API

Question 1

1. What are API’s?

Answer 1

API is an acronym for Application Programming Interface which serves as a method of communication between two systems.

The API layer transmits and translates between 2 or more separate software systems. APIs work using requests and responses. When an API requests information from a web application or web server, it will receive a response.

Question 2

2. What is a Web Service? API vs Web Service?

Answer 2

Web services are simply API’s available over the web. They are API’s that require an internet connection and can only be accessed through a web service URL.

Remember: All Web Services are APIs, but not all APIs are Web Services.

Question 3

3. What type of Web Services do you know? What are the differences?

Answer 3

There are 2 types of web services:

1) SOAP web services (Simple Object Access Protocol) - is based on transferring only XML data as SOAP Messages. SOAP is more secure; however, it is slower than REST. A SOAP web service is developed based of the rules and guidelines set by the W3C consortium 
2) RESTful web services (REST API- Representational State Transfer) - that uses different representations to exchange and transfer data in JSON, XML or TEXT format. REST is lightweight because developers have more flexibility to develop the web service the way they desire and don’t need to follow guidelines set by W3C consortium and it is less secure compared to SOAP, but it is faster.

Question 4

4. Which Protocol is used by RESTful Web Services?

Answer 4

RESTful web services use HTTP/HTTPS protocols as a medium of communication between client and server.

Question 5

5. Most Commonly Used HTTP Methods supported by REST?

Answer 5

POST – It submits information to the service for processing; it should typically return the modified or new resource → Create

GET -It requests a resource at the request-URI. It should not contain a request body → Retrieve

PUT – Replaces all current representations of the target resource with the uploaded content → Update

PATCH – Updates only a selected key-paired value → Update

DELETE – Removes all current representations of the target resource given by a URI → Delete

Question 6

6. Can a GET request be used instead of PUT to create a resource?

Answer 6

The POST or PUT method should be used to create a resource. PUT can be used to update a resource. GET is only used to request data from a specified resource.

Question 7

7. What are the differences between PUT and POST requests?

Answer 7

Using POST request, our intent is to create a new object on the server whereas with PUT request, our intent is to replace an object by another object (Update)

Question 8

8. Which HTTP Status codes do you know?

Answer 8

1xx → Informational

2xx → Success (request was accepted successfully) (200→ Ok, 201→ Created, 202→ Accepted, 204→ No Content)

3xx → Redirection

4xx → Client Error (400-Bad Request, 401-Unauthorized, 403-Forbidden, 404-Not Found, 405-Method not Allowed)

5xx → Server Error (500-Internal server Error, 501-Not implemented, 502-Bad Gateway,503-Service Unavailable)

Question 9

9. What is API Testing?

Answer 9

A type of testing which determines if the developed APIs meet expectations regarding functionality, reliability, performance and security of the application.

We test to verify that we get what is expected. We will have to verify a few areas of the response body and also status codes.

Question 10

10. What are the advantages of API Testing?

Answer 10

Test for Core Functionality: API testing provides access to the application without a user interface. The core and code-level of functionality of the application will be tested and evaluated early before the GUI tests. This will help detect the minor issues which can become bigger during the GUI testing.

Time Effective: API testing usually is less time consuming than functional GUI testing. The web elements in GUI testing must be polled, which makes the testing process slower. API test automation requires less code so it can provide better and faster test coverage compared to GUI test automation. These will result in the cost saving for the testing project.

Language-Independent: In API testing, data is exchanged using XML or JSON. These transfer modes are completely language-independent, allowing users to select any code language when adopting automation testing services for the project.

Supporting business models: We need to test web services for many business-related reasons. Think about a third-party vendor like Expedia. Expedia generates data provided from the producers (Airlines, Hotels, etc.) and that information needs to be correct. If it is not correct, there is a high chance of the business losing money.

Question 11

11. What tools can be used to test APIs? How do you test APIs in your project?

Answer 11

In my project we have REST APIs. For manual testing we use Postman. We have done our best to use Postmans features to organize our tests. We set global and environment variables so we can easily change any values from one location so that the respective change can immediately be updated wherever the variable is called.

We also use Postmans available JavaScript methods to validate status codes and verify data from our response body, and Postman’s collection runner to execute multiple calls at once in the desired order. Additionally, we are using the Rest Assured Java library.

As a tester I send an API request (whether it is a GET, POST, PUT or DELETE call) and then I verify the status code, response body and check headers. I verify that each endpoint is working as expected.

I do positive and negative testing of APIs:
Positive - I am sending valid requests, headers, parameters, and Json body and then verify that response is 200/201
Negative- I am sending invalid requests, headers, parameters, and body, expecting the status code not to be 200/201.

Question 12

12. What is EndPoint?

Answer 12

An endpoint by itself is the location where a resource can be accessed

Examples:
/createUsers
/getUsers

We must create a URI to successfully hit our endpoint

An endpoint is one end of a communication channel. When an API interacts with another system, the touchpoints of this communication are considered endpoints.

Question 13

13. What is a URI?

Answer 13

Uniform Resource Identifier

URI = Domain/Base URL + endpoint

Question 14

14. Do you have an API documentation website for your APIs? Any other API documentation that you know of?

Answer 14

Swagger is an open-source software framework backed by a large ecosystem of tools that helps developers design, build, document, and consume RESTful Web services.

Some of the API documentation templates:
● Swagger
● FlatDoc
● RestDoc
● API blueprint

However, I have only been exposed to Swagger.

Question 15

15. Can you tell me what is required to send a POST, GET, PUT, PATCH, and DELETE calls?

Answer 15

With POST you will need:
● URI
● Headers
● BODY/Payload (your data in JSON, XML, String, etc)

With GET you will need:
● URI
● Headers
● No BODY/Payload is required since GET you are only retrieving data from a server and not creating
● If you need to send data with a GET call to narrow down your search then you can send your data in form of JQuery Parameters or Path Parameters

With a PUT(update) call you will need:
● URI
● Headers
● AND a body/payload
Note: If you are attempting to update information that does not exist in given server then PUT will behave as a POST call and create the information UNLESS developers have restricted that from happening 

With a DELETE call you will need:
● URI
● Headers
● AND you may/may not need a payload
● If a payload is not required then you will send data in form as JQuery parameter or PATH parameter 

HTTP request method is made up of four components:
● Request Method: Get, Post, Put, Delete
● Request URI: complete URL of the resource
● Request Header: Accept, Content-Type
● Request Body: data to be sent to the resource

Question 16

16. What would you expect in a response?

Answer 16

HTTP response method is made up of three components:

● Response Status Code:200, 201, 400, 404, 500
● Response Header: Date, Server, Last-Modified, Content-Type
● Response Body: data that comes back to the client from the server

Question 17

17. What is JSON?

Answer 17

● It is JavaScript Object Notation (is a minimal, readable format for structuring data.)
● It is used primarily to transmit data between a server and web application, as an alternative to XML (a lightweight version of XML)
● Represents Data in a Key: Value format
● JSON is NOT a programming language

Question 18

18. What are two types of Parameters sent with a URI?

Answer 18

Parameters are options you can pass with the endpoint to influence the response.

In REST we 2 types of Parameters:
● Path Parameters
As part of the URL-path (i.e. /api/resource/parametervalue )
● Query Parameters
As a query argument (i.e. /api/resource?parameter=value )

Question 19

19. What are Headers?

Answer 19

Headers provide meta-information about a request.

In my project when I send POST or PUT requests, as headers, I specify the ContentType and an authorization JSON Web Token.

When I receive a response, I verify response headers such as the Content-Type.

Question 20

20. What is a Payload?

Answer 20

Requests and response bodies of every HTTP message includes request data called Payload.

We send a payload with POST, PUT, and PATCH calls but not in GET and DELETE calls.

The response payload is often a response of you GET (returning a record or a list of records), or a confirmation from a POST.

Question 21

21. How do you verify a value in your Response body?

Answer 21

To validate value in Response we can use:

1. JUnit Assertions
2. HamCrest Matchers
3. DeSerialization

Retrieve data from JSON and store inside Java DataStructure

Once we have a Java Object, we can compare it using JUnit Assertions.

Question 22

22. What are the main challenges faced in API testing?

Answer 22

● Selecting proper parameters and its combinations (what if you do not have correct documentation and you need to work with parameters).
● Categorizing the parameters properly (path or query).
● Proper call sequencing is required as this may lead to inadequate coverage in testing.
● Verifying and validating the output (Request & Response)

Question 23

23. What is the JSON path?

Answer 23

JSON Path is a class that has defined methods which allow us to get a value from a JSON object such as a String, an integer, and more.

Question 24

24. What would you do if you do not have URI or anything else provided but you have to do API testing?

Answer 24

Well, I would do my best to request API documentation so that I know what exactly needs to be tested and what responses I should be receiving. From experience, it is considered bad practice if I just “assume” when I am really not supposed to.

Question 25

25. Which data do you compare your API responses with?

Answer 25

I would have to compare it with API documentation. If I have access to a database and it is a requirement to validate data directly in the database, then I would do that as well.

Question 26

26. How do you validate status codes in your project?

Answer 26

Using Postman, we were able to use the JavaScript methods available to assert the status codes but using REST assured for automation, we used:

then().assertThat().statusCode(“status code”)

Question 27

27. How do you write a feature file in cucumber for API testing?

Answer 27

In my project I had to generate a token. That step was declared in your Background as a precondition to any execution.

Given- preparing a request file
When - calling the API/endpoint
Then - performing assertions

Question 28

28. A service has different and dynamic responses based on what combination of 3 optional fields are sent in a request it receives, how do you structure testing this service?

Answer 28

Just exactly how you read this - this is exactly how this question was asked. But let’s break down this answer. In the first part of the sentence, we have the words “different” and “dynamic” - meaning responses are changing.

The next part says “based on what combination of 3 optional fields are sent in a request” - this should ring a bell - depending on what calls we are making, most of the time we don’t have “optional” fields. With a POST we need a body, a body is not optional, same with a PUT call.

You would say based on your experience you would structure the testing the way you should be structuring it - setting the correct headers, the correct key/token and sending the correct payload/body. If you get questions like this do not be afraid to break down the information in front of the interviewer, it will show them you can actually think!

Question 29

29. What baseline metrics/requirements are necessary for starting to prepare a performance/load test profile for a service that has had no previous performance/load testing performed?

Answer 29

I have not performed load or performance testing so in all honesty I am not sure how to do that.

Question 30

30. What performance and testing approaches would you perform on the service?

Answer 30

I would refer closely to the API documentation, but if I am not sure about some information, I would make sure to ask BA and developers for further information since I know I should not assume.

Reviewing API documentation, I would see what is required, do I have to test in different environments? If so, and I am using a tool like Postman, I would actually set environment variables so that I can easily make changes to all my tests in one shot.

If I have to use certain data or variables, then I would make sure to set global variables and use them wherever I need to use them. In Postman we can call global and environment variables by {{variable}}. We can actually do the same with SoapUI.

Question 31

31. You just mentioned SoapUI in your last answer, have you worked with SoapUI?

Answer 31

No, I have not, but I was very curious to learn how I would be able to use other technologies to test API’s, so I did some research on the side. - This will make you look good.

Question 32

32. What does 401 status code mean? 301?

Answer 32

401 - Unauthorized - meaning we need a token or key to authenticate ourselves and hit the API successfully.

301 - Moved Permanently is used for permanent URL redirection, meaning current links or records using the URL that the response is received for should be updated. The new URL should be provided in the Location field included with the response.

Question 33

33. What is a WSDL and a WADL file?

Answer 33

WSDL - Web Service Description Language is an XML document that describes SOAP-based web services. We can load a WSDL file into our API tool and know exactly which methods it can call, what arguments those methods expect, and which data types they return. It is usually provided in WADL

WADL - Web Application Description Language is an XML document that is used to describe RESTful web services. Just like a WSDL, we can load a WADL file into our API tool and be immediately equipped to access the full functionality of the corresponding web service.

Question 34

34. What are some principles of an API test design?

Answer 34

Setting up - Setting up your test environment, think of how we set everything up with a postman. Global, environment variables, JWT generation, etc.

Execution - How did we execute our test cases in postman? Did we have a flow?

Verification - what and how did we verify?

Reporting - How did we generate our collection runner or cucumber report?

Clean up - How did we unset variables in postman

Question 35

35. How did you generate your token or key without having to manually do so all the time?

Answer 35

With Postman - grabbed the token from the JSON object response and stored it as a global variable to be used with all calls that required a token

Rest assured with cucumber - created a separate class, made a call to generate a token and stored the token as a Static variable - we used this as a “Given” background step to be applied to all calls

Question 36

36. What is stateful and stateless application?

Answer 36

Applications having server memory to store credentials temporarily are called stateful applications whereas applications that do not have server memory and generate a token for authentication are called stateless applications.

Question 37

37. What is a pm object?

Answer 37

In API testing via postman, pm is the postman object which allows us to write test cases in postman and enables us to perform validation using assertions. Pm object has functions to perform verification and validation.

Question 38

38. What are the details bearer token contains?

Answer 38

In API testing when we create a bearer token (JWT), it contains 3 components namely header, payload and signatures.

Question 39

39. What is REST Assured?

Answer 39

To perform API testing via automation, Rest Assured (JAVA based Library) is being used for Restful API’s. It follows the BDD approach where GIVEN is used for preparing the request, WHEN is used to hit the end point and THEN is used to verify the expected response.

Question 40

40. What are Presentation, Application and Data layers?

Answer 40

Presentation - The layer which exists at client end where GUI is available.

Application - The layer where actual business logic is written.

Data - The layer where data is stored (Database).

Question 41

41. What is Authentication and Authorization?

Answer 41

Authentication is used to check the identity and existence of a user in the system and Authorization is the process of checking the privileges logged in user has for the system.

Question 42

42. What are path parameters and query parameters?

Answer 42

Path parameters are the ones which are considered as the path of BaseURI and come after /

Query parameters are used to access specific data and they come after ? in key: value format

Question 43

43. What are the types of bugs that can be found during API testing?

Answer 43

API testing helps us to find many types of bugs which are:
● Stress
● Security
● Duplicate or missing functionality
● Reliability
● Unused flags
● Performance
● Incompatible error handling
● Multi-threaded issue
● Improper errors

Question 44

44. What is Resource in REST?

Answer 44

REST architecture treats any content as resource, which can be text files, HTML pages, images, videos or dynamic business information. REST server gives the functionality to access the resources and modifies them. We can identify each resource by URIs/global IDs.

Question 45

45. What is a JSON Object?

Answer 45

A JSON object consists of a key and value pair. An object may have multiple keys and values.

A value of a specified key can either be:
a JSON object
a JSON element
a JSON array