AutomationUpscale

API Interview Questions & Answers

by ·

1.What is API
API stands for Application Programing Interface that connects two or more applictions to exchange the data .

2.What is API Testing
In software application development, API is the middle layer between the presentation (UI) and the database layer. APIs enable communication and data exchange from one software system to another
API testing is a software testing practice that validates the functionality, behavior, security, and performance of the application. It ensures that the developed APIs meet expectations.

3.What are some common tools you can use for API testing?
Postman
SoapUI
Rest Assured
Karate DSL
JMeter

4.Name some commonly used authentication techniques in API testing.
HTTP Basic Authentication
Digest Authentication
Form Authentication
CSRF
OAuth Authentication

  1. OAuth 1
  2. OAuth 2
    OAuth: OAuth is an open-standard authorization protocol or framework that provides applications the ability for “secure designated access”.
    OAuth doesn’t share password data but instead uses authorization tokens to prove an identity between consumers and service providers. This is the most recommended method.

API Keys: this includes generating a unique token for a user and passing it whenever an action is about to be performed

5.Share some of the advantages of API testing.

The advantages of API testing are:

1.User can start interacting or testing the application without having user interface
2.API testing is less time-consuming than functional testing.
3.It is language-independent and time-effective.
4.Lower mainatance as Changes in API is rare
5.API testing adds good coverage to the core functionality and leads to reduced testing costs.

6.What are the challenges faced in API Testing?
1.Validating Parameters
There are lot of combination of paramaters which has to be covered during testing which is challenging , many a times testing with differnt paramater combination can break the API’s and expose
to external attacks .So the best way is to cover all the posible combinations .

2. There is no GUI available to test the application which makes it difficult to give input values

3.Updating schema of API
Schema is basically Data formatting that handles request and responses of the API. So in this case if there is any changes in the parameter i.e any new parameter is added then user need to update the schema.

4.Call Sequencing
In many cases, API calls must appear in a specific order in order to work properly. This creates a problem of consistency for the testing team.
For example, if a call that returns information about a user’s profile passes before creating a profile, the request will return an error.
This process can become even more complex when working with multi-threaded applications.


5.Exception handling function needs to be tested

7.What must be checked when performing API testing?

While testing an API, you should consider:
Accuracy of data
Schema validation
HTTP status codes
Data type, validations, order and completeness
Authorization checks
Implementation of response timeout
Error codes in case API returns, and
Non-functional testing like performance and security testing


8.What is API documentation?
API documentation is a technical document that explains how to use an API and its services.
This manual might contain code examples, screenshots, and anything else that helps users better understand how to work with the API.
Some aspects of API documentation can be generated automatically via Swagger or other documents.

9.Name some of the common API Documentation Templates?
The most common API documentation templates are: Swagger, RestDoc, FlatDoc, Slate, Web Services API Specification, API Blueprint, and Miredot.

10.What kinds of bugs does API testing find most commonly?

  • Inconsistent or absence of error handling mechanism
  • Missing or duplicate functionality
  • Multithreading and improper handling issues.
  • Performance issues. API response time is very long;
  • Reliability issues. Difficulty in connecting and getting a response from the API;
  • Not implemented errors
  • Response Data is not structured correctly.
  • Incorrect handling of valid argument values.
  • Memory Leaks – when API gets more hits