API Testing TOP 2025 Interview Preparation Guide : Part 1

    

     

1.     What is API Testing?

API testing is a type of software testing that validates Application Programming Interfaces (APIs). It checks whether the APIs function correctly, return expected results, handle errors, and integrate smoothly with other services. API testing is critical because missing cases can lead to failures in production that are hard to debug.

2.     What are the Benefits of API Testing?

Early Evaluation – APIs are tested early in the development cycle to detect issues sooner.
CI/CD Compliance – APIs can be validated automatically in pipelines, improving efficiency.
Security – API testing includes fuzz, penetration, and security checks.
Time & Cost Savings – Automation reduces manual effort and cost.
Platform Agnostic – APIs can be tested across different technologies.

3.     How do you perform API testing?
API testing is often performed using tools like Postman. The development team provides the API endpoint (URL), payload (usually JSON), and authentication credentials. Testers then modify payloads according to test cases and check responses for correctness, errors, and edge cases.

4.     What are the Challenges in API Testing?

·        Initial setup and environment configuration.

·        Sequencing API calls to ensure dependencies are tested properly.

·        Validating and testing multiple parameter combinations.

·        Updating schemas when APIs evolve.

·        Lack of proper documentation.

·        Lack of standardization across APIs.

5.     What API information is exposed in Web Developer tools?
Request headers, response body, and response cookies are typically visible.

6.     Which type of encoding does Postman accept for authorization credentials?
Postman accepts Base64 encoding. It converts credentials into textual form for easier transmission (e.g., in HTML forms).

7.     Can global scope variables have duplicate names in Postman?
No. Global variables are unique across all environments. Only local/environment-specific variables can have the same names.

8.     What is a Postman Collection?
A Postman Collection is a group of API requests organized into folders. It helps in structuring and reusing requests for testing

9.     What do you mean by Postman monitors?
Postman Monitors allow you to schedule and run collections at defined intervals. They help automate testing and share reports via email.

10. What do you understand by the term Postman Collection runners?

The Collection Runner in Postman allows data-driven testing by running requests multiple times with different sets of input data.

11. How do you remove local variables?

Local variables in Postman are temporary and are removed automatically once the test run ends.

12. How can we stop executing requests or stop the collection run?

By using the command: postman.setNextRequest(null).

13. How can we access a Postman variable?

Postman variables are accessed using double curly braces syntax: {{variableName}}.

14. How can you iterate a request 100 times in Postman?

This can be done using the Collection Runner with a CSV/JSON data file that iterates requests multiple times.

15. What will execute first in a Collection Run?

Pre-request scripts at the Collection level are executed first before requests are sent.

16. How can we log requests and responses in Postman?

Requests and responses can be viewed in the Postman Console, which logs all request/response details.

17. What are the main challenges of API testing?
• Parameter selection.
• Parameter combination testing.
• Call sequencing.
• Proper error handling and validation.
• Lack of complete documentation from developers.

18. What is API mocking, and why is it needed?

API mocking simulates responses to test applications when the actual API is unavailable or in development.

19. What are query parameters and path parameters?

·        Query Parameters → These are key-value pairs added to the URL after a ? symbol. They are mainly used for filtering, searching, or sorting data.

·        Path Parameters → These are part of the URL structure itself and are used to identify a specific resource.

·        Query Parameters → Used for filtering or modifying responses.

·        Path Parameters → Used to access a specific resource.

 

20. What is the difference between 401 and 403 status codes?

401 Unauthorized: The request is missing authentication credentials or has invalid ones.

403 Forbidden: The user does not have permission to access the resource.

 

21. What is rate limiting in APIs?

 

Rate limiting controls the number of API requests a user can make within a timeframe to prevent abuse 

Example: A weather API allows only 50 requests per hour for free users. If a user exceeds this, they must wait or upgrade to a paid plan 

22. How do you handle dynamic values in API testing?

Use parameterization and correlation to replace dynamic values like timestamps and unique IDs.

 

23. What is an API contract?

An API contract defines the structure, request parameters, and expected responses of an API. It acts as a blueprint for development and testing.

 ---------------- Please Like and comment !!-------------