91. Q: How to verify server-side validation in APIs?
A: Send invalid data that should be rejected and ensure the server checks and returns detailed errors.
92. Q: How to verify client-side validation in APIs?
A: While mostly UI-based, ensure that validation is also backed by server responses to prevent bypassing.
93. Q: How to test field-level validation?
A: Leave specific required fields blank or send invalid types, and check if individual error messages are returned per field.
94. Q: How to test database transaction integrity?
A: Perform operations involving multiple DB steps and ensure rollback occurs on failure.
95. Q: How to test database backups and restores?
A: Check if the API allows exporting/importing DB snapshots and verify data integrity post-restore.
96. Q: How to test encryption and decryption of data?
A: Verify that sensitive fields (passwords, tokens) are encrypted in transit and at rest using HTTPS and hashing techniques.
97. Q: How to test compression of data?
A: Send Accept-Encoding: gzip in the request and ensure the response is compressed.
98. Q: How to test rate limiting based on user or IP?
A: Simulate multiple requests from the same user or IP and check for 429 errors with retry-after headers.
99. Q: How to test API key-based authentication?
A: Include a valid or invalid API key in headers and validate response behavior based on key status.
100. Q: How to test authorization using user roles?
A: Attempt actions with users having different roles (admin, user) and ensure access is restricted based on permissions.
