API testing interview questions and answers for QA Engineers

Estimated read time: 1:20

    Summary

    In this insightful video by Codemify, QA Engineers and aspiring professionals are equipped with knowledge about API testing interview questions and effective strategies to answer them. Sergio Kenko, an experienced QA Engineer Lead, shares practical advice on API and UI testing, automation using tools like Postman, managing environmental variables, understanding HTTP status codes, and handling API performance testing. The video focuses on making viewers confident and well-prepared for API testing interviews, blending technical knowledge with personal experiences from the field to empower and educate.

      Highlights

      • Sergio Kenko reveals the top 10 API testing interview questions asked in recent months, providing insights into successful job interviews. 🎥
      • The significance of testing API is highlighted—it's faster and sometimes more crucial than UI testing, often done before the UI exists! ⏩
      • Key differences between API and UI testing include a focus on server-side versus user interface considerations. Understand both for a complete picture of system quality. 🖥️
      • Automation with Postman is demystified—see how beginners can quickly validate APIs using easy-to-use snippets and templates. 📝
      • Learn about the use of environmental variables and tokens; these keep your testing adaptable and secure across various environments. 🔧
      • Decode common HTTP status codes like 200, 401, 403, and 404—knowing these helps you respond effectively to API queries. 🚦
      • Sergio underscores the importance of saying what you know and what you don't during interviews—honesty builds trust. 🙌

      Key Takeaways

      • Sergio Kenko, a seasoned QA expert, shares top API testing interview questions gathered from successful job candidates over the past three months. 💼
      • Learn the significance of API testing, its differences from UI testing, and why it's crucial for verifying server-side data processing. 🔍
      • Get tips on automating APIs with Postman, using snippets for quick code writing and verification, suitable for beginners and experts alike. 🛠️
      • Understand environmental variables and tokens, which are vital in switching between different testing environments and identifying users securely. 🔑
      • Familiarize yourself with common HTTP response status codes and their meanings, critical for API assessment and debugging. 📊
      • Explore the steps to automate API calls, the importance of selecting the right tools, and building a framework from scratch. 🚀
      • Discover how to handle API performance testing using tools like k6 and JMeter and when it's okay to admit gaps in your knowledge during an interview. 🤖

      Overview

      Sergio Kenko, with a decade in the QA field, shares a treasure trove of interview questions aimed at prospective QA engineers, focusing on API testing skills. The video serves as a guide for those preparing for job interviews, offering real-world insights and detailed explanations about the essential knowledge every QA engineer should possess. Kenko emphasizes the importance of understanding API testing and differentiates it from UI testing, drawing on his extensive experience.

        The video offers practical advice on implementing API testing using tools like Postman, pivotal for automating tests and simplifying processes. Sergio explains the role of environmental variables and tokens, how to verify proper API functionality, and manage different testing environments smoothly. He also highlights the HTTP status codes relevant to assessing API responses, embracing a learning approach that underscores patience and persistence.

          Additionally, for those interested in API performance testing, Sergio introduces tools like k6 and JMeter. He stresses the importance of being honest during interviews regarding one's level of expertise. The session concludes with inspirational advice to remain authentic and open to learning, ensuring viewers leave with not just technical skills but a mindset geared towards growth and honesty in their professional journey.

            Chapters

            • 00:00 - 00:30: Introduction to API Testing Questions The chapter titled 'Introduction to API Testing Questions' begins with a greeting to QA engineers and aspiring professionals in the field. The focus is on addressing the numerous inquiries received over the past three months concerning API testing interview questions. The chapter highlights that the content is gathered from students who successfully received job offers and have shared their experiences. An entire playlist is mentioned for further exploration, and the chapter sets the stage to present the ten most popular API testing-related questions.
            • 00:30 - 01:00: About the Host In the 'About the Host' chapter, Sergio Kenko introduces himself to the audience. He highlights his experience as a software QA engineer, lead manager, and senior engineering manager at ASAT, with over 10 years in the field. Sergio expresses his goal of helping viewers become QA engineers or enhance their existing skills. He also encourages viewers to like and subscribe to the channel.
            • 01:00 - 02:00: How to Test APIs and Why It's Needed This chapter discusses the process and necessity of API testing. It begins by highlighting the tools needed for API testing, such as Postman or Insomnia. The chapter explains that after sending an API request and receiving a server response, verification is essential. This verification involves checking the status code, response body, and evaluating speed or performance of the API. These steps ensure that APIs function correctly and efficiently, underscoring the importance of thorough testing.
            • 02:00 - 03:00: Difference Between API Testing and UI Testing This chapter explains the key differences between API testing and UI testing. It highlights the importance of testing both positive and negative cases in API testing to verify the server's response, especially in scenarios where users might provide incorrect information. Moreover, it stresses the significance of testing authentication and authorization processes. The necessity of API testing is emphasized as it allows for the verification of business logic and server-side data processing independently from the user interface. API testing is crucial because it offers a more efficient testing process.
            • 03:00 - 04:00: Postman Automation This chapter titled 'Postman Automation' discusses how APIs can facilitate obtaining data faster than traditional user interfaces (UI). It highlights scenarios where companies might not offer a UI, such as services providing weather data through APIs for others to develop their own applications. The chapter further delves into the distinctions between API testing and UI testing, emphasizing that while they are interrelated, they have different focuses. API testing is more concerned with reliability, contrasting with the broader scope of UI testing.
            • 04:00 - 06:00: Environmental Variables and Tokens in API Testing This chapter discusses the importance of testing APIs independently, focusing on performance, functionality, and security. It emphasizes the use of tools like K6 and JMeter for load, performance, and stress testing on the server side. Additionally, it differentiates this from UI testing, which is concerned with the graphical user interface of websites and mobile apps.
            • 06:00 - 09:00: Familiarity with HTTP Response Status Codes Chapter 1: Familiarity with HTTP Response Status Codes The chapter explains how user interface (UI) testing is performed from the user's perspective. It discusses various interactions such as clicking buttons, typing information, logging in and out, and emphasizes verifying the application's intuitiveness and compliance with requirements through graphical interface testing. It conveys understanding of how the application should work as expected.
            • 09:00 - 11:00: Automating API Calls The chapter titled 'Automating API Calls' focuses on automating API processes using Postman. It begins with an introduction to automation capabilities in Postman, assuring that one can learn how to automate even without prior knowledge. There is a mention of a video tutorial available for those unfamiliar with Postman. The tutorial explains what Postman is and how to perform basic automation tasks using the tool. Postman is presented as user-friendly, especially due to its snippets feature that allows users to auto-generate code, such as verifying status codes, making automation tasks easier.
            • 11:00 - 13:00: Testing a POST Request The chapter titled 'Testing a POST Request' discusses how to update the expected status code when testing with Postman. It suggests that the reader watch a 20-minute video to gain a basic understanding of Postman if they haven't used it before. The chapter encourages engaging with the content by liking the video and subscribing to both the channel and community platforms like Instagram and Telegram, with links provided below the video.
            • 13:00 - 15:00: Examples of Recent API Testing The chapter titled 'Examples of Recent API Testing' involves a discussion surrounding environmental variables and tokens in API testing. The speaker highlights the complexity of this topic, acknowledging it as a tricky question often posed to individuals interested in transitioning from manual to automated testing. It also mentions the prerequisite of a strong foundation in manual testing before advancing to test automation, as per the speaker's institution's requirements.
            • 15:00 - 17:00: Test Metrics in API Testing The chapter titled 'Test Metrics in API Testing' discusses the importance of understanding environmental variables within API testing. It emphasizes that many individuals transitioning from other boot camps or manual testing backgrounds often lack this knowledge. The chapter explains that environmental variables are used to store and manage values, which is crucial for effective API testing. This reflects a common knowledge gap among those new to automated testing.
            • 17:00 - 18:30: API Performance Testing Experience The chapter discusses the importance of API keys and tokens in software environments. It highlights the flexibility these tools provide, allowing for easy switching between different environments such as development, QA, production, or staging, without altering the URL in every instance. The chapter uses a simple analogy to explain tokens, comparing them to an ID or password, and uses Instagram as an example to illustrate how tokens function as a form of identification in the software realm.
            • 18:30 - 19:30: Conclusion and Feedback Request The chapter discusses the login process for online platforms, specifically focusing on Instagram. It explains the steps involved in logging in, which include entering a username and password. Once these credentials are provided, a post request is sent to the server to verify them against the registered details. If the credentials match, the server issues a temporary identification document, such as a token, to validate the user's session.

            API testing interview questions and answers for QA Engineers Transcription

            • 00:00 - 00:30 good afternoon QA engineers and those who are planning to become one soon within the last 3 months you guys have been sending a lot of messages and living a comments on YouTube regarding the API testing interview questions so what I did I've gathered all of the interview questions that we had within the last 3 months from all of our students who've got a job offers like this guy that girl or all of these people and actually you can see an entire playlist right below this video regardless now I'm going to give you 10 most popular API testing related
            • 00:30 - 01:00 questions that they have been receiving during interview for the last 3 months but before we proceed I want to remind you guys who am I and why should you be watching this video my name is Sergio kenko I'm a software QA engineer lead manager and a senior engineering manager of ASAT I've been in the world of QA for about 10 years but today I'm helping people like you to become a QA engineer or to improve your existing skills and now you got to hit that big fat thumb up button below subscribe to our Channel and let let's
            • 01:00 - 01:30 proceed how do you test API and why is API testing needed first of all in order to send API you're going to have to use some sort of an API client such as Postman insomnia or any other client based on your preferences but regardless you send an API request you get the response from the server and you need to verify it how do you verify it well based on response you will verify the status code body speed or performance
            • 01:30 - 02:00 and also you will need to test different cases such as positive cases and negative cases in order to verify how will the server act if user send some information that it's not supposed to and also don't forget about authentication and authorization because those will also have to get tested why is API testing needed well because we need to verify the business logic data processing on a server side separately from the user interface it is important to test API because we can test it much
            • 02:00 - 02:30 faster than even the UI has been created or in some cases there will be no user interface there can be companies that only work with the data just like weather.com you can pay the money and get the and through the API you can get the data so you could build your own weather website what is the difference between API testing and UI testing well those are two completely different things which are related somehow but in API testing we focus more on reliability
            • 02:30 - 03:00 performance functionality and security testing of apis themselves separately from the user interface we can also verify server side Adder handling and how well server performs under the load with a tools such as k6 jmeter or any other popular tools for the performance load and stress testing UI testing on the other hand is concerned more about a graphical user interface when we are testing a website or mobile app for
            • 03:00 - 03:30 example you can think of it as the testing from the user's perspective because as the user you will be clicking buttons you will type in information loging in loging out etc etc etc UI testing on the other side is more about testing graphical user interface pretty much what we can see when we open up a website or a mobile app pretty much we verify it from the user perspective that the application is intuitive it works as expected the way it's written in a requirement
            • 03:30 - 04:00 do you know how to automate API using Postman the answer is absolutely yes even if you guys do not know how to use automation or how to use Postman you can see the video right here or right below this video where I've explained what Postman is how to use it and how to write some basic automation Tas with the postman it's super easy especially with the postman Snippets because Postman does give you ability to Simply click on verify status code and it will autofill the code for you you will simply need to
            • 04:00 - 04:30 update the expected status code to the one that you actually want to get so if you never had experience with a postman simply watch that video for 20 minutes and you will have Basics and you'll be able to say that yes I've used it in the past or I did research it and it's super easy and intuitive but anyway I think you forgot to hit this big fat thumb up button below and to subscribe to your channel and also you forgot to subscribe to our Instagram and our telegram communities links to which I have left right below this video so you guys could
            • 04:30 - 05:00 join them and see many more updates that I can legally share on YouTube question number four and it's actually tricky one what do you know about environmental variables and tokens in API testing this is a tricky question because I actually usually ask it ask people who give me a call and say hey I took a UD course for manual testing or I took other boot camp but I would like to sign up with you for the test automation but in our school we have requirements that you have to know manual test very well before you can
            • 05:00 - 05:30 jump into automation because I don't want you guys to slow down everyone so I usually ask this or similar question and you won't believe but 99% of people who take other boot camps or em me courses or manual testing and try to join us they do not know answer to this question but let me quickly answer it environmental variables in API testing and everywhere else they are used to store and manage values specifically in API testing there would be for the base
            • 05:30 - 06:00 URL for the API keys or for example for the token itself it helps us to switch between different environments without having to completely change the url in every single case such as from da to QA from QA to production or staging for example and a token is pretty much a form of identification imagine that you have an ID or a password right in world of software you have your token and let me explain it to you in a simple example imagine that you go to Instagram .c you
            • 06:00 - 06:30 type in your username and password and you click login so you need to type in your username and password in order for the server or for Instagram to know who you are when you click login it sends the post request to the server server checks if your data if the username and password that you have specified are the same that you have used upon registration and if that's true the server will issue a temporary identification document such as token it's just a string it's just a bunch of num
            • 06:30 - 07:00 and special characters and just Lads and that bunch of characters or an ID is a temporary so while you're logged in until your log out or until your session expires you don't have to type in your username and password to be identified your token is stored in the browser or in your app and whenever you click button to for example create a new post it will use the token that was stored in the browser or app and it will send it with all of the information that you've
            • 07:00 - 07:30 specified in a post to the server and will create a new post so that's what token is and that's how it is used what HTTP response status codes are you familiar with and what do they mean it'll be funny to say but this was one of the questions during the second round of interview in 2015 when I was going for my first more than $100,000 position ever aspect mid-level key automation engineer and I got the job offer and here is how I answer the
            • 07:30 - 08:00 question so I do not remember all the status Cotes that exist and I probably shouldn't but I can tell you those that I have been mostly use or that have been mostly using so far and those are 200 whenever we're sending get request for example and we're getting successful response two one whenever we create user or create any kind of data with the post request then usually you could potentially get 400 b requests whenever you make a typo but generally speaking 400s are user or client issues or one
            • 08:00 - 08:30 whenever you are send a request but you are not authorized you did not include token or the existing token I mean you you made a typo in token 403 which is forbidden whenever you have logged in or you have used the token that exists from the account but you do not have access to the particular resource such as you have logged in as the user but you're trying to navigate to the page or maybe to update another user by utilizing your your token but only admin should be able
            • 08:30 - 09:00 to do that that's why you're getting 403 404 which is one of the most and actually it is the most popular status code or HTTP response status code in the world you guys have seen it a lot I'm pretty sure whenever you navig get you the page that doesn't exist you will see 404 and by the way if you guys want to learn these codes I'm going to leave a link for our Codi blog where I have created a page specifically for people like you who would like to learn the most po popular status code is going to
            • 09:00 - 09:30 be right below this video and 500 that's the server Adder 500 means that server has no idea what to do with the request that you have just sent so pretty much whenever you see 500 you should dig into server logs and take it to developers so they could fix it how would you automate API calls and have you ever done it absolutely every single student of our school who went through the full course is able to create test automation framework from scratch for UI and for API and if you guys have not learned
            • 09:30 - 10:00 that yet but if you would like to learn it I have a playlist of videos where you can learn how to create test automation framework for free completely from scratch and you can find the link right here or right below this video and now here's my answer so if I need to create test automation framework from scratch number one I would gather all of the requirements number two I would pick the right tool that I want to use most likely if it's a purely API testation framework I'll probably use AIS and ojz
            • 10:00 - 10:30 because access is a pure API testing client it's not like play ride that contains a lot of things that we're not going to be using but if the company already has another API client or test automation framework I will make a decision based on that and after I choose my client I can proceed with a setting up test automation framework from scratch and by the way guys if you're going to be watching this playlist that I was talking about you can literally go from the junior QA engineer all the way
            • 10:30 - 11:00 up to Sy key automation engineer because I have shared three videos and every single one of you even if you are a c LEL you'll be able to dig something out of it how do you test a post request well first of all we're Q Engineers regardless of what we have been asked to test we have to ask for requirements so the followup question do you have any requirements they will give you an example say yeah sure let's imagine this is create user API that we are creating now and I would say okay sure not a problem at all so first of all after I together all requirements and we have
            • 11:00 - 11:30 the environment set up for testing I will take the Pulse request I will include the expected body that or payload that we should be sending I'll include all of the headers and I will send the API request let's say through the postman and with the postman by the way if you guys are interested in learning Postman you can follow this video right here to see 20 minutes worth of video how to set it up and use it so I would send a AP request through the postman and then I would get a response I would take a look number one what is the status code number two what is the
            • 11:30 - 12:00 body and number three how long did it take for that API to come back definitely we're going to have multiple cases such as positive and a negative we would send different types of data this different length of data to do boundary testing we would check the ER handling we would send the data that is not expected to be sent we could also verify the authorization and authentication of this particular API but most importantly if this is registering user or create new user we should get two wanted
            • 12:00 - 12:30 response as it should have probably been specified in requirements and after we get the response we need to verify that we can log in with that particular user if login API is already being developed can you give me a few examples of API testing that you were doing lately or few particular apis generally speaking every single one of you guys should have experience and should know what apis you have been testing if you do not I could
            • 12:30 - 13:00 probably help you out feel free to schedule a call with me by following the link right below this video it will say candly then response or answer couple apis that I was testing just for example imagine this you've been working or I've been working for the real estate selling website such as zillow.com and I've been testing crud which is create read update and delete or post get put and delete API requests for the listing section such as create list l in update listing
            • 13:00 - 13:30 get listing by ID and remove listing so how do you test those well you should actually test them one by one in this sequence first you create brand new listing you verify all the data that was supposed to come back came back number two you get the listing by ID because in a respon of create listing you should have received an ID after you send API you can verify that that data or that listing was created and you can actually get it now number three you need to update that listing by utilizing listing ID number four you need to delete or
            • 13:30 - 14:00 remove that listing and number five you going to have to can you guys actually pause the video right here and guess what would be the fifth test right here please pause it give it a sec leave a comment and then come back and continue here's the answer you need to send the get request one more time to verify that the listing was removed and you should get 404 status code that we were just talking about what kind of test metrics do you use in your company related to AI test well generally speaking we could
            • 14:00 - 14:30 use three most important test metrics first one is the response time how long does it take server to get us response back to the client that send an API request second one error rate or what's the percentage of apis that are actually erroring out and you can find that out by using any kind of monitoring tools and you can usually ask your devops what monitoring tools are they using for the apis and a third one test coverage which is the most important one for the QA
            • 14:30 - 15:00 Engineers so we could know and Report uh to our lead or manager how many apis have been covered with the test Automation and the last one but actually very important one have you ever done API performance testing the very truth is there are a lot of people on the market who took boot camps and who have impostor syndrome which means that you're afraid to be to be caught that you don't know something that you should have know but the thing is no one knows
            • 15:00 - 15:30 everything myself I have been working as the Q engineer lead manager and seni engineer manager of SD for the 10 years in world of QA and Tech and I have never professionally done performance testing of API and that's completely fine you should not know everything it is impossible to know so here's what I would say if I would get this question if I've been asked have you ever done API performance testing I would say I've been playing with the k6 and the J meter
            • 15:30 - 16:00 performance load and stress testing tools but I have never used it in actual working environment I only use it for fun to find out how it actually works so if you guys would like me to utilize it for your company it would take me probably a couple of days to refresh my mind and start using it for you so by being honest you guys have eliminated the ability for the company to cut you on something that you never did but you s that you did so which means you can
            • 16:00 - 16:30 live free and happy life of fears because you have told them the truth and there is nothing more to lie about well now you guys tell me were those interview question useful for you and if they were let me know what else you would like me to record so you guys could get more useful information from me in the future and if you did not enjoy it I want you guys to also leave a comment below and tell me how much I actually suck thank you watching for this video and I'll see you next time B