API Testing
API Testing
Course Index
Index

API Testing Basics

1. What is an API, and why is it used?

An API (Application Programming Interface) is a set of protocols, routines, and tools for building software and applications. It allows different software components to communicate with each other. APIs are used to enable integration between different systems, access to databases, services, and more, facilitating automation and scalability.

2. What are HTTP methods, and when should each be used?

HTTP methods are used to perform actions on a resource in a RESTful API.

  • GET: Retrieve data (e.g., GET /users).
  • POST: Send data to create a resource (e.g., POST /users).
  • PUT: Update an existing resource (e.g., PUT /users/{id}).
  • PATCH: Partially update an existing resource (e.g., PATCH /users/{id}).
  • DELETE: Delete a resource (e.g., DELETE /users/{id}).

3. What is the full form of REST?

REST stands for Representational State Transfer. It is an architectural style that defines a set of constraints and properties based on HTTP.

4. What is the difference between SOAP and REST APIs?

  • SOAP (Simple Object Access Protocol) is a protocol that relies on XML and has strict standards like WSDL and XML Schema.
  • REST is an architectural style that uses standard HTTP methods and can handle data in multiple formats like JSON, XML, or HTML.
  • SOAP is more rigid and heavy, whereas REST is lightweight, flexible, and easy to scale.

5. What are the differences between URI and URL? Provide an example.

  • URI (Uniform Resource Identifier): A URI is a string of characters used to identify a resource on the internet. It could be a URL or URN.
  • URL (Uniform Resource Locator): A URL is a type of URI that provides the location of a resource on the web, such as http://www.example.com/index.html.
  • Example: https://www.example.com is a URL, which is a type of URI.

6. What are HTTP request headers and response headers? Give examples.

  • Request Headers: Provide additional information about the request (e.g., Content-Type, Authorization, Accept).
    • Example: Content-Type: application/json
  • Response Headers: Provide information about the server's response (e.g., Server, Date, Cache-Control).
    • Example: Content-Type: application/json

7. What is the difference between GET and POST methods?

  • GET retrieves data from a server, and the data is sent in the URL (query parameters).
  • POST sends data to the server to create or update a resource. Data is sent in the body of the request.
  • GET is idempotent (same request returns the same response), whereas POST is not.

8. What is the difference between PUT and PATCH methods? Provide examples.

  • PUT updates a resource entirely (e.g., PUT /users/{id} replaces the entire user record).
  • PATCH updates a part of a resource (e.g., PATCH /users/{id} only modifies a specific field, like the user's name).
  • PUT is idempotent, while PATCH is not necessarily idempotent.

9. Why is PUT considered idempotent? What are the conditions for idempotency?

A method is idempotent if making multiple identical requests has the same effect as making a single request. For example, PUT /users/1 can be called multiple times to update the user without changing the outcome after the first call.

10. Is POST a cacheable method? Is PUT a cacheable method?

  • POST is typically not cacheable, as it is used to create resources.
  • PUT can be cacheable if it is configured that way (it replaces resources), but it is not typically considered cacheable by default.

11. What is a HEAD request, and in what scenarios would it be useful?

A HEAD request is similar to a GET request but does not return the body, only the headers. It is useful to check metadata, such as content type or last-modified date, without downloading the full content.

12. What is the difference between query parameters and path parameters? Provide examples.

  • Path Parameters are used in the URL path to specify a resource, like /users/{id}.
  • Query Parameters are used in the URL to filter or modify the request, like /users?id=123.

13. What do HTTP status codes 401, 402, and 403 mean?

  • 401 Unauthorized: Authentication is required to access the resource.
  • 402 Payment Required: Reserved for future use; could be used for payment services.
  • 403 Forbidden: The server understood the request but refuses to authorize it.

14. What does the 400 Bad Request status code indicate?

The 400 Bad Request status code indicates that the request from the client is malformed or contains invalid parameters.

15. If you send a text file as input in a POST request, what should be the Content-Type?

The Content-Type should be set to text/plain or multipart/form-data if sending a file with additional metadata.

16. How do you test expired or invalid tokens in an API?

To test expired or invalid tokens, send requests with expired or invalid tokens in the Authorization header and check if the server returns a 401 Unauthorized status code.

17. How do you test user roles and permissions in an API? What are some best practices for testing authorization?

Test different user roles by sending API requests with various authentication tokens (admin, user, guest). Verify that only authorized users can access protected endpoints and that they can perform permitted actions.

18. How do you test API rate-limiting, and when should it be used?

Test API rate-limiting by sending requests in rapid succession and ensuring that the API returns appropriate rate-limiting headers, such as X-RateLimit-Limit and X-RateLimit-Remaining. Rate-limiting should be used to prevent abuse and ensure fair usage of resources.