API Testing Interview Questions

API Testing Interview Questions

🟢 Basic Level (1–20)

What is API testing?
What is an API?
Difference between API and Web Service?
What is REST API?
What is SOAP API?
Difference between REST and SOAP?
What are HTTP methods?
What is GET method used for?
What is POST method used for?
What is PUT vs PATCH?
What is DELETE method?
What is status code in API?
What is 200 status code?
What is 400 status code?
What is 500 status code?
What is JSON?
What is XML?
Difference between JSON and XML?
What is endpoint in API?
What is request and response?

⚙️ Core Concepts (21–40)

What tools are used for API testing?
What is Postman?
What is Swagger?
What is API automation testing?
What is REST architecture?
What is statelessness in REST?
What is payload in API?
What are headers in API?
What is authentication in API?
What is authorization?
What is Basic Auth?
What is Bearer token?
What is JWT?
What is OAuth?
What is API key?
What is response time?
What is latency?
What is caching in API?
What is throttling?
What is rate limiting?

🧪 Testing Concepts (41–60)

What is functional API testing?
What is load testing in API?
What is performance testing?
What is negative testing?
What is positive testing?
What is boundary testing?
How do you validate API response?
What is schema validation?
What is JSON validation?
What is error handling in API testing?
What is test case design for API?
What is regression testing?
What is smoke testing?
What is sanity testing?
What is mock API?
What is API mocking tool?
What is contract testing?
What is integration testing?
What is end-to-end testing?
What is test automation framework?

⚡ Advanced Level (61–80)

How does API authentication work?
How do you handle dynamic tokens?
What is environment in API testing?
What is staging vs production API?
How do you test API security?
What is SQL injection testing in API?
What is API versioning?
What is backward compatibility?
What is idempotent API?
Which methods are idempotent?
What is async API?
What is webhook?
What is polling in API?
What is GraphQL?
GraphQL vs REST?
What is API gateway?
What is microservices API?
What is service virtualization?
What is API documentation?
What is OpenAPI specification?

🚀 Scenario-Based (81–100)

How do you test a login API?
How do you test a payment API?
How do you validate response data?
How do you handle authentication failures?
How do you test file upload API?
How do you test pagination API?
How do you test sorting and filtering APIs?
How do you test error messages?
How do you automate API testing?
How do you debug API failures?
How do you test third-party APIs?
How do you test API performance?
How do you test data consistency?
How do you test rate limiting?
How do you handle flaky APIs?
How do you validate response schema?
How do you design API test cases?
How do you test microservices APIs?
How do you integrate API tests in CI/CD?
Why is API testing important?

API Testing Answers (1–100)

🟢 Basic (1–20)

Testing APIs for functionality, reliability, and performance
Application Programming Interface
API = interface, Web Service = network-based API
REST is lightweight web API architecture
SOAP is XML-based protocol
REST = simple, SOAP = strict and heavy
GET, POST, PUT, PATCH, DELETE
Retrieve data
Send data to server
PUT replaces full resource, PATCH updates part
Delete resource
Response code from server
OK success response
Client error
Server error
Lightweight data format
Markup data format
JSON is lightweight, XML is verbose
API URL where request is sent
Request = sent data, Response = received data

⚙️ Core (21–40)

Postman, SoapUI, RestAssured
Tool for API testing
API design tool
Automated validation of APIs
REST = Representational State Transfer
No stored session between requests
Data sent in request body
Metadata sent with request
Verifies identity
Defines permissions
Username-password authentication
Token-based authentication
Secure token standard
Authorization framework
API access key
Time taken for response
Delay in request response
Stores frequent responses
Limits number of requests
Controls request rate

🧪 Testing (41–60)

Testing API functions
Testing system under load
Testing speed and stability
Testing invalid inputs
Testing valid inputs
Testing boundary values
Compare expected vs actual response
Validate structure of response
Validate JSON format
Handling API errors properly
Designing API test scenarios
Retesting after changes
Basic verification testing
Detailed verification testing
Simulated API
Tool to simulate APIs
Testing service contracts
Testing combined modules
Full system testing
Framework to automate API tests

⚡ Advanced (61–80)

Token/session verification
Store and reuse tokens
Testing environment setup
Testing vs live environment
Checking API vulnerabilities
Testing malicious SQL input
Different API versions
Old version support
Same result for repeated calls
GET, PUT, DELETE
Async = non-blocking API
Event-based notification
Repeated API calling
Query-based API language
GraphQL = flexible data fetch
API traffic manager
Multiple small services
Simulated service
API usage documentation
API design specification

🚀 Scenario (81–100)

Send login request + validate token
Validate transaction flow + response
Compare response with expected output
Check error code and message
Upload file + verify storage
Check page number response
Validate sorting parameters
Check error message correctness
Use Postman/RestAssured automation
Check logs + response codes
Mock third-party responses
Load testing tools (JMeter, etc.)
Compare DB vs API data
Check request limit behavior
Retry + logging analysis
Schema validation tools
Positive + negative test cases
Microservice integration testing
CI/CD pipeline integration
Ensures system reliability and correctness