Rest API Interview Questions

Rest API Interview Questions: Rest API (Representational State Transfer Application Programming Interface) is a widely used architectural style for designing web services that communicate over the internet. Rest APIs allow software applications to interact with each other using standard HTTP methods such as GET, POST, PUT, DELETE, etc.

As Rest API has become an integral part of modern web development, it’s essential to have a solid understanding of Rest API concepts, principles, and best practices. During an interview, hiring managers may ask several Rest API interview questions to assess the candidate’s expertise and experience in Rest API development.

Post On:Rest API Interview Questions
Post Type:Interview Questions
Published On:www.softwaretestingo.com
Applicable For:Freshers & Experience
Get Updates:Software Testingo Telegram Group

Rest API interview questions can range from basic concepts such as HTTP methods, status codes, and headers to more advanced topics like security, performance optimization, and API design principles. Being well-prepared for Rest API interview questions can help you showcase your expertise and land your desired job in the field of software development. This article will provide a list of common Rest API interview questions and their answers to help you prepare and increase your chances of success.

Rest Assured API Testing Interview Questions

  • What is API?
  • What is API testing?
  • What are the types of API testing?
  • What are the protocols used in API Testing?
  • What are the tools used for API Testing?
  • What is an API test environment?
  • What is an API framework?
  • What are the limits of API usage?
  • What are the advantages of API testing?
  • What are the principles of an API test design?
  • What is an API framework?
  • What are the common tests that are performed on API?
  • What exactly needs to be verified in API testing?
  • What are the differences between API and Web Services?
  • What is the API documentation?
  • What is the most used template for API documentation?
  • What are the types of bugs that can be found during API testing?
  • What are the differences between API testing and UI testing?
  • What is SOAP?
  • What is REST API?
  • What are the differences between SOAP and REST API?
  • What are the major challenges faced during API testing?
  • What are the differences between API Testing and Unit Testing?
  • What is a RESTFUL web service?
  • What is Resource in REST?
  • What is the way to represent the resource in REST?
  • What protocol is used by the RESTFUL Web Services?
  • What are the characteristics of REST?
  • What is messaging in RESTFUL Web Services?
  • What are the components of an HTTP request?
  • What is the HTTP protocol supported by REST?
  • Can we use GET request instead of PUT to create a resource?
  • What is URI? What is the purpose of web-based service, and what is its format?
  • What are SOAP Web Services?
  • When we can use SOAP API
  • What is the difference between JSON and JSON Schema? (Mphasis)
  • Difference between Path and Query Parameters with an example
  • How to send a GET request using Rest Assured?
  • How to log response in Rest Assured only in the case of an error.
  • Explain different ways of extracting a single field from a response body.[like using response, JSONPath, XMLPath] and also they will give you the response of a request and ask you to extract the response of a particular field.
  • How to mask header information in API testing using Rest Assured?
  • How to download a file using rest assured?
  • How do you handle form parameters and multipart parameters[uploading media file]?
  • They will give you an end-to-end scenario and ask how will you write the rest-assured code for that [ they are trying to understand how well can you do the API chaining here, you can just explain also]
  • What import statement will you use for Rest Assured to work?
  • How to check that a specific item is present in a collection using Rest Assured?[we can use Matchers here]
  • What are the common exceptions you encounter in Rest Assured?
  • Explain the rest of the Assured framework you wrote in your previous org.
  • How do you handle data in Rest Assured? [POJO, Excel, config file, HashMaps]
  • What is the use of ResponseSpecification in Rest Assured?
  • How do you handle authentication and authorization in Rest Assured tests?[basic, OAuth, digest, custom]
  • What are the common pitfalls or challenges you have faced while using Rest Assured, and how did you overcome them?
  • What is the difference between given(), when(), and then() methods in Rest Assured and explain with an example.
  • How do you handle cookies in Rest Assured tests?
  • How can you handle timeouts and retries in Rest Assured tests?
  • Reporting in Rest Assured.
  • How do you enable parallel execution of Rest Assured tests? [TestNG, XML]
  • How do you verify the status code of an HTTP response using Rest Assured?
  • How do you handle dynamic status codes or scenarios where the status code may change between test runs?
  • How can you handle dynamic data or parameters in Rest Assured requests?
  • How to handle SSL certificates in rest assured.
  • What is API automation testing? How does it differ from UI automation testing?
  • What are the advantages of API automation testing?
  • How do you select the appropriate tools and frameworks for API automation testing?
  • Explain the steps involved in testing an API.
  • What are the commonly used HTTP methods in API testing?
  • What is the difference between GET and POST methods in API testing?
  • How do you handle authentication and authorization in API automation testing?
  • What is JSON? How do you parse and validate JSON responses in API automation testing?
  • What is the role of assertions in API automation testing?
  • How do you handle dynamic data in API responses during automation?
  • What is endpoint testing, and how do you perform it?
  • How do you handle error responses and status codes in API automation testing?
  • What are some common challenges faced in API automation testing, and how do you overcome them?
  • What is the difference between the patch and put method in RestApi?
  • When we use the get method, data is not secured, and when we use it to post, this method hides data.
  • What is Authentication?
  • Why do we use mocks or stubs?
  • What is the difference between rest API and microservices?
  • Why do we get parameter session and variable declaration in API?
  • What are the main methods that we use for API automation?
  • What are the JSON converter headers of API?
  • Once the response comes, what actually do we get?
  • How to create API?
  • How does caching work in microservices?
  • What is REST ASSURED?
  • Explain mocking.
  • What expectations does the Technical panel see for the tester from an API Automation perspective?
  • Why do we do API Testing? What is the advantage, and where can we do API testing?
  • Can anybody explain POJO
  • What are web services and APIs, and what are their differences?
  • What are the Authenticated techniques/Types? Can we use them to access the rest of the API?
  • What are the different ways to pass authentication in API requests?
  • Difference between PUTS and POST in API.
  • What is the global variable in Postman?
  • Environment variable in postman.
  • Difference between put and patch.
  • What is the 409 response code?
  • How to pass JSON file to a payload
  • Pass payload using a hashmap.
  • Write a program to take a get request using Rest assured and, from the response, verify if data is present in the database using SQL.
  • What is OUTH, and why does the company use it nowadays?
  • What is API automation testing? How does it differ from Ul automation testing?
  • What are the advantages of API automation testing?
  • How do you select the appropriate tools and frameworks for API automation testing?
  • Explain the steps involved in testing an API.
  • What are the commonly used HTTP methods in API testing?
  • What is the difference between GET and POST methods in API testing?
  • How do you handle authentication and authorization in API automation testing?
  • What is JSON? How do you parse and validate JSON responses in API automation testing?
  • What is the role of assertions in API automation testing?
  • How do you handle dynamic data in API responses during automation?
  • What is endpoint testing, and how do you perform it?
  • How do you handle error responses and status codes in API automation testing?
  • What are some common challenges faced in API automation testing, and how do you overcome them
  • Describe the process of testing GraphQL APIs and compare it to testing RESTful APIs.
  • Explain the concept of rate limiting in APIs and how you would test for it.
  • Discuss the challenges and strategies for testing APIs that involve complex authentication mechanisms like OAuth 2.0.
  • Explain how you would handle testing for APIs that involve file uploads or downloads.
  • Discuss strategies for handling versioning in APIs and how you would test backward compatibility.
  • Describe the process of API testing in a microservices architecture. How does it differ from testing monolithic APIs?
  • Explain the concept of API contract testing and its significance in modern software development.
  • How would you approach testing for performance and load handling of APIs? Mention specific tools or techniques you’d use.
  • Explain the differences between mocking and stubbing in API testing, and when you would use each approach.
  • Describe the strategies you’d employ for testing APIs that are constantly evolving or changing

Rest API Interview Questions

Rest API interview questions assess a candidate’s knowledge and experience in designing and developing Rest APIs, covering HTTP methods, security, performance optimization, and API design principles. Preparing for these questions is crucial for candidates looking to succeed in software development job interviews.

  • What are Web services?
  • What is the difference between SOAP and REST
  • What is REST API
  • What is the difference between Web services testing and API testing
  • Difference between XML and HTML
  • What is Assertion
  • Types of Assertions
  • Difference between Xpath and XQuery
  • Types of Properties and Their Syntaxes
  • What is Data-Driven Testing
  • What is the Data Source Test step
  • Explain about JDBC process
  • How to Connect JDBC to SOAP UI
  • What is Connection String in JDBC
  • Difference between SOAP UI FREE v/s SOAP UI PRO
  • What are the Data Sink and Data gen test steps in SoapUI pro
  • How to Transfer value using Property Transfer
  • What are Mock services
  • How to do Service mocking
  • What is the process of SOAP UI Testing
  • What is WSDL
  • What are the parameters in WSDL
  • Explore the WSDL
  • Is WSDL necessary for SOAP UI?
  • Difference between HTTP and HTTPS
  • Why HTTP is important in Webservices
  • What is an Endpoint?
  • What are the HTTP methods and HTTP Status Codes?
  • Explain different types of HTTP methods and Usage
  • Explain different Status codes
  • Types of HTTP Status codes
  • What is the Request Header ? and its format?
  • What is Response Header ? and Its format?
  • What tools are available for SOAP testing
  • Do you have experience in Load Testing
  • How to test Load Testing
  • What are TPS, Response Time, and Breakeven point
  • Absolute vs. Relative Xpath?
  • What are Name Space and its usage
  • How to write Xpath for access attributes?
  • SOAP UI Architecture
  • How to generate Reports in the Free Version
  • Why API Testing?
  • Is there any difference between SOAP and REST API testing? If so, how?
  • Key things you test in an API let’s say a GET API to fetch a list of 5 records with ID and name
  • GET vs POST
  • POST vs PUT vs PATCH example for each
  • What do you mean when you say PUT is idempotent? Conditions for idempotency?
  • Do you follow any strategy for sending large payloads in POST?
  • Is it a good idea to have assertions for request headers when testing APIs?
  • How do you get a request header in Rest-Assured?
  • If I send a text file as an input in a POST call, what will be the content-type?
  • Key things to test when your API response feeds into a downstream system?
  • URI vs URL with a simple example.
  • Can you explain more about the JWT format and how it works for authentication in an API?
  • Do you know if caching is applied in the rest api’s that you test? How do you test caching in API’s
  • How do you test expired or invalid tokens in your API’s?
  • How do you test user roles and permissions in your API? Tell us some of the best practices that you follow for testing such user permissions in APIs.
  • Have you heard of the term rate-limiting? Can you explain when should we use rate limiting in APIs
  • Do you generate reports of the API tests that you run? What are some key attributes to include in the report?
  • Have you heard of the term API gateway? What does it do?
  • What is the difference between path param and query params?
  • Do we need to use the POJO class and serialisation in RestAssured when we can directly send the request body as a String?
  • Can I use cookies with rest assured? If so, how can I set a cookie for a domain?
  • Do you know what is a HEAD request? Can you think of a scenario when a HEAD request would be needed?
  • Is POST a cacheable method? Is PUT a cacheable method?
  • What is the difference between API virtualisation and mocking?
  • What is JSON Schema? Can I use the same JSON schema to validate the response of two different APIs?
  • What is API caching and in how many ways can we cache API response

Interview Questions on Rest API

  • Different HTTP methods
  • HTTP status codes ( 200/400/500 series)
  • Put/post/patch
  • 401 vs. 403
  • Query and path parameters
  • How to construct JSON requests (POJO/JSON Object/JSON Arrays)
  • How to validate Response ( POJO / JSON path /object Mapper)
  • How to validate/test API(different cases )
  • What are Authorization or API keys
  • RestAssured code snippets or HTTP client code snippets
  • Is API Testing part of functional or non-functional testing?
  • What is API Gatekeeper
  • Can we use Boundary value analysis EP techniques or error guessing techniques to test APIs
  • As a QA/SDET, are we involved in API Documentation?
  • Does API have any relationship with Serverless
  • What is the difference between RestAPI and Restful
  • Can we access API with CLI
  • Difference between API and Library
  • HTTP API vs RestAPI
  • Is it possible to test an API using Browser DevTools or Browser extensions…
  • Can Rest API use HTTPS protocol
  • How do you fetch data globally in API Automation
  • Can we Automate all the APIs
  • What do you understand by RESTful Web Services?
  • What is a REST Resource?
  • What is URI?
  • What are the features of RESTful Web Services?
  • What is the concept of statelessness in REST?
  • What do you understand by JAX-RS?
  • What are HTTP Status codes?
  • What are the HTTP Methods?
  • Can you tell me the disadvantages of RESTful web services?
  • Define Messaging in terms of RESTful web services.
  • Differentiate between SOAP and REST?
  • While creating URI for web services, what are the best practices that need to be followed?
  • What are the best practices to develop RESTful web services?
  • What are Idempotent methods? How is it relevant in the RESTful web services domain?
  • What are the differences between REST and AJAX?
  • Can you tell what constitutes the core components of an HTTP Request?
  • What constitutes the core components of HTTP Response?
  • Define Addressing in terms of RESTful Web Services.
  • What are the differences between PUT and POST in REST?
  • What makes REST services to be easily scalable?
  • Based on what factors, you can decide which type of web services you need to use SOAP or REST?
  • We can develop web services using web sockets as well as REST. What are the differences between these two?
  • Can we implement transport layer security (TLS) in REST?
  • Should we make the resources thread-safe explicitly if they are made to be shared across multiple clients?
  • What is Payload in terms of RESTful web services?
  • Is it possible to send the payload in the GET and DELETE methods?
  • How can you test RESTful Web Services?
  • What is the maximum payload size that can be sent in POST methods?
  • How does HTTP Basic Authentication work?
  • What is the difference between idempotent and safe HTTP methods?
  • What are the key features provided by JAX-RS API in Java EE?
  • Define RESTful Root Resource Classes in the JAX-RS API.
  • What do you understand by request method designator annotations?
  • How can the JAX-RS applications be configured?
  • Is it possible to make asynchronous requests in JAX-RS?
  • List the key annotations that are present in the JAX-RS API.
  • Define RestTemplate in Spring.
  • What is the use of @RequestMapping?
  • What are the differences between the annotations @Controller and @RestController?
  • What does the annotation @PathVariable do?
  • Is it necessary to keep Spring MVC in the classpath for developing RESTful web services?
  • Define HttpMessageConverter in terms of Spring REST

Rest Assured API Testing Interview Questions

  • Difference between REST and SOAPUI.
  • The method in REST.
  • Difference between PUT and PATCH call
  • How to integrate Postman into the project?
  • How will you handle dynamic payloads in API?
  • How do you capture specific response values and pass them to other requests?
  • What challenges did you face in API testing?
  • What is the difference between Authorization and Authentication?
  • What are the API status codes you have come across?
  • What is the difference between OAuth1.0 and OAuth2.O? When and where do you use and how. Can you write a sample code?
  • How do you get the response from one API and send it to another API?

Rest Assured Automation Interview Questions

  • What is Rest?
  • What tools are avail for REST?
  • What is JSON?
  • What is URI?
  • What is “R” in URI?
  • What are Params/Parameters?
  • What is HTTP?
  • Tell me a few HTTP methods and Status Codes.
  • What is the process for validating response data?
  • What Is the JSON path?
  • What is Header data?
  • What is an Authorization token?
  • What is the payload?
  • Steps to test REST application?
  • What is the usage of collections in POSTMAN?
  • What is WADL?
  • POST vs PUT

Rest API Testing Interview Questions

  • How will you handle server issues in API testing both in Postman and, rest assured.. like 5xx.. explain
  • What is an API?
  • What’s the difference between Rest vs SOAP
  • What are the different HTTP methods?
  • What are the different status codes, and when will they occur?
  • What are the different ways you validate XML responses?
  • What are the different ways you validate the rest of the API response?
  • How do you use POJO? Sample POJO code for a JSON
  • How do you pass payload to rest API calls during automation?
  • Explain your automation framework.
  • Explain the challenges that you face during the automation of the rest APIs
  • What are the different types of testing you do with an API
  • What is the diff between regular calls vs OAuth calls?
  • How do you test security testing using APIs
  • How do you do performance testing with APIs
  • What is the difference between Put vs Patch?
  • We have 200 APIs, and for all 200 APIs, there are seven fields. How will you validate? What will be your approach?
  • There are 25 fields you need to validate from the API response. What will be your approach? How will you validate? Will you create 25 variables to store responses for every field?
  • There are 1000 API post-request calls to create records. The best approach is to make our test cases run in any Chrome version, irrespective of the Chrome driver version.

Rest Assured Interview Questions

  • What is the RAML? What is the use?
  • How to handle dynamic bearer token authentication (token has changed every hour)
  • How do you know if your URL query parameters and path parameters are working or not
  • Where does use is given and when and then in your framework?
  • How to create a post request with dynamic data in your framework
  • Explain your framework
  • Rest and sop difference?
  • What does mean by rest is light compared to soap
  • Why soap is more secure than rest.
  • Different response code
  • When we get a stale element exception.
  • Explain overloading and overriding with examples.
  • Explain all the oops concepts you used in your framework.
  • If you cannot find any element, what techniques will you apply?
  • Verification and validation of different examples.
  • Response time in rest and soap services. Is there any difference?

Rest Assured API Testing Interview Questions

  • Error code for authentication and Authorization
  • Whats authentication
  • What is the difference between put and patch requests?
  • Is there any way to verify the response on the UI? An interviewer asked how to verify the UI after performing API testing.
  • How to debug/read/rewrite req/response of API over HTTPS using Charles?
  • What is the difference between Oath 1 and Oath 2?
  • Enlist some common tests that are performed on APIs.
  • How to identify Oath 1 and Oath 2?
  • What is the purpose of the oath?
  • Oath generation testing
  • When to use the post method
  • What patch method and when to use it
  • What are other tools for API testing, apart from Postman
  • What all to think/consider for switching Automation framework
  • The internal and external API token
  • Generate Access token
  • What have mainly used HTTP methods other than post get put and delete
  • What have mainly used HTTP methods other than post get put and delete
  • How does basic Authorization work?
  • Explain in brief the different types of output observed by an API.
  • Can booleans parameterized
  • What testing you will perform on an API
  • What SQL injection, how to do it
  • Explain in brief the different types of output observed of an API. – JSON, XML, HTML, text
  • Schema validation
  • Heartbeat call and logistics call
  • Https local map for Charles’s proxy

Rest Assured Interview Questions And Answers

  • What will you check first when a lot of failures in API automation?
  • What will you do when the API structure changes?
  • Which dependency is good for handling JSON operations?
  • How do you keep JSON requests in the automation framework?
  • Which of the following takes more time to script? Get or Post a call?
  • Tell me your approach to automating an API that is under development
  • Tell me a complex scenario you automated so far
  • What will be your action, when a mandatory header which is passed in all the services becomes optional?

Rest assured Interview Questions

  • What is the difference between API and WebService?
  • What is the difference between SOAP & Rest API?
  • Can you write a sample of API(URL) and JSON?
  • How do you handle the Authentication token?
  • How many types of Authentication are in POSTMAN/ Rest-Assured?
  • What is the difference between OAuth1.0 and OAuth2.O, When and where do you use and how? Can you write a sample code?
  • What is the base URI in RestAssured?
  • Can you explain RequestSpecification request = RestAssured.given();
  • What will be returned type of response.jsonPath().getJsonObject(“XYZ”);
  • How do you extract the values of JSON, and how do you validate the response?
  • Can you write a code for saving the response in a JSON file?
  • How do you validate the headers of the response?
  • What is the difference between Headers and Header classes?
  • What is difference between response.header(“xyz”) and response.headers() methods.
  • Can you extract all the headers from the response at run time?
  • What is JSONObject() , request.header(“xyz”), response.path(“lable”) , response.body().asString() , response.getBody().prettyPrint(); , RestAssured.given().queryParam(“xyz”,”abc”);
  • What is difference between request.get(“https//dev-mode.com/api/allcustomers”) and request.request(Method.GET,”/ allcustomers “);
  • What is the difference between PUT and Patch? Have you ever used and where?
  • What are status code(2xx ,3xx ,4xx, 5xx) in API.
  • How do you print your response in JSON format?
  • How do you post body in POST, and how many ways to post?
  • What are the dependencies for Rest-Assured?

Rest API Interview Questions For Experienced

  • How to parse a JSON
  • How to parse an XML
  • How to Insert key: value based upon some searching criteria
  • Write code for conversion of JSON to XML and XML to JSON
  • What do you mean by the query parameter and path parameter?
  • What is the difference between put and patch?
  • What is the validation of API automation?
  • Explain your framework(Rest Assured)
  • What do you mean by object notation and array notation in JSON?
  • Write code for JSON Read
  • What do you mean by POJO why do we use POJO?
  • What do you mean by authentication and what are the types of authentication while API testing
  • What is the difference between URI and URL
  • How do you store the result and use it further in Groovy scripting
  • What do you mean by Test runner in groovy scripting
  • What is the Rest of the service architecture?
  • What is the soap service architecture?
  • What is the soap UI work hierarchy?
  • How to set and get property using Groovy scripting
  • What do you mean by jsonsluper and xmlholder
  • How to convert JSON to Hashmap
  • What do you mean by Data source Data Sink and Data Source loop and why do we use it
  • How to handle SSL in SoapUI
  • What are the different types of properties in SoapUI that you declare using Groovy scripting?
  • What is the main thing about API automation?
  • What do you mean by Webservices, and why do we use Webservices?
  • What is the difference between soap and Rest?
  • What do you mean by UDDI, and what do you mean by WSDL?
  • What are the different types of HTTP Methods?
  • How to parse a list from JSON. For example, there is JSON and multiple IDs. How do you parse all the IDs from JSON and how do you parse a particular ID from that JSON?

API Automation Testing Interview Questions

  • The model used of your Rest API means how you follow rest API ( these are coming from the Richardson maturity model)
  • The architecture of the API project ( Jax-rs with jersey or restless etc)
  • How you create JSON data on post-call. ( I mean are you hardcoding data in code or somewhere you calling like JSON or CSV file)
  • How you extract path parameters
  • How do you read JSON response ( here JSON object, JSON array, reading whole key-value pair, etc)
  • The question will be about headers and cookies ( in Get call and post-call related)
  • Maintaining URLs ( means get a call or post-call or delete call URL; here interviewer will make a twist based on your earlier told how your company follows API development, simply the Richardson model)
  • The question will be what are path parameters, query parameters, etc
  • Extent report or default report.
  • For some database queries as you know API bits related to DB as just making the sure response and request were dropped in DB or not OK

Java Rest API Interview Questions

  • What is the difference between Get and Post Call?
  • How/why do we call Get and Post a call?
  • Is it mandatory to send request data in JSON format only?
  • How does API work?
  • Please explain RPC API.
  • What is the difference between REST API and microservices?
  • Why we do get parameter session and variable declaration in API?
  • why do we use mocks or stubs?
  • Difference between SOAP API and REST API?
  • What is the difference between the patch and put method in RestApi?
  • What is the difference between a REST and RESTful?
  • What is REST ASSURED?
  • How does caching work in microservices?
  • What are the expectations the Technical panel sees for a tester from an API Automation perspective?
  • Why do we do API Testing? What is the advantage, and where can we do API testing?
  • What is API testing?
  • What is API?
  • How do APIs work?
  • What are the different types of API testing?
  • What protocols can be tested using API Testing?
  • What are the most commonly used tools for API testing?
  • What are the differences between API Testing and Unit Testing?
  • What are the advantages of API Testing?
  • What is the approach followed in API Testing?
  • What needs to be verified in API testing?
  • What are the best practices that need to be followed for writing test cases?
  • What do you understand by Black Box Testing?
  • Define Test Data.
  • Define test coverage.
  • Does the API tester need to have coding knowledge to perform API testing?
  • What is the process of API Specification Review?
  • What is Latency in API testing?
  • What do you understand by Throughput in Performance testing?
  • How do you document an API functionality? What are the tools available for achieving the same?
  • What is the most important difference between API testing and UI testing?
  • What are the major blockers or challenges faced while performing API testing?
  • What are the principles that need to be followed while performing API Testing?
  • What are the different bugs that can be found in API testing?
  • Define Test API.
  • What is Payload?
  • What is Run Scope?
  • What is the importance of the caching mechanism?
  • Why is automated API testing useful?
  • What do you understand by Input injection?
  • What do you understand by the test environment for API?
  • Is it possible to hack API while testing?
  • How should we test the API security?
  • What do you understand by the Big Bang Approach in testing?
  • How do you perform API Load Testing?

So we request that all visitors share their experience on REST API and Rest API Interview Questions with us. If you have any queries related to this post, please leave a comment, and we will update you as soon as possible.

HTTP Status Codes in API Responses

Successful Response (200 OK): When you make a GET request to fetch user data, the server successfully returns the user’s information. After successfully submitting a form, the server responds with a 200 OK status code to acknowledge the submission.

Created (201 Created): When you make a POST request to create a new resource, such as submitting a new blog post, and the server creates the resource and returns a 201 status code along with the URL to the newly created resource.

No Content (204 No Content): After successfully deleting an item, the server might respond with a 204 status code to indicate that the request was successful, but there is no data to return.

Bad Request (400 Bad Request): When you send a request with missing or invalid parameters, the server responds with a 400 status code to indicate that the request is malformed or incorrect.

Unauthorized (401 Unauthorized): If you try to access a protected resource without providing valid authentication credentials, the server may respond with a 401 status code, indicating that authentication is required.

Forbidden (403 Forbidden): When you attempt to access a resource that you don’t have permission to access, the server may respond with a 403 status code to indicate that access is forbidden.

Not Found (404 Not Found): If you request a resource that does not exist on the server, the server will respond with a 404 status code to indicate that the requested resource was not found.

Internal Server Error (500 Internal Server Error): In case of an unexpected server-side error, like a database connection issue or unhandled exception, the server may return a 500 status code, indicating that something went wrong on the server.

Service Unavailable (503 Service Unavailable): If the server is temporarily down for maintenance or experiencing an overload, it might respond with a 503 status code to inform clients that the service is currently unavailable.

Top Interview Questions with Answers for Rest Assured

How do you handle response headers in Rest Assured tests?
Answer: You can use the ‘header’ method to validate specific headers in the response. For example, checking the ‘Content-Type’ header: given() .when() .get(“/endpoint”) .then() .header(“Content-Type”, “application/json”);

What is the purpose of the Matchers class in Rest Assured?
Answer: The Matchers class in Rest Assured provides various static methods for performing different types of assertions on the response.
For example, Matchers.equalTo(value) is used to check if a response value is equal to the expected value.

How do you perform a POST request with a JSON payload in Rest Assured?
Answer: To perform a POST request with a JSON payload, you can use the body() method to include the JSON content. For example:
given() .body(“{\”key\”: \”value\”}”) .when() .post(“/endpoint”) .then() .statusCode(201);

What is the purpose of the ‘relaxedHTTPSValidation()’ method in Rest Assured?
Answer: The relaxedHTTPSValidation() method disables strict SSL certificate validation, allowing you to make requests to HTTPS endpoints without validating the SSL certificate.

What is the purpose of the ‘config(JsonConfig.jsonConfig())’ method in Rest Assured?
Answer: The config(JsonConfig.jsonConfig()) method is used to configure JSON serialization and deserialization settings. It allows you to customize how JSON data is processed during requests and responses.

Explain the purpose of the ‘auth().oauth2AuthorizationCodeFlow()’ method in Rest Assured.
Answer: The auth().oauth2AuthorizationCodeFlow() method is used for OAuth 2.0 authentication using the authorization code flow. It helps in handling the authentication process with the authorization server.

What is the purpose of the auth().none() method in Rest Assured?
Answer: The auth().none() method is used to indicate that no authentication is required for a particular request. It’s helpful when dealing with public endpoints that do not require authentication.

How can you handle assertion failures gracefully in Rest Assured to continue with the execution of subsequent test steps?
Answer: You can use the softAssertions() method from the AssertJ library to create soft assertions, which allow the test to continue even if there are assertion failures. For example:

SoftAssertions softAssert = new SoftAssertions();
softAssert.assertThat(response.getStatusCode()).isEqualTo(200); softAssert.assertThat(response.getBody().jsonPath().getString(“name”)).isEqualTo(“John Doe”);
softAssert.assertAll();

API Automation Challenges And Best Practices

Data Management:
Challenge: Managing test data for API tests can be complex, especially when dealing with various data formats.
Best Practice: Use data-driven testing approaches. Store test data separately and keep it organized. Utilize data generation tools if needed.

Dependency Management:
Challenge: APIs often rely on other APIs or services, making it challenging to control dependencies.
Best Practice: Mock or stub-dependent services to isolate the API under test. Use dependency injection or service virtualization tools.

Dynamic Data:
Challenge: APIs may return dynamic data, such as timestamps, making it difficult to write stable tests.
Best Practice: Use assertions that account for dynamic data, like using regular expressions or ignoring specific fields when comparing responses.

Authentication and Authorization:
Challenge: Testing APIs that require authentication and authorization can be complex and may involve security concerns.
Best Practice: Implement token-based authentication for testing. Ensure secure handling of authentication tokens and simulate various authorization scenarios.

Rate Limiting and Throttling:
Challenge: APIs may have rate limits or throttling mechanisms that affect the testing process.
Best Practice: Coordinate with developers to bypass rate limits during testing or implement rate-limiting strategies in your test scripts.

Error Handling:
Challenge: Properly validating error responses and handling unexpected errors can be challenging.
Best Practice: Write test cases to cover both expected error scenarios and unexpected errors. Ensure clear error messages for debugging.

Environment Setup:
Challenge: Creating consistent test environments that mimic production can be complex.
Best Practice: Use containerization tools like Docker to set up and manage test environments, ensuring consistency across different stages.

CI:
Challenge: Integrating API tests into CI/CD pipelines smoothly can be tricky.
Best Practice: Automate test execution within your CI/CD pipeline. Use tools like Jenkins, Travis CI, or GitLab CI for seamless integration.

Monitoring and Reporting:
Challenge: Monitoring and reporting test results across multiple APIs and versions can be overwhelming.
Best Practice: Implement a robust reporting system that provides clear insights into test results, failures, and trends. Use tools like TestNG, JUnit, or custom reporting solutions.

Documentation and Collaboration:
Challenge: Lack of clear API documentation or poor collaboration with development teams can hinder testing efforts.
Best Practice: Collaborate closely with developers to ensure clear API documentation. Use tools like Swagger or Postman to document and share API details.

Structural Validation of JSON Using Rest Assured

Validating the response received from the server is a vital task in API testing. Here, we will see how we can perform Structural or Schema Validation of a JSON response. A schema is nothing but a JSON file. It will have only datatype information and the expected keys of the JSON. There won’t be any values present in the schema. For Schema validation, we need to create a schema for our JSON. We can manually create the schema, or we can use any online schema generators.

The steps we will follow are like:

Add a “JSON schema validator” dependency in pom.xml.
Add a “hamcrest-all” dependency for asserting the JSON schema.
Load the expected “schema.JSON” in a file object e.g.
File schema = new File ( System.getProperty (“user.dir”) + “schema.json” );
Fire the rest assured request, validate the response body using the ‘matchesJsonSchema’ method eg.

given (). get ( “http://localhost:8080/abc/123” ).
then (). body (matchesJsonSchema (schema ) );

The ‘matchesJsonSchema’ method validates that the response body matches the structure-data type and the required keys. If there is any mismatch, it will be reported in the console.

The code will be like this:

public class StructureValidation {
@Test
public void JSONSchemaValidation () {
File schema = new File (System. getProperty (“user.dir”) + “schema1.json” ) ;
given ().
get (“http://localhost:8080/abc/123”).
then ().
body (matchesJsonSchema (schema) ) ;
}

Schema validation programmatically is very useful when you have a nested JSON, which is very time-consuming if we need to validate manually.

What are the common HTTP Request methods?

HTTP defines a set of request methods to indicate the desired action to be performed.

GET: retrieve data.
HEAD: identical to GET request, but without the response body.
POST: submit an entity to the specified resource.
PUT: modify data with the request payload.
DELETE: delete the specified resource.
CONNECT: establish a network connection to a web server.
OPTIONS: find out the HTTP methods and other options supported.
TRACE: performs a message loop-back test.
PATCH: apply partial modifications to a resource.

What is Serialization?

Serialization: In Java, serialization is the process of converting an object into a stream of bytes in order to store the object or transmit it to an external file. Its main purpose is to save the state of an object in order to be able to recreate it when needed.

What is deserialization?

Deserialization: The reverse process, which reconstructs the object from the stream of bytes, is called de-serialization. To make an object serializable, its class must implement the java.io. Serializable interface, which is a marker interface.

What is a marker interface?

Marker Interface: In Java, a marker interface is an interface that contains no methods or fields and indicates that a class implementing the interface has a certain property. Marker interfaces are also known as tag interfaces. A marker interface is typically used to provide a common base type for a group of related classes. For example, the java.io Serializable interface is a marker interface.

What is the use of transient keywords in Java?

transient keyword: transient is a modifier which is used to prevent the particular class member from being de-sterilized.

API Status Code Cheat Sheet

API Status Code Cheat Sheet

Avatar for Softwaretestingo Editorial Board

I love open-source technologies and am very passionate about software development. I like to share my knowledge with others, especially on technology that's why I have given all the examples as simple as possible to understand for beginners. All the code posted on my blog is developed, compiled, and tested in my development environment. If you find any mistakes or bugs, Please drop an email to softwaretestingo.com@gmail.com, or You can join me on Linkedin.

1 thought on “Rest API Interview Questions”

Leave a Comment