51. Q: How to verify that the API response contains the correct resource based on the specified currency?
A: Check if the currency symbol/code in the response matches the expected currency (e.g., USD, EUR) based on the request or user settings.
52. Q: How to verify that the API handles rate limiting correctly?
A: Send multiple requests in a short time and verify it returns 429 Too Many Requests.
53. Q: How to verify API retry logic?
A: Simulate network failures or return retriable error codes and ensure the client retries with exponential backoff or retry strategy.
54. Q: How to test redirect handling in API?
A: Send a request to an endpoint that performs a redirect and check for 3xx status code and correct Location header.
55. Q: How to test if the API handles cookies correctly?
A: Ensure the server sets cookies using Set-Cookie header and that the client sends them back correctly in subsequent requests.
56. Q: How to test API caching?
A: Verify use of headers like Cache-Control, ETag, and If-None-Match and check for 304 Not Modified on repeated requests.
57. Q: What is CSRF and how to test its token validation in API?
A: CSRF prevents unauthorized commands; test if API validates CSRF tokens in requests where required (usually POST/PUT).
58. Q: How to verify that the API prevents XSS attacks?
A: Send input with <script> tags and ensure the API sanitizes or encodes it without executing JavaScript.
59. Q: How to verify that the API handles SQL Injection?
A: Send malicious input like ‘ OR 1=1– and ensure the API doesn’t return sensitive data or modify the DB.
60. Q: How to verify that the API prevents CSRF attacks?
A: Ensure that protected endpoints require and validate CSRF tokens and reject unauthorized requests.
61. Q: How to test input validation in APIs?
A: Pass invalid input formats or missing fields and verify the API returns appropriate errors (e.g., 400 Bad Request).
62. Q: How to test output encoding in APIs?
A: Ensure that special characters in output (e.g., <, >, &) are properly escaped or encoded in the response.
63. Q: How to test SSL/TLS handling in APIs?
A: Use HTTPS URLs and check certificate validity and secure handshake without warnings.
64. Q: What is content negotiation and how is it tested?
A: Send different Accept headers like application/json, application/xml and ensure the API responds in the correct format.
65. Q: How to test API authentication and authorization?
A: Use valid and invalid tokens/credentials and verify correct responses for access and permission errors.
66. Q: How to test rate limiting based on request frequency?
A: Send bursts of requests and confirm 429 Too Many Requests after a threshold is crossed.
67. Q: How to test retry attempts handling?
A: Simulate a failure (like 503 Service Unavailable) and verify that the client retries based on the retry policy.
68. Q: How to test timeout handling?
A: Delay server response intentionally and ensure the client throws a timeout error as per its timeout setting.
69. Q: How to test network failure handling?
A: Simulate network drop or DNS failure and verify that the API client handles it gracefully with an appropriate message.
70. Q: How to test race condition handling?
A: Send concurrent updates to the same resource and verify that the API handles it without inconsistent state or data loss.
👉The Next 20 Questions-III: API TESTING
👉The Next 20 Questions-IV: API TESTING
