Part 1 - API Testing Interview Questions & Answers

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

hey guys this is a video welcome back naveen automation lab so with this video we are going to talk about api interview question series so there are around 60 65 questions that i have collected from different sources and then couple of people they shared one document also with me so i really like these questions answers are already written on these documentation but i'll try to explain you each and every question properly with the proper examples and proper steps and i'll tell you this is what you have to explain at a time of interview and what is the best way of explaining the questions for ap point of view because api there is no ui there is no ui automation or there is no like xpath or something like that that you have to write right so we have to understand that what do you mean by apa how exactly it is working and how to present the best answer at a time of interview with respect to apa testing so this is the documentation that i'm going to show you in some time this is somewhere prepared by me and then there are some other students also they shared some questions and i collaborated all the questions together and then i prepared one final documentation for that and then you guys can refer it okay so i took some questions from the google also and then some other resources also so it's not fully designed by me but i thought of okay fine let me just give the best answer to you guys so that you can also explain that what do you think about apa testing and then how to explain the best answer for the ap questions at a time of interview so uh let me share my screen so these are the api testing interview questions you can see that there are around uh there will be around 60 questions see this see that there are many questions out there like that okay so we will see one by one uh all the different questions so today in the first session we are going to talk about around 10 to 15 questions we will try to take it so i'll try to cover in next four to five videos we will try to cover all the ap automation testing automation or testing interview questions because api is not about only automation that you have to do there are a lot of fundamental things that uh for apa and apa testing point of view and then i'll try to show you some really good examples also so perfect so quickly the first question is that what is an api so case try to understand that api is nothing just the full form of api you should know about application programming interface it's a software or it's a a piece of code that enables two applications to communicate with each other for example let's see i have two applications they are you know totally different application or totally two different systems they really want to communicate between each other then in that way we have to communicate via apis right so for example let's see typical example we always take i go to makemytrip.com makemytrip.com is calling indigo or spicejet or emirates api then we are getting the response that okay yeah these are the flights are available so makemytrip.com is behaving like an api for me to communicate between you like between me and the emirates or indigo or any kind of you know applications are available or flight booking websites are available so i can just do it through the makemytrip.com you go to any website so you don't need to go to directly to the chef or the cook you say okay fine you just call a waiter or say that okay fine i want this i want that and then give me the bill give me take my order so you are giving the order to that particular person the person is behaving like an ap that waiter is behaving like an apa which is sending you your requirement or your data your request to the uh to the chef and then chef is preparing the food for you so and then it will be again given to the waiter and then waiter is giving and serving back to you on your table so that is the basic fundamental of api right so communicate between two systems we always use apis for example if you see the real-time example there are hundreds of examples that without api you cannot create any web application because whenever you have to let's see read the data from the database whenever you have to integrate with some third-party systems everywhere you need an api so for example it's a google maps api so google maps integrated with let's see your food delivery app or zomato or speaking or let's see uber app so they are calling the google map apis that's why they are able to uh you know find out the location find out the total number of uh you know cars are available to that particular location and then the from and to destination whatever distance is getting calculated the traffic and everything is coming from the those information coming from the google map apis amazon advertising apis twitter apis youtube aps there are plenty of apas are available you can say that so another question is that what is a what are the main differences between api and web service remember one thing guys fundamental basic understanding is that all web services are apis but not all apis are web services for example let's see i have created a method let's see add method for example let me show you one method over here for example let's see uh let's see this is my java program that i'm going to create under this particular java program let's create a simple class over here so let's create a new class here my class name is let's see for example let's see ecom class and then you select the main method and click on finish okay i'm writing a program in java so i'll create a method over here for example let's see a simple method let's take a very straightforward method i'm writing public static void or let's see this method is find initially void and simple add method this method says that you give me two numbers for example integer a comma integer b and then i'll do one thing okay fine then i'm going to create one integer sum is equal to a plus b so i'm just adding two numbers and then i'm returning some from here so instead of white i have to write what i have to write integer here because i'm returning some and then i'm going to call this particular function so this function is a static in nature so i can call it directly without creating the object i'm passing 10 comma 20. so what is api here so api if you see this is my a simple method that i have created under this particular ecom class and i've created one method so this method i can say it's a kind of an api that i have created and then this is my a consumer the main method is going to consume this particular api and add method is is a producer it's producing some data for you for example a plus b so whatever data that you are passing it will be returning back and then this guy will consume let's say in some s variable and then i'm printing the value of s over here so obviously it will give you some data like 10 plus 20 whatever data is coming 30 and then you decide what exactly you want to use this particular 30 whatever that data that you are getting the response that you are getting you want to display on the ui or your mobile app or your web app or any ios app where exactly you want to use this it's up to you so this is my consumer and this is my producer so i cannot say that this is my web service this is what this is an apa so there are many examples you can say that okay fine send email notifications send do this get information get my account details so there is at the core level at the business level there is one method is written and every method i can say okay it's kind of an api for me but what happens when you uh put this particular ap on top of http protocol or let's see over the network that if we are trying to access that so let's see this is over the network and then this is my api that i have written right so over the network if you try to access that so obviously i need some url for that right so then over the network if you are calling this particular api let's see this guy this particular system is calling this particular api so i'll hit this particular url of this ap i'll say okay fine go to abc.com or let's say calculator.com call this particular add api and i'm passing two parameters let's see a and then b and then give me what so then you are getting result of whatever a plus b and then you are getting a response over the network that you are getting it so when you design an api on top of that you are creating a web service on top of that in the form of url in the over the network you are trying to access that api then it will become what then it will become a web service right so this is what you have to understand that at the core level right at the business logic level that you have written an api and if you're trying to access that particular api for example let's see fine uh let's say cric info api give me the current score card that india is playing with australia and then give me the current score scorecard so current scorecard will be calculated internally and over the network it will be given to you and then it will be displayed on the portal or on your web or on your mobile apps like that so that calculation is done by the api over the network you are calling that api via some url or something and then you have to pass certain information for example you have to pass the url you have to pass that okay what is the value of a and b and then you have to tell okay fine this is my username password to access this particular api and then i'm getting the response back to the client so this is how the apis are working with respect to web services i hope it's clear right so again back to the question that's why i'm saying all web services are apa because web services are internally using apa but i cannot say that okay all apas are web services there is no mandatory that there is no compulsion that this add method i have to call via web services only i'm just simple let's see calling it over here also from the main method from the console from the command line from anywhere i can access that without network i don't need any network for this so that's why you can say that okay all apis are uh all web services are apa but not all apas are web services i hope it's clear okay web services see this might not contain all the specification and cannot perform all the tasks that api would perform web services are very having unlimited information okay fine you tell me that what is the url to tell me how exactly are the different parameters that i'm going to pass to which uh url that we have to hit and then after hitting that the core level the actual business logic or specification and everything is written inside the apa and over the network we are calling web services a web service use only three styles of use it can be a soap based api rest based api i'll tell you the difference between soap and rest and upcoming chapters also xml rpc call also you can do that for communication whereas apa may be exposed to in multiple ways so this is a basic difference between api and the web service okay let's go to the next question next question is about that what are the limits of api uses see this is again a very important thing because it's not like there are multiple api's are available let's see google apis or twitter apis or see any xyz apis are available which is giving you let's see weather information and then forecast information then the data about the world cup data about the fifa world cup how many what is the score card and everything so it's not like that okay you're just hitting the ap and getting the response and then showing the response on your website there are multiple api that you have to uh be authenticated they will authorize they will authenticate you that okay are you a right user or a right consumer or not and then it's not like that okay every time let's see millions of apis you are hitting on millions of calls that you're doing for that particular ap it's not like that so they will restrict the aps for example it depends on the provider to provide it so let's see if i if you really want to access some uh crypto apis or let's say share market apis or let's see about uh you really want to get the financial data of any specific company zero api and all these apis that you are calling it so let's see 60 minutes or 60 apis per minute you can call it or let's see 100 apis per minute you can call 100 calls per minute you can do that so they will restrict you on top of that you have to pay for it so let's see like that so these are the limitations of the api users i'm talking about i'm not talking about api limitations i'm talking about uses of apis right so that's try to estimate your users and understand how exactly it will impact the overall cost of the offering so obviously budget and the cost will be involved and then on the basis of that uh you have to decide okay yeah how many aps that we have to hit per day and per second per minute like that on the basis of that you have to pay for it and then you will be start using the third-party api or any internal api next question let's talk about what are some architectural styles of the creating of web ap okay there are specific typical interview questions like http for client server communication there is one client there is one server and you are communicating you are getting the data from the database uh via api over the satb protocol so typical client server communication you can do that you can use xml and json as a formatting language xml and json these are the very lightweight documentation lightweight data formats you can use it because see for example let's see this application is written in dotnet and this application is written in java so obviously java can not directly communicate with the dotnet application or python application or some very old decision system that you are using it because if java and java they are communicating this is fine you are sending one java object and serialize and design the java object over here but you cannot read that particular uh once again you cannot read okay the dot net response which is coming from the dot x system and then you are reading in the java system for that the communication media is your xml or json so we will say okay fine that i really want to get this particular information from your system and this system will send one json and json can easily be identified and read by a java system and java system is also sending the data let's say hey i want to send this particular xml or json can you please display on your system so dotnet also can easily understand xml and json so that's why these are very popular data formats are available to communicate between multiple systems communicate between two systems and these are very lightweight data formats are available so that's where most of the time you will see we are getting json response or xml response that we are getting it okay from the server or from the apa response simple uri as the address of the services and then the stateless communications we will talk about what do you mean by http stateless and rest also stateless communication where we don't need to at the server side we don't need to maintain the the session id and everything the client will take care about the session id so these are the four common architectural way of style of creating the web apis who can use a web ap see this uh sorry who can use the web app so web api can be consumed by any client that's why you must have seen that i can use it as a over the uh http i can use it let's see there are multiple get calls put called delete and post con i can use it via postman also maybe from ios devices from android services from windows devices from chrome browser from any browser or from any web application so these are what my these are my clients i can access it right so since web api services do not require configuration they can easily be used by any client in fact even portable devices also you can use it over here right so let me just show you let me show you see uh i haven't posted an example so this is a typical ap for example let's see get all product categories i really want to see that okay in this particular application how many uh product categories are there so see this is my postman and postman is a client which is helping me to call the apa so i'm just calling this particular ap and getting the response over here you can see that so this is my response here you can see and these are the categories let's see are there in a specific system and these same categories will be displayed on the ui also here you can see that so dummyjason.com or something like this you can call it if you really want to let's see add a new product i want to add a new product so this will be a post call because i want to create a new resource in my database so that will be a post call so let's see again json.com product ad so this is my api service url and then it will add the product and as a body i'm passing title macbook pro for example so when you hit this particular api see it's actually adding the id is equal to one zero one and title is equal to macbook pro so one database entry will be created over here like this right so this is what you can do from any client this client could be anything okay now uh let's talk about the next question who can use a web api that we have already taken now let's take the sixth question the sixth question is about that what is api testing and what kind of testing that we have to perform for apa so that is obviously that api is again everything is running in the background everything is happening in the background you cannot see you cannot visualize the apis like that because in the web automation in the web ui in the web testing what we do that okay fine this is a form that we have to fill this is the data that we have to fill and this is the button that we have to click and then click on this link and navigate to some one page to another page like that but here in api is testing is a kind of software testing again that determines if developed a page meet expectation regarding the functionality of the api is actually correct or not so first of all that we will make sure that okay your apis are stable your ap functionality whatever the desired output that we are expecting from the ap this is what we are expecting api should be reliable and then we have to do the performance testing also and then the security of the application we have to check that it's not like otherwise anyone can steal your data anyone can fetch the data by calling those api so make sure that okay the authentication is very important that how exactly your apis are getting authenticated and authorizing the request that we are getting from the different customers otherwise anyone can uh you know expose the data anyone can get the data let's see some payment gateway apis so i'm sending okay fine give me all my account details my current balance in this particular bank account so we are passing the bank account name bank account uh you know name and the phone number or account number that we are passing and then we are fetching the data but along with that we have to send the username password also or maybe some token also we have to pass so that server the icc bank server or any bank server or payment gateways server they will understand okay yeah it's a reliable customer and then we are giving back the response back to the customer right so this is about the apa testing that we have to perform i'll do one thing i'll show you one practical example of api you see this application here and uh i'll do one thing see this carefully i'll do one thing that i'm going to create one data over here so you simply go to naveenautomationlabs.com and then forward slash open card and after that you just simply go to a registration so i'm going to register a new user over here any user for example let's see i'm saying this is my api automation user and then i'm writing the last name is api and then i'm writing api automation at the rate gmail.com let's see telephone number i'm writing one two three four five six seven eight nine ten and the password i'm writing let's see api at the rate one two three again and password api one two three privacy policy this and this is the email will be registered so see from the web i'm hitting the api from the web i'm filling the page it will hit the internal maybe some registration api or something like that and then the data will be stored where the data will be stored somewhere inside my database so i'll show you the database also and you simply click on continue when you click on continue it says okay fine your account has been created successfully and then you have logged in that's why you are able to see log out button but i really want to see that from the web i'm sending the request right guys i'm filling the form because you cannot give the apa to the end customer i cannot give these apis that we find this is the post call this is the json payload and everything that you have to you cannot give that to the customer directly so apes are running in the background first we have this presentation layer or ui layer and internally we have this uh api layer which we are calling the apis and then then it is storing the data somewhere in my database so for example let's see if i'm using my sql database or oracle database so let's see that okay fine this is my let's see database of this particular application i'm showing the entire database over here and then i'll go to my let's see one customer that we have created so let's go to this particular table you can see tia underscore customer table and then i'm going to uh hit one sql query so i'll say okay fine here you can see that i can write one sql query that select a star from customer table and then i'm saying that once again underscore a customer dot one second let me where i'll write once again underscore dot i'm going to use let's see email which is equal to what the email that we just created that ap automation gmail.com let's see this data got created or not so here you can see that yes we have received one data entry here you can see in the table and then the customer id something like this 5536 this is my email id this is a telephone number that we have added first name last name entire entry that is created over here the password will be in the encrypted format so obviously you cannot see the password over here but you can see that yes the data got created inside my database so this is my database actually and this is my ui and then between database and the ui because now we are communicating between two systems then i'm saying okay fine i want to create a data so data will always be created from the end user site so this web application or this browser is behaving like a client for me and from the client i'm filling the form and then obviously data has to be maintained browser cannot store the data there are millions of users are there let's see for amazon.com or for any application i cannot store the browser data on the browser information right on in our user data on the browser i cannot do that so obviously i need to maintain a database over here so that is what the data is we are going to maintain here i'll give you one more example you do one thing let's let's search for macbook okay and uh see this carefully let's click on macbook pro this particular product add to cart and then see everything is actually this entire data is coming from the backend from the database only and then you click on checkout after clicking on checkout i'll do one thing you right click on it and go to inspect and you can go to the network tab in the chrome dev tools and here you can inspect all the apis over here so see whenever i go to the checkout page and you can observe all the apis you can check all the apis in the background how many network calls are happening so i'll do one thing i'm going to refresh this page once again if you refresh this page once again and you just instead of clicking on all you click on fetch xhr right so all the http requests uds3 to send me and here you can see this this is the api in the background that we are running this is the apa in the background that we are running if you see the headers information you click on headers and you can see this is a request url that we are hitting and then after that this is a response these are the response header these are request headers and this is a payload that we are getting sorry this is a payload that we are passing that we want uh country id is equal to let's say for example 222. so here you can see that country is equal to united kingdom and it's in the background in the database country id is equal to 222 and what is the response that we are getting see this is a json response we are getting you click on the formatted response here and you can see that under uk these are the number of zones are available right so for example let's see if i'm selecting india and then you try to observe the behavior here see let me just clear the console and then let me select india from the drop down so let's select that and can you see one more api got called in the background and you go to the response tab and click on this guy and you can see that yes for country name is equal to india country id is equal to 99 and then these are the number of zones are available you can see andaman ecobar andhra pradesh arunachal pradesh assam and everything we are getting same data is actually coming from where the same data the data is actually available inside a database api's are just fetching the data from the database with the help of this particular api and then it will be given to the browser and the browser or the ui and the ui will display that okay fine if you select india these other regions are available so all these drop down entries you can see region or a state in country how many states are there in uh in that particular country everything is coming in the form of response here and the same will be displayed inside the drop down here right so i can show you see i'll show you this particular data in my database also so now i'll show you that how exactly this particular data will be visible okay so let's see for country name is equal to india and country id equal to 99 exactly same data should be there in my database also so i'll do one thing i simply go to one table for example the table name is tia underscore zone okay and here the specific country id because in every country there are multiple zones or states are there or regions are there well let's see for example that for india what is the country id so i'll do one thing for uh see this carefully let's go to the country table first and let's see what is the country id for india so i'll do one thing let me just go to india country here see here india can you see that this is my country and then country id is equal to 99 that's why the same exact id you can see it over here country id is equal to 99 right and name is equal to india and then other information also coming from there and then i'll go to the zone table so zone is a different table so let's go to the zone table now so zone table somewhere is available over here let me just refresh this page and i do one thing let me go to the third page here and see this is my zone table and then you can see that your country id so you can hit a query so you can say that okay fine how many zones are there where country is equal to 99 so let's write a basic sql query here so i'm writing that where dot and i'm saying country id is equal to 99 because i know that for india country id is equal to 99 and let's hit this query so now you can see that see for country id 99 you can see all the states let's say i'm selecting number of rows equal to 50 and all the states that you are getting right let's see if you really want to so how will you do the database testing with respect to aba testing so i'll do one thing that okay fine i'll write select count star this so this is sql query that we are going to hit and then i'm saying okay once again from this one a dot and then country id is equal to 99 same data should be displayed on the ui also so let's see what is the count that we are getting okay so select star from uh i'll write where clause forget to write let me just hit it once again and now you can see that it's saying 33 is the count so count star is giving you 33 it means this exact 33 regions should be displayed over here as well it means the count should be 33 so there are three levels of validation you have to check first of all that when i hit this api what is the response and what is the zone count that we are getting so this zone count also should be 33 so here you can see zone is an array this is a zeroth element this is first element like that and zone is getting somewhere ended over here so i'll do one thing just to validate that i'll just copy this guy and then copy this and then open let's see somewhere over here so let's see you can just json viewer you can open that paste it and then you just try to visualize in this format and then this is a zone and then you open this particular zone see i'll show you and the count should be you can see 0 to 32 it means 0 to 32 mean 33 zones are there and for each and every zone you can just check the information you can see this is for andaman nicobar and then this is for bihar let's see this is for dhamma and do and then goa and all such things are coming over here so it's giving you 0 to 32 count meats yes in the apa data is correct and now exactly i'll do the same thing over here that okay fine these are the 30 uh two states are getting displayed over here or not so you can see this is the count of 32 you can use it so in terms of automation for this guy you have to write selenium already any api uh ui automation tool to check this guy you have to use let's see postman or rest assured or anything and then to check that you have to use the database testing so how many types of testing that we are performing here three types of testing one at the ui level one at the api level and one at the database level because see what happens sometimes we cannot trust on the ap every time and we cannot say that okay whatever the data is getting displayed over here or coming from the ui or sorry coming from the apa is 32 what if tomorrow only 15 entries are coming then it's a bug so we say okay fine this is india and then these are the 15 uh states are coming but let's see aba is giving you 32 or 33 and you are showing only 15. well let's see apa is giving you nothing for let's see for a specific country so let's you go to let's see some country like any country let's see uh albania for albania see these are the number of states are there or maybe for let's say for albania it's giving you the states for india then it's a bug so you have to cross check with the apa that okay fine if the bug is there then at the you will go to the minus one level that is the api level in the background that what exactly api is giving you the response if ap is giving you the right response then it's a bug with the application bunk with the ui that is also there but let's see api is also giving the wrong response then you will go and check the database in the database let's see data is correct then it's a problem with the apa maybe they have hard coded the value or maybe coming from some some different database or something like this it's not pointing to the right database and all such things so you have to perform these types of testing and let's see this the data is wrongly entered in a database also there is a database issue the data issue the data is not correct or not up to the mark or not complete completed data that we have inside a database so i hope you guys are getting it that what is the level of testing that we are performing it because a lot of people they get confused with this thing that i mean what type of testing that we have to perform in order to do the ap or ap automation so don't only focus only on the automation try to focus on that what is the scope of apa testing how exactly we can integrate with the ui data is coming from the database api cannot store your data a page is just a medium which will fetch the data from the database or from the server and then it will give you to the ui or to the specific client it will take the request from the client and then give it to the servers and server will process okay fine i want country data or any any user data fetch the information from the database and display on the ui so this mediator is actually an api for me okay i hope it's clear so i'm just not just going to a typical theoretical uh paragraphs here just not reading the answer but i'm trying to explain you that what type of testing you have to do it so now that is part of your functionality the functionality should be correct unless your functionality itself is wrong then what is the point of checking the performance of security at the initial level so that's what we have to make by apa testing uh perfectly functionality why it is absolutely correct and then we will check okay is it really reliable it is really performance wise is correct or not with the 50 000 request or 70 000 required that you are hitting the ap is it really giving me the right response or not and the security that how secure my an authenticated and authorized data uh it should not be give without any username password or without any token so that is the scope of the apa testing we should always focus upon i hope it's clear let's quickly take the next question what an advantage of api testing obviously a core business is written inside the apes right so in ap interview they might ask you that likely to ask about advantage of that so there are many advantages first let's talk about the core functionality as i told you right core feature code logic is written in the form of apis so apa testing provide access to the application without a user interface there is no ui there is no gui so first the developers will prepare the apis so first you have to make sure that okay my core system see if my internal system is really great and then only exactly same thing will be displayed on the ui also right if your internal system is not that great there are a lot of problems in your body internally then obviously you won't look great you won't look healthy same thing in the applications also if your background your backend your apis are not you know correctly designed it doesn't matter how fancy a good looking api is or look and feel that you have designed but your api backing system is not that great then you are there is no point of having those fancy uis of nc uh you know uh the look and feel so that's where the core and code label functionalities of the application will be tested and evaluated early before the gui test okay the ui test we means graphical user interface test this will help to detect the minor issues which can become bigger during the gui testing so and obviously we have to think about the cost point of view also if you're ignoring the apa automation or api testing actually not exactly automation if you're ignoring the aba testing and you're ignoring those bugs definitely it will be caught during the gui testing then it will be more expensive to fix those issues because now you have to fix at the ui level then again you have to fix at the ap level and it will be so late that you're finding the issues it should have uh you know you should have find these issues at a very beginner level when the aps are getting designed or something that's why please more and more focus on the ap testing before that we have unit testing but for the testing point of view for the ua point of view i think we should more focus on the ap and then whatever which cannot be tested through api or maybe whatever the scope of the ui automation then we should actually have minimal coverage only for ui automation and then finally we do the exploratory testing or the uh the typical manual testing that we do over there time effective obviously because there is no ui involved so we don't need to worry about on which browser or which browser version and all those saying no navigation nothing so less time consuming in fact in automation also if you see that yeah expert issues and all such things in the ui automation sometimes synchronization issues and all such things and then not browser compatibility a lot of things that you have to think about for the ui point of view but in apa we don't need to worry about it you just simple hit the api get the response and then check it that's super easy no you don't need to worry about the web element is getting displayed on the page or not okay so that's where the web element or the gui testing is slightly slow because we have to keep pulling the elements on the gui particularly api test automation requires less code so it can provide better and faster test coverage complete compared to gui test automation in fact i would say that you can really have a really good coverage for ap automation you can say that i'm not saying 100 coverage but still you can say that uh some 1995 99 coverage also you can go with the apa test automation if you're all the apis are automated with all positive and negative scenarios with all the correct data or incorrect data that you have automated it is like within 30 minutes or within 15 20 minutes you can get the results not like you're running the test cases for four to five hours for the gui testing and then getting the results and that too also not reliable and aba testing is actually the less flaky test cases you will be getting it because there is no involvement of gui or x-path issue or synchronization issues like that right so obviously that will result in the cost saving for the testing project language independent of course in ap testing data is exchanged as i told you using xml or json these transfer modes are completely language independent we don't need to worry about that uh this particular system is using.net or c-sharp or java or python or anything that we are not bothered about it allowing users to select any code language when adopting automation testing services for the project it really doesn't matter i'm for as a test automation engineer point of view i'll say okay fine you give me the api urls just like that and then we are going to hit it we know that okay it's up to my choice now i want to use a java let's see for rest assured or postman or any dot ken dotnet client that i really want to use to hit these ap pass the json payload get the response pass the headers get the response is totally independent for a specific programming language let's see the next one yes so easy integration with apa test enable highly integrable test which is particularly useful if you want to perform any functional ui after the apa testing for instance let's say simple integration as i told you right uh give me the registration data or give me the account data or user data or country data or region data you can easily integrate with the uh you know any ui client it could be a browser it could be a mobile application it could be ios android or any third party client that you really want to use it you can easily call the ap and get the response in the json or example and show the same response on the ui that's very straightforward that's why easy integration with that let's take quickly the next question some common protocols used in apa testing so many protocols are available to be used in apa testing such as uh java messaging services jms rest apis that we use that http uddi and the slow protocols also we have to use that okay so rest is the architectural way of designing the apis we will talk about rest uh later on maybe in the coming chapters so i'll tell you that okay what a different different other protocol types are available you can test with respect to apa testing what is the test environment of apa so obviously that setting a test environment is also not that straightforward task so you should have a ready answer for that at a time of interview also the test environment api is bit complex obviously as compared to ui it's not like you just simple uh hit the abc.com on the ui and then the ui is getting displayed but for apa first of all you need to talk about okay apis are working in the dev environment q environment ui environment stage environment production environment every api is having let's see some gateways available on the cloud services or maybe on the cloud platform then you have to check about that api's um environment details every ap will be having their own respective database if you have implemented the data in the ap is in the form of microservices or something aps are correctly integrated with the database or not so for example let's see if i'm hitting abc.qa.com right for example let's see let me just simple simply design one diagram here so let's see this is your q a environment right and this is my ui abc.qa.com this is going to hit my some apis and these ap's are deployed on the qa environment so it is like qa.abc.com and then we are going to hit the qa environment over here and the url will be different in that case for the qa and then it's having its own database over here so this is my database for qa environment and only qa specific data or queue environment data is available here so let's see this is my qa environment i can say that same thing you can say okay fine this is my stage environment or dev environment then i'm going to hit that separate stage apis and then the stage database is also different over here like that same thing for the production like this it's we are going to call the production api server and then we are hitting this particular database that is the production database that we are using it so how many environments like that you can create that this is my environment number one environment number two environment number three one environment for uat one environment for a stage environment like that so n number of environments that you have to maintain separate database separate apis or servers that you have to maintain where exactly let's see these are deployed on some cloud on tomcat server or any app server that we are using it because browser could be anything but if you're hitting qa.com it should hit only the qa server and it should fetch the data from the qa database not from this particular database so this integration configuration environment configuration and maintaining multiple services on a different cloud and let's see everything is hosted on the aws cloud these days or seo or or gcp or google cloud or any cloud vendor so you need to think about it okay how exactly these apis are authenticated properly or not like that right so that's why the api test environment for the ap are not very straightforward a lot of installation process a lot of devops activities that you have to perform over there and then a lot of validation authentication you have to implement and make sure that okay different database that you are using it let's see for this particular api i really want oracle but for this another api i need cassandra for this api i need mongodb for the fast retrieval and for the you know uh the data schema is not defined in that way we can go with the mongodb like that so it depends on a pay to api what kind of use case to use case that we have so the setup and all such things environment is slightly complex as compared to the obviously ui because on ui you just need okay fine chrome browser and firefox browser and safari and then simple write www.amazon.com or abc.com or any xyz.com like that so here we don't need any environment setup things for the ui testing point of view okay let me clear the drawing quickly next question what are the principles of apa test design again this again a very important interview question you should know about the design based things also five most important principles one is set up for the apa test i'm talking about first of all that setup just like we do uh set up with the teardown method let's see we write in the test ng or junit or any xyz test client that you are using it you have to create the object start services and initialize the data if you really want any test data or start any back uh some services for to test that particular api create object initialization and all such things that is your setup after that these will be your execution steps to apply ap for the scenario including logging so for example really want to hit the api and then i really want to get the response and then you have to validate the response and everything so let's say you really want to pass the headers you want to pass the json body then you have to pass the authentication information and then you have to decide which call it will be get call post call delete call put call or whatever kind of manipulation that you want to pass while uh you know execute that particular api and then you are getting the response and then you will do the verification points what is the result that you are getting are we getting the status quo is equal to 200 or not are we getting this uh you know the correct json response or not json schema is correct or not the data that we are getting from the apis are correct or not like that so for example let's see if you go to this let me i hope i have some tests written over here so you can see that in the postman i have written some tests over here for the let's see this is the apa this is a post call and first i'll prepare my data i mean prepare my headers this is my body response that i'm passing username password over here and this is the these are the test cases that i have written right same thing you can do the with respect to manual testing also let's see these are my tests that i have written it's saying that okay fine end point url working with the 200 status quo so i'm checking the 200 status code i'm checking okay find the response we are getting okay with body and json attributes we are getting it or not we are checking the response time within 900 milliseconds then we are checking that do a content type header is present or not then we are checking the content type header is equal to application json or not then we are checking the test data in the response that we are getting whatever the user information that we are passing my email id password and all such things first name last name everything is correct or not like that some environment variables i'm checking so there are multiple checks that i can perform once we get it so for example let's see if i'm hitting this particular okay hitting this and here we will see the test result over here and you can you can see that all my test cases got past past passed over here like this so this is how we will do the same thing in manual testing or if you're using any rest assured api or any http client or any postman any client that you are using it so these are the basic validation that every time we have to do that so that's what very important that first you set up do the execution and the verification because verification will decide your response from the apa is that correct or not the data is correct or not and after that you have to tell how many test cases passed failed just like that we have done it over here these are my response i mean the result data over here fine and then finally clean up if you really want to the data that you have created for example let's see i have created one user over here to uh you know to fetch the information for that particular user so in that way we have to clean up the data or clean up the services or let's see any database connection that we have established or something like that so that will be by ta down or cleanup state that we have to perform here so these are the five important principles exactly same thing with the practical examples you have to explain at the time of interview remember this thing okay let's take the next question what are the common api testing types that's again a very good interview question that while there are certainly spatially test and no list can be asked to be comprehensive in the realm most test fit broadly into these following categories let's see first of all that validation testing you have to validate your aps functional testing that whatever that you are expecting from that particular ap is absolutely correct or not then after that uh the same integration with the ui testing you have to do it because maybe at the apa level it's working fine but when you integrate with the ui is it really correct or not performant testing in the load testing also very important factor because the load will be why a browser will be given to the apis generally we do the performance testing at the api level so that also we have to do it and then error detection runtime error detection let's see if you're passing the wrong data or data is not available let's see user is not available so in that way you will be getting 400 404 not found a 400 bad request or something like that right all the internal errors let's see server is down server is not responding properly so you will be getting 5xx error or uh data not found error let's see for 404 or resource.found error or something like that so you should know that the proper error handling is it like done properly for that particular api or not okay because see you cannot say that user data is not available actually let's see i'm looking for the uh swiggy app and i'm looking for a specific uh restaurant and i'm hitting it and then i'm getting the response let's see four zero four not found for that particular uh dish or for that particular restaurant from the food delivery app from zamato so i cannot show four zero four error on the app or on the ui then i'll say okay fine that if error is coming and then integrated with the ui so ui will display ui will read that okay 404 we are getting we will display okay this restaurant is not found in your area or something like that we can showcase that these are the error detections at the runtime we have to perform these kind of scenarios also security testing yes your api should be secured enough highly secured enough you should know about what type of authentication you have to use what authentication or username password or any base authentication or digestive authentication you have to add so all different types of security testing that you have to perform penetration testing with respect to same thing again the kind of security testing that you have to perform it along with some uh you know uh sql injections and all such things that you have to do it over here with respect to check that okay how uh secured and uh your debt uh your applications or aps are well labeled or not first testing we will talk about this first testing later on it's not that important you can ignore that and interoperability and the web service or ws compliance testing is really following all the compliances or not and the you know compatibility testing point of view also we can check some checks over here with respect to this thing but these are the top seven points are very very important for any apa testing point of view remember this then let's go to the next question what is the procedure to perform api testing what is exactly the procedure how will you test it first of all that choose to sweet to add to the apa test after that choose the test development mode that on which environment you really want to test it demand the development of test cases for the requirement api methods okay you have to ask for that the development of the test case is that what is exactly a scope uh you know collect all the data about that particular api what kind of it is like it's a get call post call the header information and then and the request payload everything that you have to ask for it and then you have to start writing the test cases for that configure the control parameters of the application and then test conditions configure method validations execute the apa test check the test reports in the filter api test cases and arrange all the apa test cases properly like that so these are the this is the typical procedure to perform the apa testing everywhere these are the common things maybe you might be having some extra points you can just definitely add it but these are the standard points that we always have to maintain along with that i have covered over here right the principles of api testing you can just combine both the answers together and give the best answer at the time of interview okay now quickly let's see the next one what must be checked when performing an api testing people will ask you what are tell me about five important important things that you are going to check it so here you can see that during that testing process uh you know request is raised to the api with the known data this way you can analyze the validation response while testing an api you should consider accuracy of data how accurate it is are you getting the right data or not right are you getting the exact amount of data or not schema validation is again very very important see what do you mean by schema validation for example let's say you are hitting this particular api and this is the response body that you are getting right now this username if you see that this username is coming in the form of a string an id is coming in the form of a numeric value or integer value but what if tomorrow the id is coming with double quotes right for example with double quotes then you are reading this as a ui developer or as a consumer so you are reading initially as an integer but suddenly the the data is coming in the form of a string then immediately the contract has been broken between two parties because we were expecting an integer and now you are giving an a string value over here or let's see for username you are getting some uh integer value over here or for token you are getting some numeric values over here like that so in that way definitely i won't be able to read it if i'm not able to read it then what it is going to impact my users it's going to impact my consumers my customers all right so whatever data that i have to display on the ui the exact same data we will be displaying so we are getting okay maybe some exceptions from our side from the consumer side so first of all that we have to make sure that okay the schema should not be broken schema means what kind of data that you really want to pass if you have already told me that okay fine these are the seven attributes i'm going to pass now it should not have more than seven attribute because the contract between two parties is it's already designed for example let's say if you're hitting from the makemytrip.com you're calling some indigo apis or jet airways or airasia apis they say okay fine we are going to give you these 10 important information not more than that but suddenly you are getting let's see only five information of five data you are getting you are missing something or maybe some extra attributes that you are getting it so it depends how exactly the contract has been signed between make my trip and the indigo if they say okay fine we will not give you more than 10 attributes or more than five attributes and we will not change the schema the type of data also if id is numeric we will always give you the numeric data we will not give you a string data or let's see a boolean data over here that's a contract breach between two parties so that's what the schema validation is very very important okay and these kind of bugs are very like blocker or critical kind of bugs if you're getting it if any schema validation is not happening over here because sometimes what happens that italy developers they change it they got the requirement and it's not communicated well to you or maybe it's not written in the acceptance criteria also that in that case suddenly your test case are getting failed and you have not communicated about it so you can always raise an alarm you can raise a concern over here that okay why it got changed why we are not communicated well about this particular schema change or something on what basis they actually change the schema of type of this particular id or extra attributes or less attributes that they are giving so let's see for example after two months they so say they say okay fine we don't need any image so contract has been should be revised okay the contact has been revised and it should be revised and it should be communicated well enough to everyone to the developers also and to the testers also to the test automation engineers also that okay fine we don't need any image attribute so from your test case you will remove this particular step or remove this particular assertion from the manual testing team also they will remove this particular validation over here okay so that's what the schema validation is very important status code plays a very very important role whenever you're going for interview please make sure that okay you are having idea about most of the important status code you can just simply go to um you know google and then simple right http uh status code table there are various uh you know tables are available you can just simply go through it and then i i believe somewhere like you know over here that is again having a very good documentation about each and every status code you can go through it to the developermodular.org you can just simply go to it and then check what exactly the meaning of each and every status quo if i'm asking you what do you mean by three zero seven three zero eight four zero four four zero two the difference between four zero two and four zero four or four hundred that is foreign is a bad request for zero to generally be used for the payment required for zero for me resource not found the server cannot you know get that information about that particular resource that you are looking for right so make sure that okay you are aware of each and every uh status quo and same thing you have to test it in your testing also data type validation order and completeness like whatever data that we are expecting is it coming in the same order or not the data is complete or not or it's not like you are getting just partial data or partial response that you are getting it validation as i told you that okay the correct data is getting or not or type of data also you have to check that authorization checks are very important because let's say you're hitting some ap and without username password you're able to hit that ap it means anyone can just simply hit the aps anyone can now make the payment anyone can get your order details so let's see i'll go to amazon apis amazon.com and say okay fine where a username is equal to naveen and give me all the orders of naveen so immediately from the amazon site it will ask you that okay hey do you have any username password for naveen if you have it then only the server will give you the response then only the apis will give you the proper response so you have to make sure that okay the authorization checks important but to make sure that okay if your apis are having the authorization checks it should not allow you to hit the apis without any token without any uh you know token id or username or password or any kind of uh let's see the session id or token id that you are generating it should not be allowed without that implementation of the response timeout that also plays a very very important role that is what i shown you here that in the postman also that let's see these are the test cases that i have written and then make sure that okay whenever you are hitting the api you are getting the ap within a specific timer so let's see it's not like let's see you hit the aba and after five minutes you are getting the results after two three minutes you are getting the results if you are getting the results for two three minutes and the same result will be displayed on the ui also you think about it that the kind of weight the user the customer has to wait for it right so in that way make sure that okay you are getting that timeout within some milliseconds or something like that or sorry getting the response within some milliseconds like that so that the same data will be displayed on the ui so it's not about the problem with the ui all the time the browser your network everything is fine but api logic is not written correctly it's taking unnecessary data it's capturing from the database so obviously it will take some time so make sure that okay response time is accurate or not or correct or not within some milliseconds you should get the response time as i told you error codes in case api returns like user not found or what kind of error code along with the proper message you should have it non-functional testing like performance and the security testing that also you have to perform it because once your apis are stable functionality wise are stable then make sure that okay you are using some tool like jmeter or gatling or any xyz performance testing tool or load runner or security testing you are doing at the api level that is very very important to do that okay so please consider these two factors non-functional testing also for apis let's take the next question what is the best approach to perform aba testing again same thing you can say that following factors define the correct input parameters let's talk about more and more in-depth coverage now define the input correct input parameters right it could be a query parameter it could be a path parameter also for example let's see i'll show you an example let's see i really want to get all the products so here i can write one query parameter also i can pass okay question mark product name is equal to let's see macbook or something then you should be able to get the right information about that okay so make sure that okay preparing the correct input data input parameters that you are passing verifying the calls of the mixture of two or more added value parameters because i'm saying okay fine i say that name equal to macbook but price is equal to two thousand dollars so you should get the data between whatever the given range or given parameters that we are passing within that particular range only you should get the data it's not like that it's giving you the data for macbook where price equal to 5000 also it means that's a bug why are you getting it it means the logic is not correctly defined internally for that particular api because user you imagine user will go to the e-commerce application or let's see any hotel booking or any booking.com so i'm looking for that one parameter hotel name is equal to this place equal to goa and the third parameter is that the rating should be greater than 4 star or 5 star or equal to 5 star so these are the three parameters that i'm passing on the basis of that the filter should happen and then only that specific data we should get on the in the form of response that is important thing to check for the ap point of view defining the basic functionality and the scope of the api program what is the scope what is the functionality within the scope only we have to test everything writing appropriate test cases and making use of testing techniques such as equivalence class boundary value analysis etcetera etcetera to check the that ib is correctly uh you know working or not so these are typical things like boundary value analysis eq balance or techniques testing techniques which are available we have to test it the exactly same thing that you do it on the ui same thing over here also we have to check it let's see i really wanted okay price should be between 1 200 so i'll check okay what if i'm giving 1 0 1 what if i'm giving minus 1 what if i'm giving 1 what if i'm giving 100 what if i'm giving the price is equal to 50. so you will check with all the boundary value analysis and then you will check how exactly apis are giving you the right response or not okay after that we have to execute the test cases properly and regularly comparing all the test results with the expected result right so these are the different approaches that generally you perform while doing the api testing let's take the last question for today okay one more thing verifying the api behavior under conditions such as connection to files and so on that also you have to check it that okay fine whenever you're getting the response are we getting any files you're creating any data entry inside the specific file or not these kind of behavior also you can check it now let's take the last question for today what are the tools could be used for the ap testing obviously there are various tools which are available in the market there are thousands of tools are available for apa testing you can say that catalon studio postman soap ui apg and uh you know there are different clients also available in the market that from which you can just perform it generally i prefer look a postman postman every ap automation engineer or api tester you should have postmed because with the mobite you hit the ap the you know the graphics and the kind of uh it's very user friendly it's very straight forward which is simple easy easy to configure hit the api and then you can write the test cases also in the form of you know simple javascript also you can do that you will getting the response properly over here like that in the response section but it's easy to configure you can work like a workspace and everything you can do in the postman but if it's not you are not liking it or maybe you really want to prefer something else you can use that as well there are a lot of visual studio code a plugins extensions also available like thunderbolt or a couple of other extensions also available where you can directly test and hit the apis soap ui is available which is very old famous tool is available in the market that takes that supports with the you know the groovy language in java language we generally use http client rest assured karate framework is there in dot net also like in every i would say a programming language there is one specific library or the tool is available you can use any of them and then start writing your test cases along with that okay but for manual testing you can use any client you can in fact do the testing uh or hit the ap from the browser also like that also you can do that but i would prefer to use maybe postman or just opi you can use that over here so guys these are the top 15 questions that we have covered today otherwise this video will be too much because you can see there are many many uh questions are there there are around 60 questions so let's see per video if we are taking 15 so it will take around four at least four videos at least it will take to cover all these questions okay so i'll be regularly i'll be creating this i'll share this documentation document also you can download this document you can take the print out you can prepare for it but my advice is that don't just typically read the uh you know whatever it's written in the paragraph at the time of interview you have to explain more and more examples practical example that i shown you today you can just do it over here and then same thing you have to prepare at the time of interview also because interviewer is actually expecting the practical answers from you guys it's not like typical a definition or any theory or bookish knowledge they are not expecting because you cannot bluff in apa testing they are really aware of they will really check that okay are you really aware of the terminologies are you really aware of these the concepts how to test it your approaches and everything practical examples give me some real-time examples in your current project and all such things you have to cover those things okay so i hope uh this video will be helpful for you guys so please uh you know prepare this and in the next four videos i think you will get an amazing idea about apa and how to crack apa based interviews so that's all for this particular video guys please share this video with others on with your friends with your colleagues if they're looking for ap automation or if you're struggling with how to give the right answer for aps this is the perfect video i'm sure that it will definitely help you a lot so that's all for today guys i'll see you in the next video till then take care and god bless you all

Info

Channel: Naveen AutomationLabs

Views: 180,128

Rating: undefined out of 5

Keywords: api testing interview questions, api testing tutorial for beginners, api testing interview questions naveen, api testing interview questions naveen automationlabs, postman api testing tutorial, api testing, postman, rest assured testing interview questions, rest assured api testing interview questions, api testing by naveen automation lab, api testing by naveen automation, rest assured api testing by naveen, naveen automationlabs

Id: taSFj5Zl8Wo

Channel Id: undefined

Length: 64min 38sec (3878 seconds)

Published: Sat Aug 13 2022