Sample Test Cases
- Validate correct data in each field.
- Check API responses with missing payloads.
- Verify authentication failure returns 401 Unauthorized.
- Ensure 403 Forbidden is returned for unauthorized access.
- Validate API handles invalid characters and special symbols.
- Check pagination, filtering, and sorting in responses.
- Verify search functionality with partial/multiple word strings.
- Ensure correct language and locale-based representations.
- Test file upload/download API functionality.
- Validate compression using the Accept-Encoding: gzip header.
Interview Questions & Answers
Q1. What is the purpose of response headers in API testing?
A: They provide metadata (like content type, caching policies) about the response.
Q2. How do you test API security?
A: By testing authentication, authorization, input validation, and rate limiting.
Q3. What is content negotiation in REST APIs?
A: The process where the client specifies media type preferences via headers.
Q4. What is the difference between 401 and 403 status codes?
A: 401 is Unauthorized (no or invalid credentials), 403 is Forbidden (access denied).
Q5. How do you validate sorting and filtering in APIs?
A: By sending appropriate parameters and verifying the response data order.
👉The Next Questions-3: API TEST CASES
