Many of the new modern web applications are built using web-services, micro-services, and APIs. As testers, we should be knowledgeable and experienced in testing APIs and Web Services.
Here are some fundamental API Testing Interview Questions mainly aimed at software testers.
What is the difference between API Testing and Unit Testing?
API testing and unit testing are not the same things, although they are similar. Unit testing is done by the development team to make sure that a particular unit of software functions as required; since it is not black-box testing, it can’t accurately reflect the use of that software in the field.
To put it bluntly, developers know their software too well, so they’re likely to miss something which may be blindingly obvious to a tester who is not acquainted with the software’s internal workings.
The job of the API tester is to test the software knowing only what a user is likely to know. API testing also tests the unit as part of a system, while unit testing typically tests the unit in relative isolation from the rest of the system.
Real web API testing requires an internet connection since communication to the Web API is done over the web. Unit testing is done on a local machine and requires no internet connection.
- Developers perform it
- Small units are tested in isolation
- Developer can access the source code
- Aims to find programmer errors and code coverage
- Limited in scope
- Usually ran before check-in
- Testers perform it
- Is a means to end-to-end testing
- Testers treat API as black-box
- Multiple functionalities can be checked
- Performance testing can also be done
- All functional issues are tested
- Broader in scope
- Ran after build is created
What’s the difference between UI level testing and API level testing?
With API testing, we can hit the API endpoint directly and have control of what data we send to the API for testing purposes. e.g. invalid data, malformed requests, etc.
In UI level testing, we don’t have that level of flexibility because we are bound to the constraints of the UI.
Also in terms of the response of API, there could be a lot of information which is not presented on the UI layer, but only available when analyzing the response body.
UI level tests are inherently slow to execute, whereas API level tests are a lot quicker. As a result API tests provide a much quicker feedback.
How to perform API Testing? What to check for?
In API Testing, we make a request to the API with known data and we then analyze the response for validation. Typically, the things which we should check for are:
- Data accuracy
- Data validations, data type, data order, data completeness
- Error codes if API returns
- Schema validation
- Authorization checks
- HTTP status codes
- Response timeout implementation
- Non-functional Testing such as Security and Performance Testing
What tools are typically used for API Testing?
Postman is a rest client that started off as a Chrome browser plugin but recently came out with native versions for both Mac and Windows.
- Can be used for both automated and exploratory testing
- Can be run on Mac, Windows, Linux &Chrome Apps
- Has a bunch of integrations like support for Swagger & RAML formats
- Has Run, Test, Document and Monitoring Features
- Doesn’t require learning a new language
SoapUI is a headless functional testing tool from SmartBear software. It comes in two flavors: Free open source version and Pro Version.
- Can easily create custom code using Groovy
- Drag and Drop Test Creating
- Can create complex scenarios
- Asynchronous Testing
- SoapUI’s Mock Service lets you mimic web services before they are implemented
Rest-Assured is an open-source Java Domain-specific language (DSL) that makes testing REST service simple. It simplifies things by eliminating the need to use boiler-plate code to test and validate complex responses. It also supports XML and JSON Request/Responses.
- Removes need to create boilerplate code required to interact with a rest service
- Support BDD Given/When/Then syntax
- Integrated seamlessly with Java projects
What are HTTP Request and HTTP Response?
An HTTP request method is made up of four components:
- Request Method – Get, Post, Put, Delete (these are the common ones)
- Request URI – the URL of the resource
- Request Header – Accept-Language, Accept-Encoding, User-Agent, Host
- Request Body – this is the data to be sent to the resource
An HTTP response method is made up of three components:
- Response Status Code – 200, 301, 404, 500 (these are the most common ones)
- Response Header Fields – Date, Server, Last-Modified, Content-Type
- Response Body – this is the data that comes back to the client from the server