Top 30 API Testing Interview Questions & Answers

1) What is an API?

An API (Application Programming Interface) is a software intermediary that enables two applications to communicate with each other. It comprises a number of subroutine definitions, logs, and tools for creating application software.

2) What are main differences between API and Web Service?

– All Web services are APIs but not all APIs are Web services.

– Web services might not contain all the specifications and cannot perform all the tasks that APIs would perform.

– A Web service uses only three styles of use: SOAP, REST and XML-RPC for communication whereas API may be exposed to in multiple ways.

– A Web service always needs a network to operate while APIs don’t need a network for operation.

3) What are some architectural styles for creating a Web API?

– HTTP for client-server communication

– XML/JSON as formatting language

– Simple URI as the address for the services

– Stateless communication

4) Who can use a Web API?

Web API can be consumed by any clients which support HTTP verbs such as GET, PUT, DELETE, POST. Since Web API services do not require configuration, they can be easily used by any client.

5) What is API testing?

It is a type of testing which validates APIs. Checks functionality, reliability, performance, and security of programming interfaces.

6) What are the advantages of API testing?

– Early testing

– Easier Test Maintenance

– Faster Test Execution

– Greater coverage

– Language Independent

7) What are the different types of API Testing?

– Functional Testing

– Validation Testing

– Load Testing

– Performance Testing

– Security Testing

– Schema Validation

– Error Detection

– Status Checks

8) What must be checked when performing API testing?

– Accuracy of data

– Schema validation

– HTTP status codes

– Data type, validations, order and completeness

– Authorization checks

– Implementation of response timeout

– Error codes

– Non-functional testing like performance and security testing

9) What are the different tools used for API Testing?

– Postman


– Katalon

– Rest Assured

– Tricentis Tosca

10) What is the difference between API and Unit Testing?

– API testing is performed by testers while Unit testing is performed by developers

– API Testing involves black box testing while Unit Testing involves white box testing

– API testing involves end to end system testing while Unit Testing is performed to check each unit works in isolation

11) What are major challenges faced in API testing?

– Parameter Selection

– Parameter Combination

– Call sequencing

– Output verification and validation

12) What is Rest API?

REST stands for Representational State Transfer. It is an architectural style for developing web services which exploit the ubiquity of HTTP protocol and uses HTTP method to define actions. It revolves around resource where every component being a resource that can be accessed through a shared interface using standard HTTP methods.

13) What makes an API Restful?

For an API to be RESTful, it must adhere to the following rules:

Stateless—A REST API is stateless in nature, Client-Server Architecture

Uniform Interface—A client and server should communicate with one another via HTTP using URIs, CRUD (Create, Read, Update, Delete) and JSON conventions.

Client-Server—The client and server should be independent of each other. The changes you make on the server shouldn’t affect the client and vice versa.

Cache—The client should have the ability to cache the responses as this improves the user experience by making them faster and more efficient.

Layered—The API should support a layered architecture, with each layer contributing to a clear hierarchy. Each layer should be loosely coupled and allow for encapsulation.

14) What is a “Resource” in REST?

REST architecture treats any content as a resource, which can be either text files, HTML pages, images, videos or dynamic business information. REST Server gives access to resources and modifies them, where each resource is identified by URIs/ global IDs.

15) What is the most popular way to represent a resource in REST?

REST uses different representations to define a resource like text, JSON, and XML. XML and JSON are the most popular representations of resources.

16) Which protocol is used by RESTful Web services?

RESTful web services use the HTTP protocol as a medium of communication between the client and the server.

17) What are the core components of an HTTP request?

An HTTP request contains five key elements:

– An action showing HTTP methods like GET, PUT, POST, DELETE.

– Uniform Resource Identifier (URI), which is the identifier for the resource on the server.

– HTTP Version, which indicates HTTP version

– Request Header, which carries metadata (as key-value pairs) for the HTTP Request message.

– Request Body, which indicates the message content or resource representation.

18) What are the most commonly used HTTP methods supported by REST?

GET – Retrieve information about the REST API resource

POST – Create a REST API resource

PUT – Update a REST API resource

DELETE – Delete a REST API resource or related component

OPTIONS – List the supported operations in web service

HEAD – Returns only HTTP header and no body

19) Can we use GET request  to create a resource instead of  POST?

The PUT or POST method should be used to create a resource. GET is only used to request data from a specified resource.

20) What is URI? What is the main purpose of REST-based web services and what is its format?

URI stands for Uniform Resource Identifier. It is a string of characters designed for unambiguous identification of resources and extensibility via the URI scheme.

The purpose of a URI is to locate a resource(s) on the server hosting of the web service.

A URI’s format is <protocol>://<service-name>/<ResourceType>/<ResourceID>.

21) What is payload in RESTFul Web services?

Payload is the data you are interested in transporting. This is differentiated from the things that wrap the data for transport like the HTTP/S Request/Response headers, authentication, etc.

22) What is the caching mechanism?

Caching is just the practice of storing data in temporarily and retrieving data from a high-performance store (usually memory) either explicitly or implicitly.

When a caching mechanism is in place, it helps improve delivery speed by storing a copy of the asset you requested and later accessing the cached copy instead of the original.

23) What is the difference between PUT and POST?

“PUT” puts a file or resource at a particular URI and exactly at that URI. If there is already a file or resource at that URI, PUT changes that file or resource. If there is no resource or file there, PUT makes one.

POST sends data to a particular URI and expects the resource at that URI to deal with the request. The web server at this point can decide what to do with the data in the context of specified resource.

PUT is idempotent meaning, invoking it any number of times will not have an impact on resources.

However, POST is not idempotent, meaning if you invoke POST multiple times it keeps creating more resources.

24) What is the use of Accept and Content-Type Headers in HTTP Request?

– Accept headers tells web service what kind of response client is accepting, so if a web service is capable of sending response in XML and JSON format and client sends Accept header as application/xml then XML response will be sent. For Accept header application/json, server will send the JSON response.

– Content-Type header is used to tell server what is the format of data being sent in the request. If Content-Type header is application/xml then server will try to parse it as XML data. This header is useful in HTTP Post and Put requests.

25) What is statelessness in RESTful Webservices?

As per REST architecture, a RESTful web service should not keep a client state on server. This restriction is called statelessness. It is responsibility of the client to pass its context to server and then server can store this context to process client’s further request. For example, session maintained by server is identified by session identifier passed by the client.

26) What is the purpose of HTTP Status Code? 

HTTP Status code are standard codes and refers to predefined status of task done at server. For example, HTTP Status 404 states that requested resource is not present on server.

Below are some of the common status codes:

– 200: OK, shows success.

– 201: CREATED, when a resource is successful created using POST or PUT request. Return link to newly created resource using location header.

– 304: NOT MODIFIED, used to reduce network bandwidth usage in case of conditional GET requests. Response body should be empty. Headers should have date, location etc.

– 400: BAD REQUEST, states that invalid input is provided e.g. validation error, missing data.

– 401: FORBIDDEN, states that user is not having access to method being used for example, delete access without admin rights.

– 404: NOT FOUND, states that method is not available.

– 409: CONFLICT, states conflict situation while executing the method for example, adding duplicate entry.

– 500: INTERNAL SERVER ERROR, states that server has thrown some exception while executing the method.

27) What are the primary security issues of web service? 

Security issues for web services are broadly divided into three sections as described below

– Confidentiality: A single web service can have multiple applications and their service path contains a potential weak link at its nodes. Whenever messages or say XML requests are sent by the client along with the service path to the server, they must be encrypted. Thus, maintaining the confidentiality of the communication is a must.

– Authentication: Authentication is basically performed to verify the identity of the users as well as ensuring that the user using the web service has the right to use or not? Authentication is also done to track user’s activity. There are several options that can be considered for this purpose

  • Application level authentication
  • HTTP digest and HTTP basic authentication
  • Client certificates

– Network Security: This is a serious issue which requires tools to filter web service traffic.

28) What are SOAP Web services?

The SOAP (Simple Object Access Protocol) is defined as an XML-based protocol. It is known for designing and developing web services as well as enabling communication between applications developed on different platforms using various programming languages over the Internet. It is both platform and language independent.

SOAP is used to provide a user interface that can be accessed by the client object, and the request that it sends goes to the server, which can be accessed using the server object. It uses HTTP to send the XML to the server using the POST method, which analyzes the method and sends the result to the client. The server creates more XML consisting of responses to the request of user interface using HTTP. The client can use any approach to send the XML, like the SMTP server or POP3 protocol to pass the messages or reply to queries.

29) What are the elements of a SOAP message structure?

It is a common XML document that contains the elements as a SOAP message

Envelope: It is an obligatory root element that translates the XML document and defines the beginning and end of the message.

Header: It is an optional item which contains information about the message being sent.

Body: It contains the XML data comprising the message being sent.

Fault: It provides the information on errors that occurred while during message processing.

30) What is the difference between SOAP and REST API?


Bijan Patel

Founder & Creator of QAScript | 12+ years of IT Experience | Full Stack Automation Engineer | Blogger | Trainer

You may also like...

Leave a Reply

Your email address will not be published.