How Do You Create Both Positive And Negative Tests?
1. Positive test
· Verify that the API receives input and returns the expected output as specified in the requirement.
· Verify that the response status code is returned as specified in the requirement, whether it returns a 2xx or error code.
· Specify input with minimum required fields and with maximum fields.
2. Negative test
· Verify that the API returns an appropriate response when the expected output does not exist.
· Perform input validation test.
· Verify the API’s behaviors with different levels of authorization.
19. What Are The Basic Methods For Verifying An API Response Body Content?
· Compare the whole response body content with the expected information – This method is suitable for a simple response with static contents. Dynamic information such as date-time, increasing ID, etc. will cause trouble in the assertion.
· Compare each attribute value of the response – For those responses in JSON or XML format, it is easy to get the value of a given key or attribute. Hence, this method is helpful when verifying dynamic content, or individual value rather than the whole content.
· Compare matching with regular expression – Together with verifying individual attribute values, this method is used to verify data responses with a specific pattern to handle complex dynamic data.
20. Where Do You See Yourself In The Next 5 Years
“First of all, in five years, I want to look at the work that I have done in this industry and feel that I have brought a change. My main focus is increasing sales for our clients by offering the best in the media planning field. Advertisements increase sales hugely and so we should invest in them. In five years I believe that I would have reached as many clients as I can.”
21. What Kind Of Working Environment Would Be Best For You?
“I always prefer working in a busy environment. Being in a busy environment makes me observe a lot of things that may help me in my career. A busy environment will make me concentrate more on what I am doing and help others do the same as well.”
22. How Would People Around You Describe You?
“I believe that most of the people would refer to me as a creative, team player and a person who likes getting knowledge from the internet. I believe that most of the people who know me personally would describe me in that manner.”
23. What Are The Layers Of API Testing Applications?
· Data Layer
· Presentation (UI) Layer
· Service (API) Layer
24. What Is Functional Testing?
Functional testing is simply a test of specific functions within the codebase. These functions represent specific scenarios (successful cases) and error handling.
25. What Does XML Stand For?
XML stands for Extensible Markup Language
Conclusion
This is a role that involves a lot of knowledge gathering and may educate you so much. You need to show creativity in your answers, and you will pass the interview. All the best!
