API testing interview questions and answers for QA Engineers

00:00

good afternoon QA engineers and those

00:02

who are planning to become one soon

00:04

within the last 3 months you guys have

00:06

been sending a lot of messages and

00:08

living a comments on YouTube regarding

00:09

the API testing interview questions so

00:11

what I did I've gathered all of the

00:13

interview questions that we had within

00:16

the last 3 months from all of our

00:18

students who've got a job offers like

00:20

this guy that girl or all of these

00:23

people and actually you can see an

00:24

entire playlist right below this video

00:26

regardless now I'm going to give you 10

00:29

most popular API testing related

00:32

questions that they have been receiving

00:33

during interview for the last 3 months

00:35

but before we proceed I want to remind

00:37

you guys who am I and why should you be

00:40

watching this video my name is Sergio

00:41

kenko I'm a software QA engineer lead

00:44

manager and a senior engineering manager

00:46

of ASAT I've been in the world of QA for

00:48

about 10 years but today I'm helping

00:50

people like you to become a QA engineer

00:53

or to improve your existing skills and

00:55

now you got to hit that big fat thumb up

00:57

button below subscribe to our Channel

00:59

and let let's

01:05

proceed how do you test API and why is

01:08

API testing needed first of all in order

01:10

to send API you're going to have to use

01:12

some sort of an API client such as

01:14

Postman insomnia or any other client

01:16

based on your preferences but regardless

01:19

you send an API request you get the

01:22

response from the server and you need to

01:24

verify it how do you verify it well

01:26

based on response you will verify the

01:27

status code body speed or performance

01:31

and also you will need to test different

01:33

cases such as positive cases and

01:35

negative cases in order to verify how

01:37

will the server act if user send some

01:40

information that it's not supposed to

01:43

and also don't forget about

01:44

authentication and authorization because

01:46

those will also have to get tested why

01:49

is API testing needed well because we

01:52

need to verify the business logic data

01:54

processing on a server side separately

01:57

from the user interface it is important

01:59

to test API because we can test it much

02:02

faster than even the UI has been created

02:05

or in some cases there will be no user

02:07

interface there can be companies that

02:09

only work with the data just like

02:11

weather.com you can pay the money and

02:14

get the and through the API you can get

02:16

the data so you could build your own

02:18

weather website what is the difference

02:21

between API testing and UI testing well

02:25

those are two completely different

02:26

things which are related somehow but in

02:29

API testing we focus more on reliability

02:33

performance functionality and security

02:35

testing of apis themselves separately

02:38

from the user interface we can also

02:40

verify server side Adder handling and

02:43

how well server performs under the load

02:45

with a tools such as k6 jmeter or any

02:48

other popular tools for the performance

02:51

load and stress testing UI testing on

02:54

the other hand is concerned more about a

02:55

graphical user interface when we are

02:58

testing a website or mobile app for

03:00

example you can think of it as the

03:03

testing from the user's perspective

03:04

because as the user you will be clicking

03:07

buttons you will type in information

03:09

loging in loging out etc etc etc UI

03:12

testing on the other side is more about

03:15

testing graphical user interface pretty

03:17

much what we can see when we open up a

03:19

website or a mobile app pretty much we

03:21

verify it from the user perspective that

03:24

the application is intuitive it works as

03:27

expected the way it's written in a

03:29

requirement

03:30

do you know how to automate API using

03:32

Postman the answer is absolutely yes

03:35

even if you guys do not know how to use

03:38

automation or how to use Postman you can

03:40

see the video right here or right below

03:42

this video where I've explained what

03:44

Postman is how to use it and how to

03:47

write some basic automation Tas with the

03:49

postman it's super easy especially with

03:51

the postman Snippets because Postman

03:54

does give you ability to Simply click on

03:56

verify status code and it will autofill

03:59

the code for you you will simply need to

04:02

update the expected status code to the

04:04

one that you actually want to get so if

04:06

you never had experience with a postman

04:08

simply watch that video for 20 minutes

04:10

and you will have Basics and you'll be

04:12

able to say that yes I've used it in the

04:15

past or I did research it and it's super

04:17

easy and intuitive but anyway I think

04:19

you forgot to hit this big fat thumb up

04:21

button below and to subscribe to your

04:23

channel and also you forgot to subscribe

04:25

to our Instagram and our telegram

04:27

communities links to which I have left

04:29

right below this video so you guys could

04:31

join them and see many more updates that

04:33

I can legally share on YouTube question

04:35

number four and it's actually tricky one

04:38

what do you know about environmental

04:40

variables and tokens in API testing this

04:43

is a tricky question because I actually

04:45

usually ask it ask people who give me a

04:48

call and say hey I took a UD course for

04:51

manual testing or I took other boot camp

04:53

but I would like to sign up with you for

04:54

the test automation but in our school we

04:57

have requirements that you have to know

04:59

manual test very well before you can

05:00

jump into automation because I don't

05:02

want you guys to slow down everyone so I

05:05

usually ask this or similar question and

05:08

you won't believe but 99% of people who

05:10

take other boot camps or em me courses

05:13

or manual testing and try to join us

05:15

they do not know answer to this question

05:17

but let me quickly answer it

05:19

environmental variables in API testing

05:22

and everywhere else they are used to

05:25

store and manage values specifically in

05:28

API testing there would be for the base

05:30

URL for the API keys or for example for

05:33

the token itself it helps us to switch

05:36

between different environments without

05:38

having to completely change the url in

05:41

every single case such as from da to QA

05:44

from QA to production or staging for

05:46

example and a token is pretty much a

05:48

form of identification imagine that you

05:51

have an ID or a password right in world

05:53

of software you have your token and let

05:55

me explain it to you in a simple example

05:57

imagine that you go to Instagram .c you

06:00

type in your username and password and

06:02

you click login so you need to type in

06:04

your username and password in order for

06:06

the server or for Instagram to know who

06:09

you are when you click login it sends

06:11

the post request to the server server

06:13

checks if your data if the username and

06:16

password that you have specified are the

06:18

same that you have used upon

06:19

registration and if that's true the

06:22

server will issue a temporary

06:24

identification document such as token

06:27

it's just a string it's just a bunch of

06:29

num

06:30

and special characters and just Lads and

06:33

that bunch of characters or an ID is a

06:36

temporary so while you're logged in

06:39

until your log out or until your session

06:42

expires you don't have to type in your

06:44

username and password to be identified

06:46

your token is stored in the browser or

06:49

in your app and whenever you click

06:52

button to for example create a new post

06:54

it will use the token that was stored in

06:56

the browser or app and it will send it

06:58

with all of the information that you've

07:00

specified in a post to the server and

07:02

will create a new post so that's what

07:04

token is and that's how it is used what

07:07

HTTP response status codes are you

07:10

familiar with and what do they mean

07:12

it'll be funny to say but this was one

07:16

of the questions during the second round

07:17

of interview in 2015 when I was going

07:20

for my first more than

07:23

$100,000 position ever aspect mid-level

07:26

key automation engineer and I got the

07:28

job offer and here is how I answer the

07:30

question so I do not remember all the

07:32

status Cotes that exist and I probably

07:34

shouldn't but I can tell you those that

07:36

I have been mostly use or that have been

07:38

mostly using so far and those are 200

07:41

whenever we're sending get request for

07:43

example and we're getting successful

07:45

response two one whenever we create user

07:48

or create any kind of data with the post

07:50

request then usually you could

07:52

potentially get 400 b requests whenever

07:54

you make a typo but generally speaking

07:56

400s are user or client issues or one

08:00

whenever you are send a request but you

08:02

are not authorized you did not include

08:04

token or the existing token I mean you

08:07

you made a typo in token 403 which is

08:10

forbidden whenever you have logged in or

08:14

you have used the token that exists from

08:16

the account but you do not have access

08:18

to the particular resource such as you

08:20

have logged in as the user but you're

08:24

trying to navigate to the page or maybe

08:26

to update another user by utilizing your

08:29

your token but only admin should be able

08:32

to do that that's why you're getting 403

08:34

404 which is one of the most and

08:37

actually it is the most popular status

08:39

code or HTTP response status code in the

08:42

world you guys have seen it a lot I'm

08:44

pretty sure whenever you navig get you

08:45

the page that doesn't exist you will see

08:47

404 and by the way if you guys want to

08:50

learn these codes I'm going to leave a

08:52

link for our Codi blog where I have

08:54

created a page specifically for people

08:57

like you who would like to learn the

08:58

most po popular status code is going to

09:00

be right below this video and 500 that's

09:04

the server Adder 500 means that server

09:07

has no idea what to do with the request

09:09

that you have just sent so pretty much

09:12

whenever you see 500 you should dig into

09:14

server logs and take it to developers so

09:17

they could fix it how would you automate

09:19

API calls and have you ever done it

09:22

absolutely every single student of our

09:24

school who went through the full course

09:25

is able to create test automation

09:27

framework from scratch for UI and for

09:29

API and if you guys have not learned

09:33

that yet but if you would like to learn

09:35

it I have a playlist of videos where you

09:37

can learn how to create test automation

09:39

framework for free completely from

09:42

scratch and you can find the link right

09:44

here or right below this video and now

09:47

here's my answer so if I need to create

09:49

test automation framework from scratch

09:51

number one I would gather all of the

09:52

requirements number two I would pick the

09:54

right tool that I want to use most

09:56

likely if it's a purely API testation

09:58

framework I'll probably use AIS and ojz

10:01

because access is a pure API testing

10:04

client it's not like play ride that

10:06

contains a lot of things that we're not

10:07

going to be using but if the company

10:09

already has another API client or test

10:11

automation framework I will make a

10:13

decision based on that and after I

10:15

choose

10:16

my client I can proceed with a setting

10:19

up test automation framework from

10:21

scratch and by the way guys if you're

10:23

going to be watching this playlist that

10:24

I was talking about you can literally go

10:27

from the junior QA engineer all the way

10:30

up to Sy key automation engineer because

10:32

I have shared three videos and every

10:34

single one of you even if you are a c

10:36

LEL you'll be able to dig something out

10:38

of it how do you test a post request

10:41

well first of all we're Q Engineers

10:43

regardless of what we have been asked to

10:45

test we have to ask for requirements so

10:47

the followup question do you have any

10:49

requirements they will give you an

10:50

example say yeah sure let's imagine this

10:52

is create user API that we are creating

10:55

now and I would say okay sure not a

10:57

problem at all so first of all after I

10:59

together all requirements and we have

11:01

the environment set up for testing I

11:03

will take the Pulse request I will

11:05

include the expected body that or

11:08

payload that we should be sending I'll

11:10

include all of the headers and I will

11:12

send the API request let's say through

11:14

the postman and with the postman by the

11:16

way if you guys are interested in

11:17

learning Postman you can follow this

11:19

video right here to see 20 minutes worth

11:21

of video how to set it up and use it so

11:23

I would send a AP request through the

11:25

postman and then I would get a response

11:27

I would take a look number one what is

11:28

the status code number two what is the

11:30

body and number three how long did it

11:32

take for that API to come back

11:34

definitely we're going to have multiple

11:36

cases such as positive and a negative we

11:39

would send different types of data this

11:41

different length of data to do boundary

11:43

testing we would check the ER handling

11:46

we would send the data that is not

11:48

expected to be sent we could also verify

11:52

the authorization and authentication of

11:55

this particular API but most importantly

11:57

if this is registering user or create

11:59

new user we should get two wanted

12:02

response as it should have probably been

12:04

specified in requirements and after we

12:07

get the response we need to verify that

12:09

we can log in with that particular user

12:13

if login API is already being developed

12:17

can you give me a few examples of API

12:19

testing that you were doing lately or

12:21

few particular apis generally speaking

12:23

every single one of you guys should have

12:25

experience and should know what apis you

12:27

have been testing if you do not I could

12:30

probably help you out feel free to

12:31

schedule a call with me by following the

12:33

link right below this video it will say

12:35

candly then response or answer couple

12:38

apis that I was testing just for example

12:40

imagine this you've been working or I've

12:42

been working for the real estate selling

12:44

website such as zillow.com and I've been

12:47

testing crud which is create read update

12:50

and delete or post get put and delete

12:54

API requests for the listing section

12:57

such as create list l in update listing

13:00

get listing by ID and remove listing so

13:03

how do you test those well you should

13:05

actually test them one by one in this

13:07

sequence first you create brand new

13:09

listing you verify all the data that was

13:11

supposed to come back came back number

13:13

two you get the listing by ID because in

13:16

a respon of create listing you should

13:17

have received an ID after you send API

13:19

you can verify that that data or that

13:22

listing was created and you can actually

13:23

get it now number three you need to

13:25

update that listing by utilizing listing

13:28

ID number four you need to delete or

13:30

remove that listing and number five you

13:33

going to have to can you guys actually

13:35

pause the video right here and guess

13:37

what would be the fifth test right here

13:40

please pause it give it a sec leave a

13:42

comment and then come back and continue

13:43

here's the answer you need to send the

13:45

get request one more time to verify that

13:48

the listing was removed and you should

13:51

get 404 status code that we were just

13:53

talking about what kind of test metrics

13:56

do you use in your company related to AI

13:58

test well generally speaking we could

14:00

use three most important test metrics

14:03

first one is the response time how long

14:05

does it take server to get us response

14:08

back to the client that send an API

14:11

request second one error rate or what's

14:13

the percentage of apis that are actually

14:16

erroring out and you can find that out

14:18

by using any kind of monitoring tools

14:21

and you can usually ask your devops what

14:23

monitoring tools are they using for the

14:25

apis and a third one test coverage which

14:29

is the most important one for the QA

14:30

Engineers so we could know and Report uh

14:34

to our lead or manager how many apis

14:37

have been covered with the test

14:39

Automation and the last one but actually

14:42

very important one have you ever done

14:45

API performance testing the very truth

14:48

is there are a lot of people on the

14:50

market who took boot camps and who have

14:52

impostor syndrome which means that

14:54

you're afraid to be to be caught that

14:57

you don't know something that you should

14:59

have know but the thing is no one knows

15:01

everything myself I have been working as

15:04

the Q engineer lead manager and seni

15:06

engineer manager of SD for the 10 years

15:09

in world of QA and Tech and I have never

15:12

professionally done performance testing

15:15

of API and that's completely fine you

15:17

should not know everything it is

15:19

impossible to know so here's what I

15:22

would say if I would get this question

15:23

if I've been asked have you ever done

15:26

API performance testing I would say I've

15:28

been playing with the k6 and the J meter

15:31

performance load and stress testing

15:33

tools but I have never used it in actual

15:37

working environment I only use it for

15:38

fun to find out how it actually works so

15:41

if you guys would like me to utilize it

15:43

for your company it would take me

15:45

probably a couple of days to refresh my

15:47

mind and start using it for you so by

15:50

being honest you guys have eliminated

15:53

the ability for the company to cut you

15:56

on something that you never did but you

15:58

s that you did so which means you can

16:01

live free and happy life of fears

16:03

because you have told them the truth and

16:06

there is nothing more to lie about well

16:08

now you guys tell me were those

16:10

interview question useful for you and if

16:13

they were let me know what else you

16:14

would like me to record so you guys

16:17

could get more useful information from

16:18

me in the future and if you did not

16:20

enjoy it I want you guys to also leave a

16:22

comment below and tell me how much I

16:24

actually suck thank you watching for

16:26

this video and I'll see you next time

16:29

B