type of testing

Functional Testing ▶
API Testing Interview Smoke Testing Sanity Testing System Testing Unit Testing Integration Testing Regression Testing User Acceptance Testing (UAT) Interface Testing End-to-End Testing Compatibility Testing
Non-Functional Testing ▶
Performance Testing Load Testing Stress Testing Scalability Testing Usability Testing Security Testing Recovery Testing Maintainability Testing Reliability Testing Compliance Testing Accessibility Testing
Chapter 1: Introduction
Topic 1.1: What is Java? Topic 1.2 Comments & Identifiers
Chapter 2: Variables & Data Types Chapter 3: Control Statements Chapter 4: OOP Concepts Chapter 5: Inheritance
SQL

Search

Total Views

Total Views:

API Testing

1. What is API Testing?

Answer:
API Testing is a type of software testing that focuses on verifying whether APIs (Application Programming Interfaces) work as expected. Unlike UI testing, API testing is done at the message layer and directly tests requests and responses.

It checks:

  • Functionality

  • Data accuracy

  • HTTP status codes

  • Response format (JSON, XML)

  • Security (authentication, authorization)

  • Error handling

2. What is an API?

Answer:
API stands for Application Programming Interface. It is a set of rules and protocols that allows two software systems to communicate with each other. APIs define how a client can interact with a server using methods like GET, POST, PUT, DELETE, etc.

Example:
Google Maps API lets other applications fetch map data or calculate distances.

3. Why is API Testing important?

Answer:
API Testing is important because:

  • APIs are the backbone of most apps.

  • It can find issues early in the development cycle.

  • It is faster and more stable than UI testing.

  • It validates core business logic without relying on the user interface.

  • Helps in testing multiple clients (mobile, web, desktop) with one backend.

4. What tools are commonly used for API Testing?

Answer:
Common tools include:

  • Postman – Easy GUI for sending API requests.

  • REST Assured – Java library for REST API automation.

  • SoapUI – Used for SOAP and REST services.

  • Karate – BDD testing tool for APIs.

  • JMeter – Used for API load/performance testing.

  • Swagger – API documentation and testing.

5. What is the difference between SOAP and REST APIs?

Answer:

Feature SOAP REST
Protocol Uses XML and WSDL Uses HTTP/HTTPS
Format XML only JSON, XML, HTML, Plain Text
Flexibility Rigid Flexible and lightweight
Speed Slower Faster
Usage Legacy systems Modern web/mobile apps

6. What are HTTP methods used in API Testing?

Answer:

  • GET – Read data

  • POST – Create data

  • PUT – Update entire record

  • PATCH – Update partial data

  • DELETE – Remove data

Example:

POST /login  
GET /users  
DELETE /users/5

7. What are common HTTP status codes in API responses?

Answer:

Code Meaning
200 OK – Request successful
201 Created – Resource created
400 Bad Request – Invalid input
401 Unauthorized – Login required
403 Forbidden – Access denied
404 Not Found – Resource missing
500 Internal Server Error – Server bug

8. What is a Request and Response in API Testing?

Answer:

  • Request: Sent by the client to the server with method, headers, and body (data).

  • Response: Sent by the server with status code, headers, and body (output data).

Example Request (JSON):

{
  "username": "testuser",
  "password": "123456"
}

Example Response (JSON):

{
  "message": "Login successful",
  "token": "abc123xyz"
}

9. What is Postman?

Answer:
Postman is a GUI-based API testing tool used to:

  • Send API requests

  • View responses

  • Test with different data

  • Write scripts using JavaScript

  • Generate test reports

  • Automate tests using Postman Collection Runner

Postman is beginner-friendly and widely used in manual API testing.

10. What is REST Assured?

Answer:
REST Assured is a Java-based library for automating REST API testing. It uses a BDD-like syntax for easy test writing.

Example:

given().
    baseUri("https://api.example.com").
when().
    get("/users").
then().
    statusCode(200).
    body("name", hasItem("John"));

It can be integrated with TestNG, Maven, Jenkins, and supports JSON/XML parsing, headers, and authentication testing.

11. What is JSON and how is it used in API Testing?

Answer:
JSON (JavaScript Object Notation) is a lightweight data format used for storing and exchanging data between a client and a server.

Example:

{
  "name": "John",
  "age": 30
}

In API testing, JSON is commonly used in:

  • Request bodies (for sending data)

  • Response bodies (for receiving data)

Testers validate keys, values, and structure in JSON during testing.

12. What is XML in API Testing?

Answer:
XML (eXtensible Markup Language) is another format used to transfer data in APIs, especially in SOAP APIs.

Example:

<user>
  <name>John</name>
  <age>30</age>
</user>

Though JSON is more common today, some legacy systems still use XML. Testers verify tag structure, values, and hierarchy in XML responses.

13. What is a RESTful API?

Answer:
A RESTful API follows REST (Representational State Transfer) principles. It uses standard HTTP methods (GET, POST, PUT, DELETE) and stateless communication.

REST APIs:

  • Use URIs to access resources

  • Return JSON or XML

  • Are scalable and easy to use

  • Don’t store any session state on the server

14. What is a base URI and endpoint in API?

Answer:

  • Base URI is the root address of the API, e.g., https://api.example.com

  • Endpoint is the path to a specific resource, e.g., /users/123

Together, they form a complete URL:
https://api.example.com/users/123

15. What is authentication in API Testing?

Answer:
Authentication verifies the identity of a user accessing the API. Common types:

  • Basic Auth (username & password)

  • Bearer Token (JWT tokens)

  • OAuth 2.0 (used in secure applications like Google login)

Testers check if:

  • Only valid users can access endpoints

  • Unauthorized users get 401 or 403 errors

16. What is authorization in API Testing?

Answer:
Authorization determines what a user can access after authentication.

For example:

  • An admin may access /users

  • A regular user may only access /profile

Testers validate role-based access control (RBAC) by using different users to test restricted resources.

17. What is a header in an API request?

Answer:
Headers contain metadata sent with an API request/response. Common headers:

  • Content-Type: application/json

  • Authorization: Bearer token

  • Accept: application/xml

Headers are crucial for specifying data format and authentication.

18. What is a payload or request body?

Answer:
The payload (also called request body) is the actual data sent in a POST, PUT, or PATCH request.

Example (JSON payload):

{
  "username": "john",
  "password": "pass123"
}

Testers validate structure, mandatory fields, and format of the payload.

19. How do you validate response time in API Testing?

Answer:
Response time is the time taken for the server to respond. It is measured in milliseconds (ms). In tools like Postman or REST Assured, you can:

  • Check it manually from the test result panel

  • Write assertions like:

.then().time(lessThan(2000L)); // less than 2 seconds

Performance SLAs usually define expected response times.

20. How do you validate a JSON response in Postman?

Answer:
You can write tests in Postman's Tests tab using JavaScript.

Example:

pm.test("Status code is 200", function () {
  pm.response.to.have.status(200);
});
pm.test("Name is John", function () {
  var jsonData = pm.response.json();
  pm.expect(jsonData.name).to.eql("John");
});

These scripts validate status codes and specific values in the response.

21. What is a collection in Postman?

Answer:
A collection is a group of saved API requests in Postman. It helps testers organize tests by feature or module.

Benefits:

  • Run entire test suites using Collection Runner

  • Share collections with team members

  • Attach environment variables and scripts

22. What is an environment in Postman?

Answer:
An environment in Postman allows storing variables like base URL, tokens, and user credentials.

Example:

base_url = https://api.test.com
token = abc123

This makes switching between development, staging, and production environments easier.

23. How do you use variables in Postman?

Answer:
Postman allows you to define and use variables like:

{{base_url}}/users

Variables can be used for:

  • URLs

  • Headers

  • Body data

They are defined in the environment settings or globally.

24. What is a test script in Postman?

Answer:
A test script is written in JavaScript inside the Tests tab to validate the API response.

Example:

pm.test("Token is present", function () {
  var json = pm.response.json();
  pm.expect(json.token).to.not.be.null;
});

Used for assertions like checking status codes, headers, or body values.

25. What is a Pre-request Script in Postman?

Answer:
Pre-request scripts run before the actual API call. They are useful for:

  • Generating timestamps

  • Setting dynamic tokens

  • Updating variables

Example:

pm.environment.set("currentTime", new Date().toISOString());

26. What is chaining requests in Postman?

Answer:
Chaining means using the output of one request as input to another.

Example:

  1. Send login request and capture token

  2. Use that token in the next request's header

Postman allows storing token in environment variable like:

pm.environment.set("authToken", json.token);

27. What is status code 201 in API Testing?

Answer:
201 Created means the request was successful and a new resource was created.

Example:

  • POST /users returns 201 if a new user is added

  • Useful for validating successful creation of data

28. What is status code 400 in API Testing?

Answer:
400 Bad Request means the request was malformed or had invalid input.

Example:

  • Sending invalid JSON

  • Missing required fields

Testers check if APIs correctly return 400 when given bad inputs.

29. What is status code 401 in API Testing?

Answer:
401 Unauthorized indicates that the user is not authenticated.

Example:

  • Missing or invalid token

  • Expired credentials

APIs must return 401 when a user tries to access without logging in.

30. What is status code 403 in API Testing?

Answer:
403 Forbidden means the user is authenticated but does not have permission to access the resource.

Example:

  • A normal user accessing an admin-only endpoint

This validates proper role-based access control.

31. What is status code 404 in API Testing?

Answer:
404 Not Found means the requested resource does not exist.

Example:

  • Accessing /users/9999 where user ID 9999 doesn't exist

It helps in validating resource availability and proper error handling.

32. What is status code 500 in API Testing?

Answer:
500 Internal Server Error means something went wrong on the server.

Common causes:

  • Null pointer exception

  • Unhandled error in backend logic

Testers must report 500 errors immediately as they indicate poor error handling.

33. What is status code 204 in API Testing?

Answer:
204 No Content means the request was successful, but there's nothing to return in the response.

Example:

  • A successful DELETE request might return 204

It's useful when no further information is needed in response.

34. What is status code 202 in API Testing?

Answer:
202 Accepted means the request has been received but not yet processed.

Used in asynchronous operations where the result may come later.

35. How do you handle authentication tokens in Postman?

Answer:
You can extract tokens using scripts and use them in headers:

var json = pm.response.json();
pm.environment.set("token", json.token);

Then, use {{token}} in the Authorization header:

Bearer {{token}}

36. What is a mock server in API Testing?

Answer:
A mock server simulates API responses without needing the real backend.

Useful for:

  • Frontend testing before backend is ready

  • Testing edge cases

Tools like Postman or Swagger allow mock server setup.

37. What is response schema validation?

Answer:
Schema validation checks if the response matches the expected format.

Example:

  • Field names, types, required fields

In Postman:

pm.test("Schema is valid", function () {
  pm.response.to.have.jsonSchema(schema);
});

38. What is data-driven testing in API Testing?

Answer:
Data-driven testing involves running the same test with multiple data sets.

In Postman:

  • Use Collection Runner and import CSV/JSON files

Each iteration picks a new row of data and tests the same endpoint with different inputs.

39. What is the use of assertions in API Testing?

Answer:
Assertions are used to verify expected behavior in API tests.

Examples:

  • Status code is 200

  • Response body has a field

  • Value matches expectation

They are essential for automation and validation.

40. How do you test negative scenarios in API Testing?

Answer:
Negative testing involves:

  • Sending invalid inputs

  • Missing required fields

  • Using expired or missing tokens

  • Trying unauthorized access

Helps ensure the API handles errors gracefully and returns proper status codes like 400, 401, 403.

41. What is an API contract?

Answer:
An API contract is a formal agreement between the API provider and the consumer. It defines:

  • Input parameters

  • Expected output

  • Data formats (JSON, XML)

  • Authentication methods

  • Status codes

Tools like Swagger/OpenAPI document the API contract. It ensures consistency and proper expectations across teams.

42. What is Swagger?

Answer:
Swagger is an open-source framework for designing, building, and documenting RESTful APIs.

It provides:

  • Interactive API documentation

  • Mock server support

  • Auto-generated client/server code

Swagger UI lets testers try endpoints directly from the browser.

43. What is OpenAPI Specification (OAS)?

Answer:
OAS is a standard for defining REST APIs in a machine-readable format (YAML or JSON).

Swagger is based on OpenAPI Specification. It describes:

  • Paths and methods

  • Request/response structures

  • Security schemes

Helps in automation, documentation, and mock testing.

44. What is SOAPUI used for?

Answer:
SOAPUI is a tool for testing both SOAP and REST APIs. Features include:

  • Functional testing

  • Security testing

  • Load testing

  • Assertions

It supports both manual and automated tests and works well with XML-based APIs.

45. What is a test suite in API Testing?

Answer:
A test suite is a collection of related test cases grouped together for execution.

For example, a Login Test Suite might include:

  • Valid login

  • Invalid login

  • Login without password

  • Login with expired credentials

Used to validate one full feature/module end-to-end.

46. What is API rate limiting?

Answer:
Rate limiting restricts the number of API requests a client can make within a time window.

Example:

  • 100 requests per minute

It's used to:

  • Prevent abuse

  • Protect server performance

Testers validate rate limits and expected error messages (like HTTP 429).

47. What is throttling in API?

Answer:
Throttling is the process of controlling the rate of requests sent to the server.

It helps manage load and ensures fair use. When a limit is exceeded, APIs may return:

  • 429 Too Many Requests

  • Retry-After headers

48. How do you perform API security testing?

Answer:
Security testing ensures that APIs:

  • Only accept authorized requests

  • Reject invalid tokens

  • Sanitize inputs (to prevent injection)

  • Don’t expose sensitive data (e.g., passwords)

Test scenarios include:

  • Token tampering

  • Role-based access control

  • HTTPS validation

49. What is fuzz testing in APIs?

Answer:
Fuzz testing sends random or malformed inputs to the API to find:

  • Crashes

  • Server errors

  • Unexpected behavior

It’s useful in identifying security vulnerabilities or input validation gaps.

50. What is API versioning?

Answer:
API versioning helps manage changes without breaking existing clients.

Types:

  • URL-based: /v1/users

  • Header-based: Accept: application/vnd.api+json;version=2.0

Testers validate correct responses for each version.

51. What is OAuth 2.0?

Answer:
OAuth 2.0 is an authorization framework used for secure API access. Commonly used by platforms like Google, Facebook.

It uses:

  • Access Tokens

  • Refresh Tokens

  • Authorization Code flows

Testers verify:

  • Token issuance

  • Expiry handling

  • Token reuse

52. What is JWT in API Testing?

Answer:
JWT (JSON Web Token) is a compact, URL-safe token used for user authentication and data exchange.

Structure:

  • Header

  • Payload (user data)

  • Signature

Testers ensure:

  • Tokens are encrypted and valid

  • Expired/invalid tokens are rejected

53. What is Bearer Token Authentication?

Answer:
It’s a method where the client sends an access token in the Authorization header:

Authorization: Bearer eyJhbGciOiJIUzI1...

API validates this token to allow access. Testers must ensure:

  • Only valid tokens allow access

  • Invalid/missing tokens return 401

54. What is HATEOAS in REST API?

Answer:
HATEOAS (Hypermedia As The Engine Of Application State) is a REST constraint where responses include links to related actions.

Example:

{
  "userId": 123,
  "links": [
    {"rel": "update", "href": "/users/123/edit"}
  ]
}

It guides clients on what actions are possible next.

55. What is idempotency in API?

Answer:
An operation is idempotent if making it multiple times has the same effect as making it once.

Examples:

  • GET: Safe, always idempotent

  • PUT: Should update resource, not duplicate it

Testers validate that repeated calls do not create duplicates or alter data incorrectly.

56. What are some common API testing challenges?

Answer:

  • Lack of documentation

  • Dynamic data and tokens

  • Authorization complexity

  • Schema changes

  • API dependencies

Testers must adapt by using automation, mocking, and strong assertions.

57. What is the difference between manual and automated API Testing?

Answer:

Manual API Testing Automated API Testing
Done via Postman, Curl Done via tools like Rest Assured, SoapUI
Time-consuming Faster & repeatable
Good for ad hoc testing Best for regression suites

Use both together for better coverage.

58. What is dynamic payload testing?

Answer:
Dynamic payloads use variables instead of hardcoded data.

Example in Postman:

{
  "username": "{{user}}",
  "email": "{{email}}"
}

This allows data-driven testing and easy test maintenance.

59. How do you handle dynamic values in API Testing?

Answer:
You can:

  • Capture dynamic values (like userId, token) from responses

  • Store them in variables

  • Reuse them in future requests

Postman example:

var id = pm.response.json().id;
pm.environment.set("userId", id);

60. What is an API Gateway?

Answer:
An API Gateway is a server that acts as an entry point for APIs.

It handles:

  • Routing

  • Authentication

  • Rate limiting

  • Logging

Examples: AWS API Gateway, Apigee. Testers ensure APIs behind gateway are secure and functional.

61. What is a REST client?

Answer:
A REST client is a tool to send HTTP requests to a REST API.

Examples:

  • Postman

  • Insomnia

  • CURL

  • Advanced REST Client (ARC)

Used by testers and developers for manual testing.

62. What is CURL in API Testing?

Answer:
CURL is a command-line tool for sending API requests.

Example:

curl -X GET "https://api.example.com/users"

It’s lightweight, scriptable, and useful for quick testing.

63. What are the components of an API request?

Answer:

  • Endpoint/URL

  • HTTP Method (GET, POST, etc.)

  • Headers

  • Body/Payload (for POST/PUT)

  • Authentication info

All parts are validated during API testing.

64. What is the difference between PUT and PATCH?

Answer:

PUT PATCH
Replaces entire resource Updates only specified fields
More strict More flexible

Testers check which method is used and validate behavior.

65. How do you validate API response headers?

Answer:
Headers can be validated using:

  • Postman test scripts:

pm.test("Check content-type", function () {
  pm.response.to.have.header("Content-Type");
});

  • REST Assured:

.then().header("Content-Type", equalTo("application/json"))

66. What is boundary testing in API?

Answer:
Boundary testing means checking limit conditions like:

  • Max/min field values

  • Field length constraints

Example:

  • Username should not exceed 20 characters

  • Age cannot be negative

Used to uncover input validation bugs.

67. How do you test file uploads via API?

Answer:
You test multipart/form-data requests in Postman or tools like CURL.

In Postman:

  • Use Body > form-data

  • Add type: File

Testers verify:

  • File size limits

  • File format

  • Upload status

68. How do you test API timeouts?

Answer:
You simulate slow server responses using:

  • Mock servers

  • Sleep delays on server side

Expected behavior:

  • Client retries or fails gracefully

  • Timeout error is handled properly

69. What is latency in API Testing?

Answer:
Latency is the delay between request and response.

High latency can affect user experience. Testers:

  • Measure latency (in ms)

  • Ensure APIs meet performance SLAs

70. What is JSONPath?

Answer:
JSONPath is a syntax to extract values from JSON.

Example:

{
  "user": { "name": "Alice", "id": 1 }
}

JSONPath: $..name → returns "Alice"

Used in tools like Postman and REST Assured for value extraction.

71. What is XMLPath?

Answer:
Like JSONPath, XMLPath is used to extract data from XML.

Example:

<user><name>Alice</name></user>

XPath: /user/name → returns Alice

Useful in SOAP or XML-based API testing.

72. What are some best practices in API Testing?

Answer:

  • Start early in development cycle

  • Use consistent naming and formatting

  • Validate status codes, headers, and body

  • Test both positive and negative cases

  • Automate tests where possible

73. What is a REST resource?

Answer:
A resource is any object exposed by an API.

Examples:

  • /users – collection of users

  • /users/5 – single user with ID 5

REST treats everything as a resource accessed via HTTP methods.

74. What is an integration test in API Testing?

Answer:
Integration tests validate how multiple APIs work together.

Example:

  • Login → Get Token → Access Profile → Update Profile

These tests ensure end-to-end flow across modules works correctly.

75. What is API virtualization?

Answer:
Virtualization simulates API behavior when the real service is unavailable.

Used to:

  • Test in parallel with development

  • Mimic error conditions

  • Reduce dependency on 3rd-party APIs

Tools: WireMock, MockServer, Postman Mock Servers

76. What is a schema in API Testing?

Answer:
A schema defines the structure of the data: fields, types, formats.

Testers validate:

  • All required fields exist

  • Data types are correct

  • No extra fields are present

77. What is a contract test?

Answer:
Contract testing ensures that:

  • The provider’s API meets the consumer’s expectations

  • No breaking changes are introduced

It compares actual API behavior with the documented contract (like Swagger).

78. What are soft and hard assertions in API Testing?

Answer:

  • Hard Assertion: Stops test if it fails

  • Soft Assertion: Collects all failures, reports at end

Soft assertions are better in automation frameworks for complete reports.

79. What is a dry run in API Testing?

Answer:
A dry run is a test execution without real server interaction.

Used for:

  • Checking scripts

  • Validating request format

  • Pre-production testing

No data is created or updated.

80. What is the difference between endpoint testing and integration testing?

Answer:

Endpoint Testing Integration Testing
Tests one endpoint at a time Tests multiple connected endpoints
Focus on isolated behavior Focus on end-to-end flow
Easy to write More complex setup

Both are essential for full coverage.

81. What is schema validation in API Testing?

Answer:
Schema validation checks if the response body matches a predefined structure (schema).

For JSON:

  • Use JSON Schema

  • Ensures correct field names, data types, required properties

In Postman:

pm.test("Validate schema", function () {
    var schema = { ... };
    pm.response.to.have.jsonSchema(schema);
});

This avoids issues caused by invalid data structures.

82. What is negative testing in API Testing?

Answer:
Negative testing verifies the API handles invalid inputs or actions gracefully.

Examples:

  • Invalid username/password

  • Missing headers

  • Invalid HTTP method

  • Oversized payload

Expected results: proper error codes (e.g., 400, 401) and messages.

83. How do you test API error responses?

Answer:
You deliberately send incorrect or malformed requests to:

  • Check correct error code (e.g., 404, 401, 500)

  • Validate error message structure

  • Ensure no sensitive information is exposed

Helps improve robustness and user experience.

84. What are mock APIs?

Answer:
Mock APIs simulate actual API responses without backend logic.

They are used:

  • During early development

  • For parallel QA/testing

  • To simulate error or boundary cases

Tools: Postman Mock Server, WireMock, Beeceptor.

85. What is contract-first API development?

Answer:
In contract-first, the API contract (e.g., OpenAPI spec) is created before development begins.

Benefits:

  • Clear expectations for frontend/backend

  • Testers can write tests early

  • Avoids integration issues

86. What is the difference between 401 and 403 status codes?

Answer:

Status Code Meaning When It Happens
401 Unauthorized Token is missing/invalid
403 Forbidden Token is valid, but access is denied

Both are security-related and must be tested separately.

87. What is the difference between 500 and 502 errors?

Answer:

Error Code Meaning Cause
500 Internal Server Error Application crash or bug
502 Bad Gateway Upstream server failed

Testing involves simulating backend failure or misconfiguration.

88. How do you handle dynamic tokens in automated API tests?

Answer:
Steps:

  1. Login API to get token

  2. Store token in environment variable

  3. Use token in headers of next requests

Example in Postman:

pm.environment.set("token", pm.response.json().token);

89. How to use Postman pre-request scripts?

Answer:
Pre-request scripts run before sending the request.

Used to:

  • Set dynamic values (timestamps, tokens)

  • Chain requests

  • Generate random data

Example:

pm.environment.set("timestamp", new Date().toISOString());

90. How to use Postman test scripts?

Answer:
Test scripts run after the response. Used for:

  • Assertions

  • Saving values from response

  • Logging or debugging

Example:

pm.test("Status code is 200", function () {
    pm.response.to.have.status(200);
});

91. What is chaining in API testing?

Answer:
Chaining means using output from one API call as input to another.

Example:

  • Create User → Get User ID → Get Profile using ID

Postman allows chaining using environment variables.

92. How do you ensure backward compatibility of an API?

Answer:
Backward compatibility ensures existing clients continue to work after updates.

Test strategies:

  • Test old requests on new version

  • Validate old response formats

  • Run regression suite

Avoid breaking changes like renaming fields or removing endpoints.

93. How do you test pagination in an API?

Answer:
Pagination breaks large datasets into smaller chunks.

Steps:

  • Use ?page=1, ?limit=10, etc.

  • Validate total records

  • Ensure next/previous pages return correct data

Helps reduce response size and load.

94. How do you test sorting and filtering in APIs?

Answer:
Test by applying query parameters:

  • Sorting: ?sort=name_asc

  • Filtering: ?status=active

Validate:

  • Response is sorted correctly

  • Only relevant records are returned

  • Edge cases (e.g., no results)

95. How do you perform API load testing?

Answer:
Load testing checks how API behaves under high volume.

Tools:

  • JMeter

  • K6

  • Gatling

Testers simulate hundreds/thousands of requests and monitor:

  • Response time

  • Errors

  • CPU/memory usage

96. What is the use of environment variables in Postman?

Answer:
Environment variables store reusable values like:

  • Base URL

  • Tokens

  • User credentials

Example:

{{baseUrl}}/users → resolves to https://api.example.com/users

Helps in switching between dev, QA, and production environments.

97. What is token expiration testing?

Answer:
Test if APIs handle expired tokens properly.

Steps:

  1. Use expired token

  2. Check if API returns 401 or appropriate error

  3. Test token refresh (if supported)

Ensures secure and predictable authentication behavior.

98. What is the difference between functional and non-functional API testing?

Answer:

Functional Testing Non-Functional Testing
Tests correctness of responses Tests performance, security, usability
Examples: status code, body check Examples: load test, timeout, SSL

Both are critical for high-quality APIs.

99. What is an API collection in Postman?

Answer:
A collection is a group of API requests saved together.

Used for:

  • Organizing test cases

  • Sharing with team

  • Running as test suite with Collection Runner

Can include tests, scripts, and variables.

100. How do you integrate API tests into CI/CD pipelines?

Answer:
Steps:

  1. Write tests in Postman, REST Assured, etc.

  2. Export or run them via command line (e.g., Newman for Postman)

  3. Add to Jenkins, GitHub Actions, or GitLab CI

Automates API validation on every code change.


Subscribe to: Comments (Atom)

Comments

🌟🌟🌟🌟☆ Great platform with helpful onboarding! Some areas could be streamlined, but overall a very positive experience.