Sample Test Cases
- Validate nested object/array data representation.
- Test handling of concurrent requests.
- Verify custom headers and response on specific request headers.
- Validate API behavior with rate limiting, throttling, and retries.
- Ensure API handles redirects, cookies, and caching correctly.
- Validate API response under SSL/TLS encryption.
- Test resistance to SQL Injection, XSS, and CSRF attacks.
- Verify correct versioning behavior (v1, v2, etc.).
- Validate behavior on network failures, timeouts, and race conditions.
- Test for correct handling of batch requests and webhooks.
Interview Questions & Answers
Q1. How do you test the scalability of an API?
A: By load testing using tools like JMeter or Locust under varying user loads.
Q2. What is OAuth and how is it tested in APIs?
A: OAuth is an open standard for access delegation. Test using valid and expired tokens.
Q3. What are common API vulnerabilities?
A: SQL Injection, XSS, CSRF, broken authentication, insecure data storage.
Q4. How do you test API rate limits?
A: By sending requests rapidly and ensuring the server enforces rate limits with status code 429.
Q5. How do you handle API versioning?
A: By using URI versioning (/v1/), header versioning, or query parameters.
