END TO END API TESTING &

INTERVIEW QUESTIONS
NOTES

End to End API Testing, Automation API Test With Cucumber, Mock Interview Question for API Testing for
Backend Engineer, SDET, Software Quality Engineer, Software Quality Assurance, Software Test Engineer, and
Test Engineer

Curated by Lamhot Siagian

PART 1:
Version 1.0

End to End API Testing

Automation API Test With Cucumber

Mock Interview Question for API Testing

Contact Information:

Email: lamhot.id@gmail.com
Site: https://lamhotjm.github.io
Linkedin: https://www.linkedin.com/in/lamhotsiagian
 TABLE OF CONTENTS

Preface 1
Introduction to APIs and API Testing 3
Understanding APIs 3
Importance of API Testing 5
Types of APIs 7
Overview of API Testing Techniques 9
Common Interview Questions and Answers Related to Basic APIs 11
Setting Up Your API Testing Environment 14
Choose Your API Testing Tool 14
1. Postman 14
2. Insomnia 14
3. Swagger UI 15
4. SoapUI 15
5. HTTPie 15
6. Paw 16
7. JMeter 16
Install and Set Up the Tool 17
1. Installing Postman 17
2. Configuring Postman 18
3. Organize Your Requests 18
Using Collections 18
4. Configure and Send Requests 19
5. Validate Responses 19
6. Documentation and Collaboration 20
7. Advanced Features 20
Common Interview Questions & Answers Related to API Test Tools 21
Basic Questions 21
Intermediate Questions 21
Advanced Questions 22
Practical Questions 22
Troubleshooting Questions 23
Integration Questions 24
Understanding API Requests and Responses 25
HTTP Methods 25

2
 End to End APIs and API Testing, Curated by Lamhot Siagian

1. GET 25
2. POST 26
3. PUT 26
4. DELETE 26
5. PATCH 27
6. HEAD 27
7. OPTIONS 27
8. CONNECT 27
9. TRACE 28
Comparison of HTTP methods 28
Request Headers and Parameters 29
Request Headers 29
Request Parameters 29
Query Parameter 30
Fragment Parameters 31
Character Encoding 31
Size Limits 32
3.3. Response Codes and Their Meanings 33
1xx Informational Responses 33
2xx Success 33
3xx Redirection 34
4xx Client Errors 34
5xx Server Errors 35
How to Test HTTP Method 37
Analyzing Response Body 40
Common Interview Questions & Answers Related to API Request and Response 41
Security Testing of APIs 43
Types API security testing 43
Dynamic Application Security Testing (DAST) 43
Software Composition Analysis (SCA) 43
Authentication 43
Authorization 44
Common API Security Risks 45
4.3.Preparing for API Security Testing 46
Steps to Follow for API Security Testing 48
Step 1: Understanding API Endpoints 48
Step 2: Authentication and Authorization Testing 48
Step 3: Input Validation 49
Step 4: Error Handling and Exception Management 51
Step 5: Rate-limiting and Throttling 52

3
 End to End API Testing, Curated by Lamhot Siagian

Step 6: API Abuse and Security Testing Automation 54

Step 7: Session Management Testing 54
Step 8: Business Logic Testing 55
Best Practices for API Security Testing 56
Common Interview Questions and answers related to API security testing 57
Authentication Testing 57
Authorization Testing 57
Input Validation Testing 57
Rate Limiting and Throttling Testing 58
Error Handling and Logging Testing 58
Data Protection and Privacy Testing 58
API Endpoint Testing 59
Session Management Testing 59
Business Logic Testing 59
General Security Practices 60
Writing Basic API Test Cases 62
Best Practices To Write A Good Test Case 62
Test Cases For API Functional Testing 62
Introduction to Behavior-Driven Development (BDD) 64
Writing Tests for CRUD Operations using BDD 64
POST 64
PUT 65
GET 66
PATCH 68
DELETE 69
Response Format Validation Using BDD 71
Sorting Validation using BDD 72
Pagination Validation Using BDD 72
Authentication Handling Validation Using BDD 72
Input Validation Using DDD 74
Common Interview Questions and answers related to Writing Basic API Test Cases 76
Questions and Answers on HTTP Methods (POST, PUT, GET, PATCH, DELETE) 76
Questions and Answers on Response Format Validation 77
Questions and Answers on Sorting Validation 77
Questions and Answers on Pagination Validation 77
Questions and Answers on Authentication Handling Validation 77
Questions and Answers on Input Validation 78
Questions and Answers on General API Testing 78
Questions and Answers on Specific Use Cases 79
Automating API Tests 80

4
 End to End APIs and API Testing, Curated by Lamhot Siagian

TestNG BDD API Testing 80

Prerequisites 80
Setting Up the Project 80
Project Structure 81
Writing Feature Files 82
Writing Step Definitions 83
Writing the Test Runner 84
Running the Tests 84
Common Interview Questions and Answers Related to Automation API Test 85
How do you validate JSON response in BDD API testing? 91
Performance Testing of APIs using JMeter 94
Install Apache JMeter 94
Install Java 94
Download JMeter 94
Install JMeter 94
Set Up Environment Variables (Optional) 94
Launch JMeter 95
Verify Installation 95
JMeter Components 97
1. Test Plan 97
2. Thread Group 97
3. Samplers 97
4. Logic Controllers 98
5. Listeners 98
6. Timers 98
7. Assertions 98
8. Configuration Elements 99
9. Pre-Processors and Post-Processors 99
10. Test Fragments 99
Guide to Creating Performance Test Script 99
Create a Test Plan 99
Add a Thread Group 100
Add an HTTP Request 100
Add a Listener 101
Run the Test 102
Example Configuration 102
Common Interview Questions and Answers Related to Performance Testing of APIs 103
How do you simulate a heavy load in JMeter? 104
Organizing a test framework for API Testing 106
Project Structure 106

5
 End to End API Testing, Curated by Lamhot Siagian

Dependencies 107
Configuration 108
Exception Handling 108
Models 108
Utility Classes 109
API client Util 110
Authentication Util 110
Logger Util 110
Test Util 111
Response Processor 111
Feature File 112
Step Definitions 113
Test Runner 113
Test Driver 114
Common Interview Questions and Answers Related to Organizing a Test Framework 115
General Framework Design 115
Request and Response Handling 115
Exception Handling 115
Configurations 116
User Authentication 116
Processor and Models 116
Test Assertions 117
Logger 117
Utilities 117
Test Execution 117
Continuous Integration and Continuous Deployment (CI/CD) with API Testing 119
Introduction to CI/CD 119
Importance of CI/CD for API Testing 119
CD Tools 120
Jenkins 120
GitLab CI/CD 120
AWS CodePipeline 121
Travis CI 121
CircleCI 122
Bamboo 123
GitHub Actions 123
Step-by-Step Guide to Setting Up a Basic CI Pipeline with Maven and BDD 124
1. Connecting to a VCS 124
2. Setting Up Your Maven Project for BDD 124
3. Creating Feature Files and Step Definitions 126

6
 End to End APIs and API Testing, Curated by Lamhot Siagian

4. Configuring the CI Pipeline 128

Common Interview Questions and Answers Related to CI/CD 130
Test Driven Development for Spring Micro Service with Cucumber 134
Introduction to Test Driven Development (TDD) 134
What is Test Driven Development (TDD)? 134
Principles of TDD 134
Benefits of TDD 134
Overview of the TDD Cycle 134
Introduction to Microservice 135
Getting started with microservices using Spring Boot 135
1. Setup Your Development Environment 135
2. Create a Spring Boot Application 135
3. Building Your First Microservice 136
1. Set Up Your Spring Boot Application 136
2. Create the User Entity 137
3. Create the User Repository 138
4. Create the User Service 138
5. Create the User Controller 139
6. Configure H2 Database 140
7. Define the Application Class 141
8. Run your app and make sure the app is running. 142
Write BDD Tests 144
1. Update your pom.xml 144
2. Create a feature file src/test/resources/features/user.feature: 144
3. Create Step Definitions 145
4. Create Test Runner 147
References 148

7
 End to End API Testing, Curated by Lamhot Siagian

Preface

Welcome to End to End API Testing & Interview Questions Notes, a comprehensive guide designed to assist
you in mastering API testing and preparing for technical interviews in API testing roles. With the
increasing reliance on APIs in modern software architectures, understanding how to test APIs is becoming
more crucial than ever for QA professionals and software testers.

This book is structured to provide both practical knowledge and insights into real-world API testing
scenarios. The chapters are meticulously organized to take you from the basics of API testing to advanced
topics such as security, performance testing, and automation. Here's a brief overview of the chapters:

1. Introduction to APIs and API Testing

Understand the fundamentals of APIs and the significance of testing in ensuring the reliability and
security of software applications.
2. Setting Up Your API Testing Environment
Learn how to configure and prepare your environment for efficient API testing, focusing on tools
and technologies.
3. Understanding API Requests and Responses
Gain a detailed understanding of API communication, including request methods, headers,
parameters, and response structures.
4. Security Testing of APIs
Explore key concepts in API security testing, such as authentication, authorization, and
vulnerability detection.
5. Writing Basic API Test Cases
Start writing your first API test cases, including functional and negative test cases.
6. Automating API Tests
Delve into automating API test cases with tools such as Cucumber and Maven, enabling fast and
consistent test execution.
7. Performance Testing of APIs using JMeter
Learn how to evaluate the performance and load capacity of your APIs using tools like JMeter.
8. Organizing a Test Framework for API Testing
Discover how to structure a scalable and maintainable API test framework, with practical tips on
test organization and data management.
9. Continuous Integration and Continuous Deployment (CI/CD) with API Testing
Explore how to integrate API testing into a CI/CD pipeline for rapid development cycles, using
tools such as GitHub Actions and Jenkins.
10. Test Driven Development for Spring Microservices with Cucumber
Get hands-on experience with TDD for microservices, learning how to write tests for Spring-based
APIs using Cucumber.

1
 End to End API Testing, Curated by Lamhot Siagian

Interview Preparation

Each chapter contains a set of interview questions and sample answers, helping you prepare for API testing
roles in Backend Engineering, SDET (Software Development Engineer in Test), Software Quality
Assurance, and Test Engineering positions. These questions are inspired by my own experiences from
years of technical interviews in the United States and other resources.

Over the past seven years, I've meticulously gathered notes and questions from each interview,
summarizing them into this guide. Whether you are a fresh graduate or an experienced tester, these notes
will help you solidify your understanding of key concepts while giving you the confidence to face any API
testing interview.

Who This Notes is For

This book is tailored for:

● End-to-end API testers seeking practical insights and automation tips

● QA professionals looking to enhance their API testing skills with Cucumber and Java
● Candidates preparing for backend testing roles, including SDET, Software Quality Engineers, and
Test Engineers
● Individuals seeking mock interview questions and answers to prepare for technical interviews

API testing has been increasingly recognized for its efficiency, flexibility, and integration capabilities,
making it a vital part of any software testing strategy. I hope this book helps you gain a strong foundation
in API testing, and I trust that the included interview questions and answers will be a valuable resource for
your career progression.

Happy learning, and good luck with your API testing journey!

Lamhot Siagian

Software Engineer in Test Consultant

2
 End to End APIs and API Testing, Curated by Lamhot Siagian

Chapter 1

Introduction to APIs and API Testing

Understanding APIs

APIs (Application Programming Interfaces) is fundamental for modern software development, as they
enable different software systems to communicate with each other. Here’s a detailed overview to help you
understand what APIs are, how they work, and why they are important.

What is an API?

An API, or application programming interface, is a set of rules or protocols that enables software
applications to communicate with each other to exchange data, features and functionality..

How Do APIs Work?

It’s useful to think about API communication in terms of a request and response between a client and
server. The application submitting the request is the client, and the server provides the response. The API is
the bridge establishing the connection between them.

A simple way to understand how APIs work is to look at a common example—third-party payment
processing. When a user purchases a product on an e-commerce site, the site might prompt the user to “Pay
with PayPal” or another type of third-party system. This function relies on APIs to make the connection.

- When the buyer clicks the payment button, an API call is sent to retrieve information. This is the
request. This request is processed from an application to the web server through the API’s Uniform
Resource Identifier (URI) and includes a request verb, headers, and sometimes, a request body.
- After receiving a valid request from the product webpage, the API calls to the external program or
web server, in this case, the third-party payment system.
- The server sends a response to the API with the requested information.
- The API transfers the data to the initial requesting application, in this case, the product website 1

Components of an API

1. Endpoints: URLs that provide access to specific resources or functionalities.

2. Methods/HTTP Verbs: Actions that can be performed (e.g., GET, POST, PUT, DELETE).
3. Requests: Data sent by the client to the server.
4. Responses: Data sent back by the server to the client.
5. Headers: Metadata about the request or response (e.g., authentication tokens, content type).

1
https://www.ibm.com/topics/api

3
 End to End API Testing, Curated by Lamhot Siagian

6. Payload/Body: Data being sent with the request (typically in JSON or XML format).

Benefits of Using APIs

APIs offer significant benefits, including:

1. Automation: Streamlines repetitive tasks, boosting productivity.

2. Innovation: Enables external teams to innovate by leveraging existing functionalities.
3. Security: Adds a layer of protection by requiring authentication and authorization.
4. Cost Efficiency: Reduces expenses by using third-party tools instead of developing in-house
systems.2

API Use Cases

1. Integration: Connecting different applications and services, such as integrating payment gateways
into e-commerce platforms.
2. Automation: Automating repetitive tasks, such as deploying code, managing resources, or data
synchronization.
3. Data Access: Providing access to data from different sources, such as retrieving weather data or
financial information.
4. Third-Party Services: Enabling third-party developers to build applications that interact with your
services, such as social media apps using Facebook or Twitter APIs.
5. Microservices Architecture: Facilitating communication between microservices in a distributed
system.

API Documentation

Good API documentation is essential for developers to understand how to use the API effectively. It
typically includes:

1. Endpoint Descriptions: Detailed information about available endpoints and their purposes.
2. HTTP Methods: The methods supported by each endpoint (e.g., GET, POST).
3. Parameters: Required and optional parameters for each endpoint.
4. Request and Response Formats: Examples of request payloads and expected responses.
5. Authentication: Information about authentication and authorization mechanisms.
6. Error Handling: Common error codes and messages, along with troubleshooting information.

2
https://www.postman.com/what-is-an-api/#benefits-of-apis

4
 End to End APIs and API Testing, Curated by Lamhot Siagian

Importance of API Testing

API testing is a crucial aspect of software development, offering numerous benefits and addressing key
challenges that can significantly impact the quality, reliability, and performance of software applications.
Here are the primary reasons why API testing is important:

1. Ensures Functionality

● Verification of Requirements: API testing ensures that the API functions according to the specified
requirements. This involves checking that the endpoints are working correctly, the data is being
processed as expected, and the correct responses are returned.
● Detection of Errors Early: By testing APIs early in the development cycle, errors can be detected
and fixed before they become more difficult and costly to resolve.

2. Improves Reliability

● Consistent Performance: Regular API testing helps ensure that the API performs consistently
under various conditions, reducing the likelihood of unexpected failures in production
environments.
● Regression Testing: API tests can be automated and included in regression testing to ensure that
new changes do not break existing functionality.

3. Enhances Security

● Identification of Vulnerabilities: API testing can reveal security vulnerabilities such as SQL
injection, cross-site scripting (XSS), and other common exploits.
● Validation of Authentication and Authorization: Ensures that security mechanisms like
authentication and authorization are working correctly, protecting sensitive data and functionality
from unauthorized access.

4. Boosts Performance

● Load and Stress Testing: API testing includes performance tests such as load and stress testing,
which help determine how well the API performs under heavy traffic and identify potential
bottlenecks.
● Scalability Assessment: Helps in assessing whether the API can scale effectively to handle
increased load as the user base grows.

5. Enhances User Experience

● Ensures Smooth Integration: For APIs that are consumed by external developers or third-party
applications, thorough testing ensures that these integrations work smoothly, providing a better
user experience.
● Reduces Downtime: By identifying and resolving issues early, API testing helps reduce the chances
of downtime, ensuring that end-users experience fewer disruptions.

5
 End to End API Testing, Curated by Lamhot Siagian

6. Facilitates Continuous Integration/Continuous Deployment (CI/CD)

● Automated Testing: API tests can be automated and integrated into CI/CD pipelines, providing
quick feedback to developers and ensuring that changes do not introduce new issues.
● Continuous Monitoring: Ongoing API testing helps monitor the API's health and performance
continuously, allowing for rapid response to issues.

7. Supports Development and Debugging

● Improved Debugging: API tests provide detailed information about failures, making it easier for
developers to debug and resolve issues.
● Documentation and Clarity: Writing API tests often helps clarify the API's functionality and
expected behavior, which can improve the quality of documentation and assist other developers in
understanding how to use the API.

8. Reduces Costs

● Lower Maintenance Costs: Identifying and fixing issues early in the development process reduces
the costs associated with post-release maintenance and support.
● Fewer Production Issues: Well-tested APIs are less likely to cause issues in production, leading to
reduced costs related to bug fixes and customer support.

9. Ensures Compliance and Standardization

● Adherence to Standards: API testing ensures that the API complies with industry standards and
protocols, which is particularly important for APIs in regulated industries.
● Contract Testing: Validates that the API contracts (the agreed-upon schema and behavior between
API consumers and providers) are maintained, ensuring compatibility and reliability.

6
 End to End APIs and API Testing, Curated by Lamhot Siagian

Types of APIs

APIs come in various forms, each with its own strengths and purposes. Understanding these differences is
essential for picking the right API for your project and ensuring your application is effective, scalable, and
reliable. Let’s look at the different types of APIs, exploring what makes each unique and how they fit into
modern software development.

This table provides a high-level overview of various API types, their descriptions, and examples.3

API type Description Examples

Library-based Part of software libraries, Java API for Android app development, .NET
APIs language-specific, range from basic libraries used in Windows applications
utilities to complex GUI components

Operating Provide interfaces for OS interaction, Windows API for Windows OS interaction,
system APIs manage hardware resources and POSIX API for UNIX-like systems
processes

Database APIs Enable interaction with database SQL API for relational databases, Oracle’s
management systems, facilitate data OCI for Oracle databases
querying and manipulation

Hardware Allow communication with hardware IoT device APIs for smart home systems,
APIs devices, direct control over hardware Printer APIs for document processing
functions

Cloud APIs Provided by cloud service platforms, Amazon Web Services (AWS) API, Microsoft
enable interaction with cloud-based Azure API for cloud-based solutions
resources and services

HTTP APIs Facilitate client-server communication Web services, mobile apps, IoT devices, social
(web API) over the web, use standard HTTP media platforms, content management
methods, lightweight and flexible systems

REST APIs Use HTTP requests for data Web services accessible via the web, social
(web API) operations, stateless and separate media APIs, cloud services
client-server concerns

SOAP APIs Use service interfaces to expose Enterprise-level services like banking,
(web API) business logic, high security, suitable healthcare, where security and transactions
for enterprise-level organizations are critical

GraphQL Clients request only needed data, Complex data-driven web and mobile
APIs (web reduce data transfer over the network, applications, ad-hoc queries by the client
API) support multiple responses in one
request

3
https://www.nylas.com/api-guide/types-of-apis/

7
 End to End API Testing, Curated by Lamhot Siagian

Open APIs Accessible by third-party developers, Twitter API for tweets, Stripe API for
(public APIs) typically for external users, require payments, providing data or services to
API keys external developers

Internal APIs Designed for internal use within an Linking HR systems to internal employee
(private APIs) organization, enhance integration directories, improving internal efficiency and
between systems data security

Partner APIs Available to strategic business Integration of supply chain systems, service
partners, require specific entitlements expansion to partners, creating revenue
channels, controlled data sharing with trusted
partners

Composite Combine different data and service Aggregating various services in a single call
APIs APIs, access multiple endpoints in one for smoother user experience, commonly used
call in microservices architectures

JSON-RPC Encode data as JSON or XML for Remote procedure calls with simple
and XML-RPC remote procedure calls, send lists of request/response model, suitable for basic
APIs commands request/response scenarios

Synchronous Synchronous: Request-response Synchronous: Essential data retrieval, web

and model, Asynchronous: Non-blocking, page loading, Asynchronous: Background
asynchronous no immediate response required tasks, real-time data streams

Library-based Part of software libraries, Java API for Android app development, .NET
APIs language-specific, range from basic libraries used in Windows applications
utilities to complex GUI components

8
 End to End APIs and API Testing, Curated by Lamhot Siagian

Overview of API Testing Techniques

1. Unit Testing

● Objective: Test individual API components in isolation.

● Tools: JUnit (Java), NUnit (C#), pytest (Python).
● Description: Unit tests are typically written by developers to test the functionality of specific
methods or functions in the API, ensuring that each part works as intended.

2. Functional Testing

● Objective: Verify that the API performs its intended functions correctly.
● Tools: Postman, SoapUI, REST Assured.
● Description: Functional tests validate the API against the functional requirements and
specifications. This includes testing endpoints, methods (GET, POST, PUT, DELETE), and responses.

3. Integration Testing

● Objective: Ensure that the API interacts correctly with other components and systems.
● Tools: Postman, SoapUI, JUnit (with integration test configurations).
● Description: Integration tests evaluate the interactions between different parts of the API and other
services or databases to ensure that integrated parts work together as expected.

4. Performance Testing

● Objective: Assess the API’s performance under various conditions.

● Tools: JMeter, LoadRunner, Gatling.
● Description: Performance tests include load testing (to check API behavior under expected load),
stress testing (to determine the API’s breaking point), and endurance testing (to evaluate
performance over an extended period).

5. Security Testing

● Objective: Identify vulnerabilities and ensure the API is secure.

● Tools: OWASP ZAP, Burp Suite, Postman (with security extensions).
● Description: Security testing involves checking for common vulnerabilities like SQL injection,
cross-site scripting (XSS), and ensuring proper authentication and authorization mechanisms are in
place.

6. Usability Testing

● Objective: Ensure the API is easy to use and well-documented.

● Tools: Swagger, Postman.
● Description: Usability testing focuses on the API’s user experience, ensuring that the
documentation is clear, the endpoints are intuitive, and error messages are helpful.

9
 End to End API Testing, Curated by Lamhot Siagian

7. Validation Testing

● Objective: Validate the API’s functionality, performance, and security comprehensively.

● Tools: Postman, SoapUI.
● Description: Validation testing ensures that the API meets the business requirements and
expectations, combining functional, performance, and security testing aspects.

8. Compliance Testing

● Objective: Ensure the API complies with industry standards and regulations.
● Tools: Postman, SoapUI, custom scripts.
● Description: Compliance testing checks if the API adheres to legal and regulatory requirements,
such as GDPR, HIPAA, and other industry-specific standards.

9. Mocking and Virtualization

● Objective: Test the API in isolated environments by simulating dependencies.

● Tools: WireMock, MockServer, Postman (mock servers).
● Description: Mocking and virtualization allow testers to simulate the behavior of the API’s
dependencies, enabling testing in scenarios where real dependencies are unavailable or difficult to
configure.

10. Regression Testing

● Objective: Ensure new changes do not negatively affect existing functionality.

● Tools: Postman, SoapUI, automated test scripts.
● Description: Regression testing involves re-running previously conducted tests to verify that new
code changes have not introduced any new bugs or issues.

Best Practices for API Testing

● Automation: Automate as many tests as possible to ensure efficiency and repeatability.

● Version Control: Keep track of API versions and ensure tests are updated accordingly.
● Environment Management: Use consistent environments for testing to avoid discrepancies.
● Data Management: Use realistic data for testing to uncover potential issues.
● Continuous Integration/Continuous Deployment (CI/CD): Integrate API testing into the CI/CD
pipeline to catch issues early.

10
 End to End APIs and API Testing, Curated by Lamhot Siagian

Common Interview Questions and Answers Related to Basic APIs

1. What is an API?

Answer: An API (Application Programming Interface) is a set of rules and protocols that allows different
software applications to communicate with each other. APIs define the methods and data formats that
applications can use to request and exchange information.

2. Can you explain the difference between REST and SOAP APIs?

Answer:

● REST (Representational State Transfer):

○ Uses standard HTTP methods (GET, POST, PUT, DELETE).
○ Stateless, meaning each request from a client to a server must contain all the information
needed to understand and process the request.
○ Typically uses JSON or XML for data interchange.
○ It is easier to implement and more scalable for web services.
● SOAP (Simple Object Access Protocol):
○ A protocol-based approach that relies on XML for message format.
○ Includes built-in error handling and supports more complex operations.
○ Uses stricter standards and can work over several protocols (HTTP, SMTP, TCP).
○ Generally more secure with built-in security features.

3. What are the main HTTP methods used in RESTful APIs and what are their purposes?

Answer:

● GET: Retrieve data from the server.

● POST: Submit data to the server to create a new resource.
● PUT: Update an existing resource on the server.
● DELETE: Remove a resource from the server.
● PATCH: Apply partial modifications to a resource.

4. What is an API endpoint?

Answer: An API endpoint is a specific URL that provides access to a particular resource or functionality of
the API. It represents one of the discrete units of interaction in an API and is typically a combination of the
base URL and a resource path.

5. Explain the concept of RESTful API statelessness.

Answer: Statelessness in RESTful APIs means that each request from a client to a server must contain all
the information needed to understand and process the request. The server does not store any context or

11
 End to End API Testing, Curated by Lamhot Siagian

session information about the client between requests, making each request independent and
self-contained.

6. What is an API key and why is it used?

Answer: An API key is a unique identifier used to authenticate a client accessing an API. It helps track and
control how the API is used, ensuring that only authorized users can make requests. API keys are
commonly used for security purposes to prevent misuse and limit the number of requests from a client.

7. What is CORS and why is it important in web APIs?

Answer: CORS (Cross-Origin Resource Sharing) is a security feature implemented by web browsers to
prevent web pages from making requests to a different domain than the one that served the web page. It is
important in web APIs because it enables servers to specify who can access their resources, ensuring that
only trusted domains can make cross-origin requests.

8. What are some common status codes returned by APIs, and what do they mean?

Answer:

● 200 OK: The request was successful.

● 201 Created: A new resource was successfully created.
● 204 No Content: The request was successful, but there is no content to return.
● 400 Bad Request: The request was invalid or cannot be processed.
● 401 Unauthorized: Authentication is required and has failed or not been provided.
● 403 Forbidden: The server understands the request but refuses to authorize it.
● 404 Not Found: The requested resource could not be found.
● 500 Internal Server Error: An error occurred on the server side.

9. What is the purpose of API versioning and how can it be implemented?

Answer: API versioning ensures that changes in the API do not break existing client applications. It allows
developers to introduce new features and improvements without disrupting the current functionality for
existing users. Versioning can be implemented in several ways:

● URL Path: Including the version number in the URL (e.g., /v1/users).
● Query Parameters: Adding a version parameter in the query string (e.g., ?version=1).
● Headers: Using a custom header to specify the version (e.g., Accept:
application/vnd.myapi.v1+json).

10. What are the differences between synchronous and asynchronous API calls?

Answer:

● Synchronous API Calls:

12
 End to End APIs and API Testing, Curated by Lamhot Siagian

○ The client sends a request and waits for the server to respond.
○ The client is blocked until the response is received.
○ Simple and straightforward but can lead to inefficiencies if the server takes a long time to
respond.
● Asynchronous API Calls:
○ The client sends a request and continues processing other tasks.
○ The client is notified (usually via a callback or promise) when the response is ready.
○ More efficient for long-running operations, as it doesn't block the client.

11. What is rate limiting in APIs and why is it important?

Answer: Rate limiting is a mechanism to control the number of requests a client can make to an API within
a certain time period. It is important for:

● Preventing Abuse: Protects the API from being overwhelmed by too many requests from a single
client.
● Ensuring Fair Usage: Ensures that all clients have fair access to the API.
● Maintaining Performance: Helps maintain the API's performance and availability by avoiding
excessive load.

12. Explain the concept of API throttling.

Answer: API throttling is a technique used to control the usage of an API by limiting the number of
requests that can be made in a specific time frame. It helps in managing the load on the server, ensuring
service availability, and preventing abuse. Throttling can be implemented by setting a limit on the number
of requests per minute, hour, or day.

13