API testing interview questions and answers for QA Engineers
Summary
TLDRIn this video, Sergio Kenko, a senior QA engineer and manager, addresses popular API testing interview questions from the past three months. He explains API testing fundamentals, covering tools like Postman, the differences between API and UI testing, environmental variables, tokens, HTTP response status codes, and test automation. He also touches on performance testing tools like k6 and JMeter and advises on how to honestly handle questions about tools you haven't used professionally. Sergio offers practical tips for aspiring QA engineers, including resources for further learning and a breakdown of common interview scenarios.
Takeaways
- 📚 **Popular API Testing Questions**: The video discusses 10 commonly asked API testing interview questions based on recent interviews from students who secured job offers.
- 🧑💻 **How to Test API**: API testing involves sending requests using tools like Postman or Insomnia, verifying response status codes, body, speed, and handling positive/negative cases. Authentication and authorization should also be tested.
- 🤔 **Why API Testing Is Important**: API testing verifies business logic and server-side data processing, which is quicker than UI testing and useful for systems without UIs, like weather data services.
- 🔍 **API Testing vs UI Testing**: API testing focuses on reliability, performance, and security without involving the user interface, while UI testing verifies graphical elements and user interactions like clicks and inputs.
- 🚀 **Automating API with Postman**: Postman allows easy API automation using snippets to verify status codes and autofill code, making it beginner-friendly for those without much experience.
- 🔑 **Environmental Variables & Tokens**: Environmental variables store values like base URLs or API keys, making it easy to switch between environments. Tokens act as temporary identification strings during sessions to authenticate users.
- 🧾 **Common HTTP Status Codes**: The speaker highlights frequently encountered codes like 200 (OK), 201 (Created), 400 (Bad Request), 401 (Unauthorized), 403 (Forbidden), 404 (Not Found), and 500 (Server Error).
- 🛠 **Automating API Calls**: When creating an API test automation framework, the key steps are gathering requirements, selecting appropriate tools, and setting up the framework from scratch, using libraries like Axios for API testing.
- 🧪 **Testing POST Requests**: Testing POST requests requires sending payloads, verifying status codes (e.g., 201), checking response bodies, and ensuring functionality with both positive and negative test cases.
- 📊 **API Performance & Metrics**: The key performance metrics in API testing are response time, error rates, and test coverage, which help track server behavior and the extent of API test automation coverage.
Q & A
What is API testing, and why is it needed?
-API testing is done to verify the business logic, data processing, and reliability of the server-side components independent of the user interface. It is crucial because it allows for faster testing than UI testing, and in some cases, there might not even be a UI, such as with companies that provide data via APIs.
How do you test an API, and what tools can be used?
-To test an API, you send requests using API clients like Postman or Insomnia. You verify the response by checking status codes, response body, speed, and performance. Both positive and negative test cases should be considered, along with testing authentication and authorization.
What is the difference between API testing and UI testing?
-API testing focuses on reliability, performance, functionality, and security of APIs, while UI testing is concerned with the graphical user interface and user experience. API testing verifies server-side operations, while UI testing is done from the user's perspective.
How can you automate API testing using Postman?
-Postman allows you to automate API testing by writing scripts in its 'Tests' section. You can use Postman’s Snippets to easily generate automated tests, such as verifying status codes. Postman helps automate testing of requests and responses, making it easier to manage API tests.
What are environmental variables and tokens in API testing?
-Environmental variables store values like base URLs, API keys, or tokens, allowing easy switching between environments (e.g., dev to QA or production). A token is a form of identification issued by the server after login, used in subsequent requests to authenticate the user without requiring credentials again.
What are some common HTTP response status codes you should know for API testing?
-Common HTTP status codes include: 200 (OK), 201 (Created), 400 (Bad Request), 401 (Unauthorized), 403 (Forbidden), 404 (Not Found), and 500 (Server Error). These codes indicate the success or failure of an API request and provide insight into server-side issues.
How would you automate API calls and create an API test automation framework?
-To automate API calls, you would first gather requirements and choose a tool like Axios or any other API testing client. After selecting the right tool, you would proceed by setting up the framework to include test scripts for requests, responses, and validations.
How do you test a POST request?
-To test a POST request, gather requirements, include expected payload and headers, and send the request. Verify the status code, response body, and response time. Perform both positive and negative test cases, checking for error handling, authorization, and data validation.
What kind of metrics are important for API testing?
-Key API testing metrics include response time (how long the server takes to respond), error rate (percentage of failed requests), and test coverage (how many APIs are covered by automated tests). These metrics help assess the performance and reliability of the APIs.
Have you ever done API performance testing, and how would you approach it?
-While the speaker has not done professional API performance testing, tools like K6 and JMeter can be used for performance, load, and stress testing. These tools simulate different levels of traffic to measure how well the API performs under various conditions.
Outlines
👋 Introduction to API Testing Interview Questions
The speaker greets QA engineers and aspiring testers, addressing the numerous inquiries received over the past three months about API testing interview questions. They collected questions from successful candidates who recently secured job offers. The speaker introduces themselves as Sergio Kenko, a software QA lead manager with over 10 years of experience, and emphasizes their mission to help people improve QA skills. Before diving into the top 10 API interview questions, they urge viewers to like the video and subscribe.
📋 Overview of API Testing: Tools and Process
The speaker explains how to test APIs, highlighting the importance of using API clients like Postman or Insomnia. They outline the testing process: sending requests, receiving responses, and verifying status codes, response bodies, speed, performance, and cases. They emphasize the need to test both positive and negative cases, including authentication and authorization. API testing is vital for validating server-side business logic and data processing independent of the user interface, and it's often quicker than UI testing.
🔄 API Testing vs UI Testing: Key Differences
This section contrasts API testing with UI testing, explaining that API testing focuses on server-side performance, reliability, functionality, and security. Tools like K6 or JMeter are mentioned for performance, load, and stress testing. UI testing, however, centers on the graphical user interface from the user's perspective, ensuring the application functions as expected based on the requirements. API testing delves into server-side error handling, while UI testing checks the user experience.
🤖 Automating API Testing with Postman
The speaker assures viewers that automating API testing with Postman is straightforward, especially using Postman snippets. They guide users on how to use Postman for automation, and mention a 20-minute tutorial video available to help beginners learn the basics. Viewers are encouraged to like the video and join the community on Instagram and Telegram, where more updates are shared.
🌍 Environment Variables and Tokens in API Testing
This section delves into environmental variables and tokens, critical concepts in API testing. Environmental variables help manage values like base URLs and API keys, making it easier to switch between environments like QA and production. Tokens are explained as temporary identification strings that authenticate users during sessions, with a simple analogy of logging into Instagram to illustrate their use in software.
📊 Understanding HTTP Response Status Codes
The speaker recounts their experience answering a question about HTTP response status codes during a past interview. They highlight common codes like 200 (success), 201 (created), 400 (bad request), 401 (unauthorized), 403 (forbidden), 404 (not found), and 500 (server error). The speaker emphasizes that while it's unnecessary to memorize all status codes, knowing the frequently encountered ones is important. They provide a link to a blog with more information on status codes.
🤖 Automating API Calls and Creating Frameworks
The speaker outlines the steps to automate API calls and create a test automation framework. This involves gathering requirements, choosing the right tools (such as Axios for API testing), and setting up the framework. They recommend a video playlist that guides viewers through creating a test automation framework from scratch, suitable for both beginners and more experienced QA engineers.
🚀 Testing POST Requests in APIs
In this segment, the speaker explains the process for testing POST requests, emphasizing the importance of gathering requirements first. They describe the steps: preparing the payload, sending the request via Postman, and checking the response status code, body, and speed. Different test cases, including positive, negative, and boundary testing, are recommended. The speaker stresses the importance of verifying user creation and login after the POST request.
🏠 Examples of API Testing: Real Estate Listings
The speaker shares examples of API testing they've done, particularly for a real estate listing website like Zillow. They describe testing CRUD operations (Create, Read, Update, Delete) for listings, ensuring that each API operation works as expected. They challenge the viewers to guess the fifth test after deleting a listing, which involves sending a GET request to confirm the deletion (expecting a 404 status code).
📈 Key API Test Metrics
This section covers the key metrics used in API testing: response time (how long the server takes to respond), error rate (the percentage of API errors), and test coverage (how much of the API is covered by tests). These metrics help QA engineers assess the performance and reliability of the APIs they are testing, providing valuable insights for continuous improvement.
🏋️♀️ API Performance Testing: Honesty is Key
The speaker candidly discusses their limited experience with API performance testing, admitting they've only experimented with tools like K6 and JMeter for personal learning, not in a professional environment. They advise honesty in interviews, encouraging viewers to be truthful about their experience to avoid being caught in a lie. The speaker reassures viewers that it's okay not to know everything and that honesty fosters trust.
📢 Wrapping Up: Feedback and Future Content
The speaker wraps up the video by asking viewers for feedback on whether the interview questions were helpful and what other topics they would like covered in future videos. They encourage viewers to leave comments, even critical ones, and express gratitude for watching the video.
Mindmap
Keywords
💡API Testing
💡Postman
💡Authentication and Authorization
💡Environmental Variables
💡HTTP Response Status Codes
💡CRUD Operations
💡UI Testing
💡Performance Testing
💡Test Automation Framework
💡Tokens
Highlights
Introduction to API testing interview questions, based on feedback from students who got job offers.
Key tools for API testing include Postman, Insomnia, and other API clients.
API testing is essential to verify the business logic and data processing on the server-side, separate from the user interface.
Difference between API and UI testing: API testing focuses on performance, security, and reliability, while UI testing checks user-facing components.
Postman allows automation with snippets for verifying status codes and automating requests.
Explanation of environmental variables and tokens in API testing, focusing on managing values like base URLs and tokens for authentication.
Common HTTP response status codes explained, including 200, 201, 400, 401, 403, 404, and 500.
How to automate API calls and build test automation frameworks, emphasizing tools like AxiOS and JMeter.
The process of testing a POST request using tools like Postman, focusing on response status codes and boundary testing.
CRUD operations testing for real estate websites, such as creating, reading, updating, and deleting listings.
Important API test metrics: response time, error rate, and test coverage.
API performance testing using tools like k6 and JMeter for load and stress testing, but acknowledging the need for specialized experience.
The importance of being honest during interviews about API testing experience, including gaps in knowledge.
The role of authentication and authorization in API testing, particularly in testing secured endpoints.
The importance of testing both positive and negative cases, especially for server-side validation and error handling.
Transcripts
good afternoon QA engineers and those
who are planning to become one soon
within the last 3 months you guys have
been sending a lot of messages and
living a comments on YouTube regarding
the API testing interview questions so
what I did I've gathered all of the
interview questions that we had within
the last 3 months from all of our
students who've got a job offers like
this guy that girl or all of these
people and actually you can see an
entire playlist right below this video
regardless now I'm going to give you 10
most popular API testing related
questions that they have been receiving
during interview for the last 3 months
but before we proceed I want to remind
you guys who am I and why should you be
watching this video my name is Sergio
kenko I'm a software QA engineer lead
manager and a senior engineering manager
of ASAT I've been in the world of QA for
about 10 years but today I'm helping
people like you to become a QA engineer
or to improve your existing skills and
now you got to hit that big fat thumb up
button below subscribe to our Channel
and let let's
proceed how do you test API and why is
API testing needed first of all in order
to send API you're going to have to use
some sort of an API client such as
Postman insomnia or any other client
based on your preferences but regardless
you send an API request you get the
response from the server and you need to
verify it how do you verify it well
based on response you will verify the
status code body speed or performance
and also you will need to test different
cases such as positive cases and
negative cases in order to verify how
will the server act if user send some
information that it's not supposed to
and also don't forget about
authentication and authorization because
those will also have to get tested why
is API testing needed well because we
need to verify the business logic data
processing on a server side separately
from the user interface it is important
to test API because we can test it much
faster than even the UI has been created
or in some cases there will be no user
interface there can be companies that
only work with the data just like
weather.com you can pay the money and
get the and through the API you can get
the data so you could build your own
weather website what is the difference
between API testing and UI testing well
those are two completely different
things which are related somehow but in
API testing we focus more on reliability
performance functionality and security
testing of apis themselves separately
from the user interface we can also
verify server side Adder handling and
how well server performs under the load
with a tools such as k6 jmeter or any
other popular tools for the performance
load and stress testing UI testing on
the other hand is concerned more about a
graphical user interface when we are
testing a website or mobile app for
example you can think of it as the
testing from the user's perspective
because as the user you will be clicking
buttons you will type in information
loging in loging out etc etc etc UI
testing on the other side is more about
testing graphical user interface pretty
much what we can see when we open up a
website or a mobile app pretty much we
verify it from the user perspective that
the application is intuitive it works as
expected the way it's written in a
requirement
do you know how to automate API using
Postman the answer is absolutely yes
even if you guys do not know how to use
automation or how to use Postman you can
see the video right here or right below
this video where I've explained what
Postman is how to use it and how to
write some basic automation Tas with the
postman it's super easy especially with
the postman Snippets because Postman
does give you ability to Simply click on
verify status code and it will autofill
the code for you you will simply need to
update the expected status code to the
one that you actually want to get so if
you never had experience with a postman
simply watch that video for 20 minutes
and you will have Basics and you'll be
able to say that yes I've used it in the
past or I did research it and it's super
easy and intuitive but anyway I think
you forgot to hit this big fat thumb up
button below and to subscribe to your
channel and also you forgot to subscribe
to our Instagram and our telegram
communities links to which I have left
right below this video so you guys could
join them and see many more updates that
I can legally share on YouTube question
number four and it's actually tricky one
what do you know about environmental
variables and tokens in API testing this
is a tricky question because I actually
usually ask it ask people who give me a
call and say hey I took a UD course for
manual testing or I took other boot camp
but I would like to sign up with you for
the test automation but in our school we
have requirements that you have to know
manual test very well before you can
jump into automation because I don't
want you guys to slow down everyone so I
usually ask this or similar question and
you won't believe but 99% of people who
take other boot camps or em me courses
or manual testing and try to join us
they do not know answer to this question
but let me quickly answer it
environmental variables in API testing
and everywhere else they are used to
store and manage values specifically in
API testing there would be for the base
URL for the API keys or for example for
the token itself it helps us to switch
between different environments without
having to completely change the url in
every single case such as from da to QA
from QA to production or staging for
example and a token is pretty much a
form of identification imagine that you
have an ID or a password right in world
of software you have your token and let
me explain it to you in a simple example
imagine that you go to Instagram .c you
type in your username and password and
you click login so you need to type in
your username and password in order for
the server or for Instagram to know who
you are when you click login it sends
the post request to the server server
checks if your data if the username and
password that you have specified are the
same that you have used upon
registration and if that's true the
server will issue a temporary
identification document such as token
it's just a string it's just a bunch of
num
and special characters and just Lads and
that bunch of characters or an ID is a
temporary so while you're logged in
until your log out or until your session
expires you don't have to type in your
username and password to be identified
your token is stored in the browser or
in your app and whenever you click
button to for example create a new post
it will use the token that was stored in
the browser or app and it will send it
with all of the information that you've
specified in a post to the server and
will create a new post so that's what
token is and that's how it is used what
HTTP response status codes are you
familiar with and what do they mean
it'll be funny to say but this was one
of the questions during the second round
of interview in 2015 when I was going
for my first more than
$100,000 position ever aspect mid-level
key automation engineer and I got the
job offer and here is how I answer the
question so I do not remember all the
status Cotes that exist and I probably
shouldn't but I can tell you those that
I have been mostly use or that have been
mostly using so far and those are 200
whenever we're sending get request for
example and we're getting successful
response two one whenever we create user
or create any kind of data with the post
request then usually you could
potentially get 400 b requests whenever
you make a typo but generally speaking
400s are user or client issues or one
whenever you are send a request but you
are not authorized you did not include
token or the existing token I mean you
you made a typo in token 403 which is
forbidden whenever you have logged in or
you have used the token that exists from
the account but you do not have access
to the particular resource such as you
have logged in as the user but you're
trying to navigate to the page or maybe
to update another user by utilizing your
your token but only admin should be able
to do that that's why you're getting 403
404 which is one of the most and
actually it is the most popular status
code or HTTP response status code in the
world you guys have seen it a lot I'm
pretty sure whenever you navig get you
the page that doesn't exist you will see
404 and by the way if you guys want to
learn these codes I'm going to leave a
link for our Codi blog where I have
created a page specifically for people
like you who would like to learn the
most po popular status code is going to
be right below this video and 500 that's
the server Adder 500 means that server
has no idea what to do with the request
that you have just sent so pretty much
whenever you see 500 you should dig into
server logs and take it to developers so
they could fix it how would you automate
API calls and have you ever done it
absolutely every single student of our
school who went through the full course
is able to create test automation
framework from scratch for UI and for
API and if you guys have not learned
that yet but if you would like to learn
it I have a playlist of videos where you
can learn how to create test automation
framework for free completely from
scratch and you can find the link right
here or right below this video and now
here's my answer so if I need to create
test automation framework from scratch
number one I would gather all of the
requirements number two I would pick the
right tool that I want to use most
likely if it's a purely API testation
framework I'll probably use AIS and ojz
because access is a pure API testing
client it's not like play ride that
contains a lot of things that we're not
going to be using but if the company
already has another API client or test
automation framework I will make a
decision based on that and after I
choose
my client I can proceed with a setting
up test automation framework from
scratch and by the way guys if you're
going to be watching this playlist that
I was talking about you can literally go
from the junior QA engineer all the way
up to Sy key automation engineer because
I have shared three videos and every
single one of you even if you are a c
LEL you'll be able to dig something out
of it how do you test a post request
well first of all we're Q Engineers
regardless of what we have been asked to
test we have to ask for requirements so
the followup question do you have any
requirements they will give you an
example say yeah sure let's imagine this
is create user API that we are creating
now and I would say okay sure not a
problem at all so first of all after I
together all requirements and we have
the environment set up for testing I
will take the Pulse request I will
include the expected body that or
payload that we should be sending I'll
include all of the headers and I will
send the API request let's say through
the postman and with the postman by the
way if you guys are interested in
learning Postman you can follow this
video right here to see 20 minutes worth
of video how to set it up and use it so
I would send a AP request through the
postman and then I would get a response
I would take a look number one what is
the status code number two what is the
body and number three how long did it
take for that API to come back
definitely we're going to have multiple
cases such as positive and a negative we
would send different types of data this
different length of data to do boundary
testing we would check the ER handling
we would send the data that is not
expected to be sent we could also verify
the authorization and authentication of
this particular API but most importantly
if this is registering user or create
new user we should get two wanted
response as it should have probably been
specified in requirements and after we
get the response we need to verify that
we can log in with that particular user
if login API is already being developed
can you give me a few examples of API
testing that you were doing lately or
few particular apis generally speaking
every single one of you guys should have
experience and should know what apis you
have been testing if you do not I could
probably help you out feel free to
schedule a call with me by following the
link right below this video it will say
candly then response or answer couple
apis that I was testing just for example
imagine this you've been working or I've
been working for the real estate selling
website such as zillow.com and I've been
testing crud which is create read update
and delete or post get put and delete
API requests for the listing section
such as create list l in update listing
get listing by ID and remove listing so
how do you test those well you should
actually test them one by one in this
sequence first you create brand new
listing you verify all the data that was
supposed to come back came back number
two you get the listing by ID because in
a respon of create listing you should
have received an ID after you send API
you can verify that that data or that
listing was created and you can actually
get it now number three you need to
update that listing by utilizing listing
ID number four you need to delete or
remove that listing and number five you
going to have to can you guys actually
pause the video right here and guess
what would be the fifth test right here
please pause it give it a sec leave a
comment and then come back and continue
here's the answer you need to send the
get request one more time to verify that
the listing was removed and you should
get 404 status code that we were just
talking about what kind of test metrics
do you use in your company related to AI
test well generally speaking we could
use three most important test metrics
first one is the response time how long
does it take server to get us response
back to the client that send an API
request second one error rate or what's
the percentage of apis that are actually
erroring out and you can find that out
by using any kind of monitoring tools
and you can usually ask your devops what
monitoring tools are they using for the
apis and a third one test coverage which
is the most important one for the QA
Engineers so we could know and Report uh
to our lead or manager how many apis
have been covered with the test
Automation and the last one but actually
very important one have you ever done
API performance testing the very truth
is there are a lot of people on the
market who took boot camps and who have
impostor syndrome which means that
you're afraid to be to be caught that
you don't know something that you should
have know but the thing is no one knows
everything myself I have been working as
the Q engineer lead manager and seni
engineer manager of SD for the 10 years
in world of QA and Tech and I have never
professionally done performance testing
of API and that's completely fine you
should not know everything it is
impossible to know so here's what I
would say if I would get this question
if I've been asked have you ever done
API performance testing I would say I've
been playing with the k6 and the J meter
performance load and stress testing
tools but I have never used it in actual
working environment I only use it for
fun to find out how it actually works so
if you guys would like me to utilize it
for your company it would take me
probably a couple of days to refresh my
mind and start using it for you so by
being honest you guys have eliminated
the ability for the company to cut you
on something that you never did but you
s that you did so which means you can
live free and happy life of fears
because you have told them the truth and
there is nothing more to lie about well
now you guys tell me were those
interview question useful for you and if
they were let me know what else you
would like me to record so you guys
could get more useful information from
me in the future and if you did not
enjoy it I want you guys to also leave a
comment below and tell me how much I
actually suck thank you watching for
this video and I'll see you next time
B
Ver Más Videos Relacionados
API Testing Interview Questions and Answers| 3+ YOE
Manual QA: Testing for Beginners - Types of QA Testing - Part 9
Software Testing Tutorial #24 - Regression Testing in Agile Development
JMeter Performance Testing Tutorial 1 - What is JMeter and how to install JMeter on Windows 10
Performance Testing Tutorial For Beginners | Performance Testing Using Jmeter | Simplilearn
Will AI Take QA Jobs | Best Test Automation Tool To Learn - Part 1
5.0 / 5 (0 votes)