API Testing Q&A

·    What is API Testing?
API testing is testing that APIs and its integration with the services. It is one of the most challenging type of testing, If we miss the certain cases in API Testing that can cause a very big problem in production after full integration and it will hard to debug in production environment  In this definite guide, we are basically discussing about the REST API Testing. Where we need to test the REST APIs for the validation, error codes and load testing

--------------------------------------------------------------------------------------------------------------------------------------------------

·     What are the Benefits of API Testing?

Early Evaluation: It evaluates the API early on and measures its success against a test suite. This prevents a lot of loss of time during the development cycle and over-engineering that might be necessary to address minor issues during the later stages

CI/CD Compliance: Because API testing can be automated, validating the business requirements through continuous integration and a continuous delivery pipeline is smooth. The end-to-end testing cycle is thus more efficient and relevant, as is the quality of the application.

Tight Security: Considering the combined prowess of fuzz, penetration, and security testing that API testing brings to the table, it becomes a robust and authoritative testing method against both the functional and the security anomalies that the API might face.

Time and Cost Reduction: The automation of API testing ensures that the time and resources invested in API testing are well-spent. Besides, the direct impact of API testing in quicker delivery, compliance to standards, better security, and a controlled scope is visible across every phase of development, making for a well-rounded testing strategy.

Platform Agnosticism: API testing ensures that the API can be deployed and tested across multiple technologies, regardless of the platform used. With the advantage of testing on different platforms and keeping the availability of both automated and manual testing continuous, API testing becomes a viable option for cross-development frameworks.
--------------------------------------------------------------------------------------------------------------------

·     What are the Challenges in API Testing?

o     Initial Setup of API Testing

o     Sequencing of API Calls

o     Selecting, Testing, and Validating the Parameter Combinations

o    Updating the Schema of API Testing

o    Lack of documentation

o    Lack of standardization 

   --------------------------------------------------------------------------------------------------------------------

·    How do you perform API testing?

We perform API testing by using postman tool. We get the URI and JSON Payload from dev Team and also get the Authentication details (User name and Pwd) from dev team then, we do Modification in the payload based on our test cases & check the response accordingly. I do test for REST APIs

Methods in API testing:

ü  Get Method: When we want to fetch data from the server then we use GET method to fetch the data.

ü  POST Method: When we want to create some new resource on the server then we use POST method.

ü  PUT Method: When we want to update any existing resource then we use PUT method to modify. If Parameter which we want to update is available then it modifies that parameter if that parameter is not available

ü  PATCH Method then it creates that parameter. When we want to do partially update then we use PATCH method to update. We pass only that parameter which we want to update, we don't have to pass complete payload to update the resource

-           --------------------------------------------------------------------------------------------------------------------

·      What is API testing and how do you perform it?
Ans: We used to perform postman tool for API testing. We get the URL and JSON code from dev team and also get the Authentication details (username and password) from dev team then we start modification in the code based on our test cases and check the response accordingly.
--------------------------------------------------------------------------------------------------------------------

·      Response Codes and there meanings:
  Ans: Below are the response code and there meaning:

1xx informational response: The request was received, continuing process.
2xx successful: The request was successfully received, understood, and accepted  200 OK: The actual response will depend on the request method used. In a GET request, the response will contain an entity corresponding to the requested resource.
201 Created: The request has been fulfilled, resulting in the creation of a new resource.
202 Accepted: The request has been accepted for processing, but the processing has not been completed.
3xx redirection: Further action needs to be taken in order to complete the request

4xx error – the request contains bad syntax or cannot be fulfilled.

400Bad Request: The server cannot or will not process the request due to an apparent client error (e.g., malformed request syntax, size too large, invalid request message framing, or deceptive request routing).
 401Unauthorized (RFC 7235): Similar to 403 Forbidden, but specifically for use when     authentication is required and has failed or has not yet been provided.
 403 Forbidden: The request contained valid data and was understood by the server, but the     server is refusing action. This may be due to the user not having the necessary permissions for a resource.
 404 Not Found: The requested resource could not be found but may be available in the future.

5xx server error

500 Internal Server Error:  A generic error message, given when an unexpected condition was encountered and no more specific message is suitable.
501 Not Implemented: The server either does not recognize the request method, or it lacks the ability to fulfill the request. Usually this implies future availability (e.g., a new feature of a web-service API).
502 Bad Gateway: The server was acting as a gateway or proxy and received an invalid response from the upstream server.
503 Service Unavailable: The server cannot handle the request (because it is overloaded or down for maintenance).Generally, this is a temporary state.
504 Gateway Timeout: The server was acting as a gateway or proxy and did not receive a timely response from the upstream server.

-------------------------------------------------------------------------------------------------------------------------

·         What all challenges while doing API testing

Ans: There are following challenges in API testing:
·Initial Setup of API Testing. Manual testing helps confirm whether something works.
·Updating the Schema of API Testing.
·Testing Parameter Combinations.
·Sequencing the API Calls.
·Validating Parameters.
·Test Data management
·Integration challenges: APIs interact with each other through a set of defined
 rules known as contracts or protocols.
--------------------------------------------------------------------------------------------------------------------

·         What API information is exposed in Web Developer tools?
 Ans: Request headers, Response body, Response cookies.
--------------------------------------------------------------------------------------------------------------------

·          Which type of encoding does postman accepts authorization credentials?
Ans: Postman accepts Base64 encoding only. Because it transmits the data into the textual form and sends it in easier form such as HTML forms data.
--------------------------------------------------------------------------------------------------------------------

·         Can global scope variables have duplicate names in postman?
Ans: Since global variables are global i.e. without any environment, global variables cannot have duplicate names. Local variables can have the same name but in different environments.
--------------------------------------------------------------------------------------------------------------------

·          What is a Postman Collection?
Ans: A Postman Collection lets us group individual requests together. Simply it allows us to organize the requests into folders. 
--------------------------------------------------------------------------------------------------------------------

·          What do you mean by postman monitors?
Ans: The postman monitor is used for running collections. Collections are run till specified time defined by the user. Postman Monitor requires the user to be logged in. Monitor reports are shared by users over email on a daily/monthly basis. 
--------------------------------------------------------------------------------------------------------------------

·          What do you understand by the term Postman Collection runners? 
Ans: A postman collection runner is used to perform Data-driven testing. The groups of API requests are run in a collection for the multiple iterations with different sets of data.
--------------------------------------------------------------------------------------------------------------------

·          How do you remove local variables?
Ans: Local variables are automatically removed once the tests have been executed.
--------------------------------------------------------------------------------------------------------------------

·          How can we stop executing requests or stop the collection run?
Ans: postman.setNextRequest(null);
---------------------------------------------------------------------------------------------------------------------

·          How can we access a Postman variable?
Ans: We can access a Postman variable by entering the variable name as {{var}}.
--------------------------------------------------------------------------------------------------------------------

·          How can you iterate a request 100 times in Postman?
 Ans: By using Collection Runner
--------------------------------------------------------------------------------------------------------------------

·          What will execute first in a Collection Run?
Ans: Pre-request scripts at the Collection level are executed first in a Collection run.
--------------------------------------------------------------------------------------------------------------------

·          How can we log requests and responses in Postman?
Ans: We can view requests logs and response logs through the Postman Console window.
--------------------------------------------------------------------------------------------------------------------

·          What are the main challenges of API testing?
Ans: The main challenges in API testing are:
· Parameter Selection
· Parameter Combination
· Call sequencing
--------------------------------------------------------------------------------------------------------------------

 ------------------------Please provide your valuable comments-------------