50 API Testing Interview

Questions For Freshers

+91 80099 00785 contact@grotechminds.com www.grotechminds.com

1. What is API testing?
API testing involves testing the application programming
interfaces (APIs) directly to determine if they meet functionality,
reliability, performance, and security expectations.
2. Why is API testing important?
API testing ensures that APIs work correctly, are secure, and meet
performance standards. It helps identify defects at an early stage,
especially when the frontend is yet to be developed.
3. What are the types of API testing?
Functional Testing
Load Testing
Security Testing
Validation Testing
Error Detection
4. What is the difference between API and Web Services?
An API is a set of rules and protocols for building and interacting
with software applications, while a web service is a type of API that
must operate over a network, typically using HTTP.
5. What are the most commonly used protocols in API testing?
HTTP/HTTPS
SOAP
REST
XML-RPC
JSON-RPC

+91 80099 00785 contact@grotechminds.com www.grotechminds.com

6. What is REST API?
REST (Representational State Transfer) is an architectural style that
uses HTTP requests to access and use data. It is stateless and
supports various formats like JSON and XML.
7. What is SOAP API?
SOAP (Simple Object Access Protocol) is a protocol used for
exchanging structured information in web services, using XML as
its message format.
8. What are the common HTTP methods used in API testing?
GET: Retrieves data
POST: Creates new resources
PUT: Updates resources
DELETE: Removes resources
9. What is the status code 200 in API testing?
A status code of 200 means that the request was successful, and the
server responded with the requested data.
10. What does the 404 status code indicate?
404 indicates that the requested resource could not be found on the
server.
11. What is the difference between PUT and POST methods?
POST is used to create new resources.
PUT is used to update existing resources.
12. What is a status code 500?
It means that there was an internal server error, indicating a
problem on the server side.

+91 80099 00785 contact@grotechminds.com www.grotechminds.com

13. What is the purpose of a header in API requests?
Headers provide additional metadata such as authentication
tokens, content types, and custom data to support the processing of
API requests and responses.
14. What is JSON, and why is it popular in API testing?
JSON (JavaScript Object Notation) is a lightweight data interchange
format that is easy to read and write. It is widely used in API
responses due to its simplicity and compatibility.
15. What is the difference between JSON and XML?
JSON is less verbose, faster, and easier to parse.
XML is more structured, supports namespaces, and is widely
used in SOAP services.
16. How do you handle API authentication?
API authentication is often done using:
API keys
OAuth tokens
JWT (JSON Web Tokens)
Basic Authentication
17. What is OAuth?
OAuth is an open standard protocol for authorization that allows
secure access to resources without sharing the user's credentials.
18. What is an API endpoint?
An API endpoint is the specific URL where a particular service or
resource can be accessed in an API.

+91 80099 00785 contact@grotechminds.com www.grotechminds.com

19. What is payload in API testing?
The payload is the data sent in the body of a POST, PUT, or PATCH
request. It often contains JSON or XML formatted data.
20. How do you test an API manually?
APIs can be tested manually by sending requests using tools like
Postman, SOAP UI, or cURL and then verifying the responses,
status codes, and headers.
21. What is Postman?
Postman is a popular tool used for manual and automated API
testing, providing a user-friendly interface for making HTTP
requests and inspecting responses.
22. What is the role of API documentation in testing?
API documentation provides details about the API endpoints,
parameters, response formats, and error codes, which are crucial
for understanding and testing the API correctly.
23. What is meant by idempotent API methods?
An idempotent API method produces the same result no matter
how many times it is called. Examples include the GET and DELETE
methods.
24. What is API throttling?
API throttling limits the number of API calls a user can make within
a given time period to prevent abuse or overloading of the system.
25. What is an API schema?
An API schema defines the structure, format, and types of data that
an API will accept and return. Popular schema formats include
JSON Schema and OpenAPI Specification (formerly Swagger).

+91 80099 00785 contact@grotechminds.com www.grotechminds.com

26. How do you validate an API response?
An API response can be validated by checking:
Status codes
Response body (correctness of data)
Headers
Data format (JSON, XML)
27. What is API versioning?
API versioning allows developers to introduce new features or
changes to an API without disrupting the existing services or
breaking the clients that rely on previous versions.
28. How would you test the security of an API?
To test API security:
Ensure proper authentication and authorization.
Test for vulnerabilities like SQL injection, XSS, and CSRF.
Check data encryption in transit.
29. What are query parameters in API?
Query parameters are used in a URL to pass data to the server. They
follow the ‘?’ symbol and are typically used for filtering or sorting
data.
30. What is rate limiting in API?
Rate limiting is a strategy used to control the number of requests
an API can handle in a specific time window, preventing
overloading or abuse.
31. How would you handle pagination in API responses?
Pagination breaks down a large dataset into smaller chunks. APIs
return a limited number of records per request, with options to
fetch the next set using parameters like page number or cursor.

+91 80099 00785 contact@grotechminds.com www.grotechminds.com

32. What is a 401 status code?
401 means "Unauthorized." It indicates that the request requires
user authentication or failed authentication
33. What is the use of an API gateway?
An API gateway acts as a reverse proxy, managing and routing
client requests to various backend services, as well as handling API
security, rate limiting, and load balancing.
34. What is the purpose of caching in API?
Caching stores API responses temporarily to reduce load on
servers, improve performance, and decrease latency for subsequent
requests.
35. What is CORS in API testing?
CORS (Cross-Origin Resource Sharing) is a security feature that
restricts resources on a web page from being requested from
another domain.
36. What is a 204 status code?
204 means "No Content." It indicates that the server successfully
processed the request, but no content is being returned.
37. What is the role of middleware in API testing?
Middleware processes requests and responses at various points in
an API’s workflow, managing tasks such as authentication, logging,
or data manipulation before reaching the server or client.

+91 80099 00785 contact@grotechminds.com www.grotechminds.com

38. What is the difference between synchronous and
asynchronous APIs?
Synchronous APIs process requests and responses sequentially.
Asynchronous APIs allow multiple requests to be processed
simultaneously without waiting for prior requests to complete.
39. How do you handle error messages in API testing?
Error messages should be validated by checking the status code,
message content, and error format (e.g., proper handling of 4xx and
5xx codes).
40. What is a mock API?
A mock API simulates the behavior of an actual API, enabling
testing even if the real API is not available.
41. What is an API proxy?
An API proxy acts as an intermediary between a client and the
actual API server, providing features like traffic management,
security, and rate limiting.
42. What is HATEOAS in REST API?
HATEOAS (Hypermedia As The Engine Of Application State) is a
constraint of REST, where resources include links to related
actions, enabling navigation through the API.
43. What is an API contract?
An API contract defines the expectations and obligations of an API,
including input parameters, outputs, error codes, and data formats,
ensuring consistency.

+91 80099 00785 contact@grotechminds.com www.grotechminds.com

44. What is the role of load testing in API testing?
Load testing measures the API’s performance under a specific
number of concurrent users or requests, identifying issues related
to response time, stability, and scalability.
45. What are headers in API requests?
Headers provide additional information about the request or
response, such as content type, user-agent, and authorization
details.
46. How do you test an API's response time?
API response time can be tested using tools like Postman or JMeter
by analyzing how long it takes to receive a response after sending a
request.
47. What are common API testing tools?
Popular tools for API testing include:
Postman
SoapUI
Katalon Studio
JMeter
Rest-Assured
48. What is a 503 status code?
503 means "Service Unavailable," indicating that the server is not
ready to handle the request, usually due to being overloaded or
under maintenance.

+91 80099 00785 contact@grotechminds.com www.grotechminds.com

49. What is API chaining?
API chaining is when the output of one API call is used as input for
another API call. This is commonly used in scenarios where
multiple dependent API calls are needed.
50. What is backward compatibility in API testing?
Backward compatibility ensures that the API remains compatible
with previous versions, allowing older clients to function correctly
even after updates.

+91 80099 00785 contact@grotechminds.com www.grotechminds.com

 FOLLOW FOR MORE

+91 80099 00785 contact@grotechminds.com www.grotechminds.com