API Flashcards

1
Q
  1. What are API’s?
A

API is an acronym for Application Programming Interface which serves as a method of communication between two systems.

The API layer transmits and translates between 2 or more separate software systems. APIs work using requests and responses. When an API requests information from a web application or web server, it will receive a response.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q
  1. What is a Web Service? API vs Web Service?
A

Web services are simply API’s available over the web. They are API’s that require an internet connection and can only be accessed through a web service URL.

Remember: All Web Services are APIs, but not all APIs are Web Services.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q
  1. What type of Web Services do you know? What are the differences?
A

There are 2 types of web services:

1) SOAP web services (Simple Object Access Protocol) - is based on transferring only XML data as SOAP Messages. SOAP is more secure; however, it is slower than REST. A SOAP web service is developed based of the rules and guidelines set by the W3C consortium 
2) RESTful web services (REST API- Representational State Transfer) - that uses different representations to exchange and transfer data in JSON, XML or TEXT format. REST is lightweight because developers have more flexibility to develop the web service the way they desire and don’t need to follow guidelines set by W3C consortium and it is less secure compared to SOAP, but it is faster.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q
  1. Which Protocol is used by RESTful Web Services?
A

RESTful web services use HTTP/HTTPS protocols as a medium of communication between client and server.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q
  1. Most Commonly Used HTTP Methods supported by REST?
A

POST – It submits information to the service for processing; it should typically return the modified or new resource → Create

GET -It requests a resource at the request-URI. It should not contain a request body → Retrieve

PUT – Replaces all current representations of the target resource with the uploaded content → Update

PATCH – Updates only a selected key-paired value → Update

DELETE – Removes all current representations of the target resource given by a URI → Delete

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q
  1. Can a GET request be used instead of PUT to create a resource?
A

The POST or PUT method should be used to create a resource. PUT can be used to update a resource. GET is only used to request data from a specified resource.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q
  1. What are the differences between PUT and POST requests?
A

Using POST request, our intent is to create a new object on the server whereas with PUT request, our intent is to replace an object by another object (Update)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q
  1. Which HTTP Status codes do you know?
A

1xx → Informational

2xx → Success (request was accepted successfully) (200→ Ok, 201→ Created, 202→ Accepted, 204→ No Content)

3xx → Redirection

4xx → Client Error (400-Bad Request, 401-Unauthorized, 403-Forbidden, 404-Not Found, 405-Method not Allowed)

5xx → Server Error (500-Internal server Error, 501-Not implemented, 502-Bad Gateway,503-Service Unavailable)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q
  1. What is API Testing?
A

A type of testing which determines if the developed APIs meet expectations regarding functionality, reliability, performance and security of the application.

We test to verify that we get what is expected. We will have to verify a few areas of the response body and also status codes.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q
  1. What are the advantages of API Testing?
A

Test for Core Functionality: API testing provides access to the application without a user interface. The core and code-level of functionality of the application will be tested and evaluated early before the GUI tests. This will help detect the minor issues which can become bigger during the GUI testing.

Time Effective: API testing usually is less time consuming than functional GUI testing. The web elements in GUI testing must be polled, which makes the testing process slower. API test automation requires less code so it can provide better and faster test coverage compared to GUI test automation. These will result in the cost saving for the testing project.

Language-Independent: In API testing, data is exchanged using XML or JSON. These transfer modes are completely language-independent, allowing users to select any code language when adopting automation testing services for the project.

Supporting business models: We need to test web services for many business-related reasons. Think about a third-party vendor like Expedia. Expedia generates data provided from the producers (Airlines, Hotels, etc.) and that information needs to be correct. If it is not correct, there is a high chance of the business losing money.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q
  1. What tools can be used to test APIs? How do you test APIs in your project?
A

In my project we have REST APIs. For manual testing we use Postman. We have done our best to use Postmans features to organize our tests. We set global and environment variables so we can easily change any values from one location so that the respective change can immediately be updated wherever the variable is called.

We also use Postmans available JavaScript methods to validate status codes and verify data from our response body, and Postman’s collection runner to execute multiple calls at once in the desired order. Additionally, we are using the Rest Assured Java library.

As a tester I send an API request (whether it is a GET, POST, PUT or DELETE call) and then I verify the status code, response body and check headers. I verify that each endpoint is working as expected.

I do positive and negative testing of APIs:
Positive - I am sending valid requests, headers, parameters, and Json body and then verify that response is 200/201
Negative- I am sending invalid requests, headers, parameters, and body, expecting the status code not to be 200/201.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q
  1. What is EndPoint?
A

An endpoint by itself is the location where a resource can be accessed

Examples:
/createUsers
/getUsers

We must create a URI to successfully hit our endpoint

An endpoint is one end of a communication channel. When an API interacts with another system, the touchpoints of this communication are considered endpoints.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q
  1. What is a URI?
A

Uniform Resource Identifier

URI = Domain/Base URL + endpoint

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q
  1. Do you have an API documentation website for your APIs? Any other API documentation that you know of?
A

Swagger is an open-source software framework backed by a large ecosystem of tools that helps developers design, build, document, and consume RESTful Web services.

Some of the API documentation templates:
● Swagger
● FlatDoc
● RestDoc
● API blueprint

However, I have only been exposed to Swagger.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q
  1. Can you tell me what is required to send a POST, GET, PUT, PATCH, and DELETE calls?
A

With POST you will need:
● URI
● Headers
● BODY/Payload (your data in JSON, XML, String, etc)

With GET you will need:
● URI
● Headers
● No BODY/Payload is required since GET you are only retrieving data from a server and not creating
● If you need to send data with a GET call to narrow down your search then you can send your data in form of JQuery Parameters or Path Parameters

With a PUT(update) call you will need:
● URI
● Headers
● AND a body/payload
Note: If you are attempting to update information that does not exist in given server then PUT will behave as a POST call and create the information UNLESS developers have restricted that from happening 
With a DELETE call you will need:
● URI
● Headers
● AND you may/may not need a payload
● If a payload is not required then you will send data in form as JQuery parameter or PATH parameter 

HTTP request method is made up of four components:
● Request Method: Get, Post, Put, Delete
● Request URI: complete URL of the resource
● Request Header: Accept, Content-Type
● Request Body: data to be sent to the resource

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q
  1. What would you expect in a response?
A

HTTP response method is made up of three components:

● Response Status Code:200, 201, 400, 404, 500
● Response Header: Date, Server, Last-Modified, Content-Type
● Response Body: data that comes back to the client from the server

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q
  1. What is JSON?
A

● It is JavaScript Object Notation (is a minimal, readable format for structuring data.)
● It is used primarily to transmit data between a server and web application, as an alternative to XML (a lightweight version of XML)
● Represents Data in a Key: Value format
● JSON is NOT a programming language

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q
  1. What are two types of Parameters sent with a URI?
A

Parameters are options you can pass with the endpoint to influence the response.

In REST we 2 types of Parameters:
● Path Parameters
As part of the URL-path (i.e. /api/resource/parametervalue )
● Query Parameters
As a query argument (i.e. /api/resource?parameter=value )

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q
  1. What are Headers?
A

Headers provide meta-information about a request.

In my project when I send POST or PUT requests, as headers, I specify the ContentType and an authorization JSON Web Token.

When I receive a response, I verify response headers such as the Content-Type.

20
Q
  1. What is a Payload?
A

Requests and response bodies of every HTTP message includes request data called Payload.

We send a payload with POST, PUT, and PATCH calls but not in GET and DELETE calls.

The response payload is often a response of you GET (returning a record or a list of records), or a confirmation from a POST.

21
Q
  1. How do you verify a value in your Response body?
A

To validate value in Response we can use:

  1. JUnit Assertions
  2. HamCrest Matchers
  3. DeSerialization

Retrieve data from JSON and store inside Java DataStructure

Once we have a Java Object, we can compare it using JUnit Assertions.

22
Q
  1. What are the main challenges faced in API testing?
A

● Selecting proper parameters and its combinations (what if you do not have correct documentation and you need to work with parameters).
● Categorizing the parameters properly (path or query).
● Proper call sequencing is required as this may lead to inadequate coverage in testing.
● Verifying and validating the output (Request & Response)

23
Q
  1. What is the JSON path?
A

JSON Path is a class that has defined methods which allow us to get a value from a JSON object such as a String, an integer, and more.

24
Q
  1. What would you do if you do not have URI or anything else provided but you have to do API testing?
A

Well, I would do my best to request API documentation so that I know what exactly needs to be tested and what responses I should be receiving. From experience, it is considered bad practice if I just “assume” when I am really not supposed to.

25
Q
  1. Which data do you compare your API responses with?
A

I would have to compare it with API documentation. If I have access to a database and it is a requirement to validate data directly in the database, then I would do that as well.

26
Q
  1. How do you validate status codes in your project?
A

Using Postman, we were able to use the JavaScript methods available to assert the status codes but using REST assured for automation, we used:

then().assertThat().statusCode(“status code”)

27
Q
  1. How do you write a feature file in cucumber for API testing?
A

In my project I had to generate a token. That step was declared in your Background as a precondition to any execution.

Given- preparing a request file
When - calling the API/endpoint
Then - performing assertions

28
Q
  1. A service has different and dynamic responses based on what combination of 3 optional fields are sent in a request it receives, how do you structure testing this service?
A

Just exactly how you read this - this is exactly how this question was asked. But let’s break down this answer. In the first part of the sentence, we have the words “different” and “dynamic” - meaning responses are changing.

The next part says “based on what combination of 3 optional fields are sent in a request” - this should ring a bell - depending on what calls we are making, most of the time we don’t have “optional” fields. With a POST we need a body, a body is not optional, same with a PUT call.

You would say based on your experience you would structure the testing the way you should be structuring it - setting the correct headers, the correct key/token and sending the correct payload/body. If you get questions like this do not be afraid to break down the information in front of the interviewer, it will show them you can actually think!

29
Q
  1. What baseline metrics/requirements are necessary for starting to prepare a performance/load test profile for a service that has had no previous performance/load testing performed?
A

I have not performed load or performance testing so in all honesty I am not sure how to do that.

30
Q
  1. What performance and testing approaches would you perform on the service?
A

I would refer closely to the API documentation, but if I am not sure about some information, I would make sure to ask BA and developers for further information since I know I should not assume.

Reviewing API documentation, I would see what is required, do I have to test in different environments? If so, and I am using a tool like Postman, I would actually set environment variables so that I can easily make changes to all my tests in one shot.

If I have to use certain data or variables, then I would make sure to set global variables and use them wherever I need to use them. In Postman we can call global and environment variables by {{variable}}. We can actually do the same with SoapUI.

31
Q
  1. You just mentioned SoapUI in your last answer, have you worked with SoapUI?
A

No, I have not, but I was very curious to learn how I would be able to use other technologies to test API’s, so I did some research on the side. - This will make you look good.

32
Q
  1. What does 401 status code mean? 301?
A

401 - Unauthorized - meaning we need a token or key to authenticate ourselves and hit the API successfully.

301 - Moved Permanently is used for permanent URL redirection, meaning current links or records using the URL that the response is received for should be updated. The new URL should be provided in the Location field included with the response.

33
Q
  1. What is a WSDL and a WADL file?
A

WSDL - Web Service Description Language is an XML document that describes SOAP-based web services. We can load a WSDL file into our API tool and know exactly which methods it can call, what arguments those methods expect, and which data types they return. It is usually provided in WADL

WADL - Web Application Description Language is an XML document that is used to describe RESTful web services. Just like a WSDL, we can load a WADL file into our API tool and be immediately equipped to access the full functionality of the corresponding web service.

34
Q
  1. What are some principles of an API test design?
A

Setting up - Setting up your test environment, think of how we set everything up with a postman. Global, environment variables, JWT generation, etc.

Execution - How did we execute our test cases in postman? Did we have a flow?

Verification - what and how did we verify?

Reporting - How did we generate our collection runner or cucumber report?

Clean up - How did we unset variables in postman

35
Q
  1. How did you generate your token or key without having to manually do so all the time?
A

With Postman - grabbed the token from the JSON object response and stored it as a global variable to be used with all calls that required a token

Rest assured with cucumber - created a separate class, made a call to generate a token and stored the token as a Static variable - we used this as a “Given” background step to be applied to all calls

36
Q
  1. What is stateful and stateless application?
A

Applications having server memory to store credentials temporarily are called stateful applications whereas applications that do not have server memory and generate a token for authentication are called stateless applications.

37
Q
  1. What is a pm object?
A

In API testing via postman, pm is the postman object which allows us to write test cases in postman and enables us to perform validation using assertions. Pm object has functions to perform verification and validation.

38
Q
  1. What are the details bearer token contains?
A

In API testing when we create a bearer token (JWT), it contains 3 components namely header, payload and signatures.

39
Q
  1. What is REST Assured?
A

To perform API testing via automation, Rest Assured (JAVA based Library) is being used for Restful API’s. It follows the BDD approach where GIVEN is used for preparing the request, WHEN is used to hit the end point and THEN is used to verify the expected response.

40
Q
  1. What are Presentation, Application and Data layers?
A

Presentation - The layer which exists at client end where GUI is available.

Application - The layer where actual business logic is written.

Data - The layer where data is stored (Database).

41
Q
  1. What is Authentication and Authorization?
A

Authentication is used to check the identity and existence of a user in the system and Authorization is the process of checking the privileges logged in user has for the system.

42
Q
  1. What are path parameters and query parameters?
A

Path parameters are the ones which are considered as the path of BaseURI and come after /

Query parameters are used to access specific data and they come after ? in key: value format

43
Q
  1. What are the types of bugs that can be found during API testing?
A
API testing helps us to find many types of bugs which are:
● Stress
● Security
● Duplicate or missing functionality
● Reliability
● Unused flags
● Performance
● Incompatible error handling
● Multi-threaded issue
● Improper errors
44
Q
  1. What is Resource in REST?
A

REST architecture treats any content as resource, which can be text files, HTML pages, images, videos or dynamic business information. REST server gives the functionality to access the resources and modifies them. We can identify each resource by URIs/global IDs.

45
Q
  1. What is a JSON Object?
A

A JSON object consists of a key and value pair. An object may have multiple keys and values.

A value of a specified key can either be:
a JSON object
a JSON element
a JSON array