API Testing
API Testing
Course Index
Index

API Testing Advanced

1. Why is API testing important?

API testing is crucial for validating that API functionality is working as expected, that it can handle edge cases, and that it integrates well with other systems. It ensures data consistency, performance, and security.

2. What are the key things you test in a GET API that fetches a list of records?

Key tests include:

  • Verifying correct data is returned (e.g., IDs and names of records).
  • Ensuring the response status code is 200 OK.
  • Checking for correct pagination (if applicable).
  • Validating that the response time is within acceptable limits.

3. What are the key things to test when an API response feeds into a downstream system?

Key tests include:

  • Ensuring that the API returns valid and well-structured data.
  • Validating that the downstream system can process the data without errors.
  • Verifying that the API handles errors gracefully and returns meaningful error messages.

4. What are the best strategies for sending large payloads in a POST request?

Strategies include:

  • Compressing data before sending it.
  • Using chunked transfer encoding if the payload is large.
  • Sending data in multiple smaller parts if necessary.

5. Is it a good practice to have assertions for request headers when testing APIs? Why or why not?

Yes, it is a good practice. Request headers (like Content-Type and Authorization) are essential for the API's correct operation, and validating them ensures that the client sends the expected data to the server.

6. How do you ensure that an API's response structure remains consistent across different versions?

Use schema validation (e.g., JSON schema) to check the response structure and ensure backward compatibility with previous API versions.

7. What is the difference between API virtualization and API mocking?

  • API Mocking involves creating simulated responses for an API that doesn't yet exist or is unavailable.
  • API Virtualization involves creating virtual services that behave like real services for integration or testing purposes.

8. What is an API Gateway? What is its role in API architecture?

An API Gateway is a server that acts as an entry point into a system, routing requests to the appropriate backend services. It handles tasks like request routing, authentication, rate limiting, and response aggregation.

9. How do you test caching in

APIs? How do you check if caching is applied?

Test caching by checking if the Cache-Control header is set appropriately. Use tools like Postman to simulate repeated requests and verify that the response times decrease if caching is applied.

10. How can you generate test reports for API tests? What are the key attributes that should be included in an API test report?

You can generate reports using tools like Allure or ExtentReports. Key attributes to include are:

  • Test case name
  • Status (Pass/Fail)
  • Response times
  • HTTP status codes
  • Assertions made

11. What are some common security vulnerabilities in APIs? How do you test for API security?

Common vulnerabilities include SQL injection, cross-site scripting (XSS), and insecure data transmission. You can test for these by performing penetration testing, testing for input validation, and ensuring secure protocols (e.g., HTTPS).

12. How do you perform load testing and performance testing for APIs? What tools do you use?

You can use tools like JMeter, Gatling, or LoadRunner for load and performance testing. Key tests include checking response times, throughput, and the system’s ability to handle high traffic loads.

13. What is JSON Schema, and how is it used for API validation?

JSON Schema is a tool for validating the structure of JSON data. It defines the required fields, data types, and constraints for JSON objects. It is used to ensure that the API responses match expected formats.

14. Can you use the same JSON schema for validating responses from different APIs?

Yes, as long as the structure of the JSON data returned by the APIs is the same. JSON schema can be reused across different endpoints if they have similar response structures.

15. What is the difference between API Contract Testing and API Integration Testing?

  • Contract Testing verifies that the API adheres to the agreed contract between client and server (i.e., expected inputs and outputs).
  • Integration Testing ensures that the API works correctly when integrated with other systems or services.

16. What are WebSockets, and how do they differ from REST APIs?

WebSockets provide full-duplex communication channels over a single TCP connection, allowing for continuous data exchange. Unlike REST, which is request-response based, WebSockets are suitable for real-time communication.

17. What are gRPC APIs, and how are they different from REST APIs?

gRPC (Google Remote Procedure Call) is a high-performance, open-source framework for building APIs. It uses Protocol Buffers (binary format) instead of JSON and is faster than REST. gRPC is more efficient for internal microservices communication.