45 Commonly asked API Interview Questions and Answers for Freshers

Here are some of the most commonly asked questions and sample answers that you may be asked regarding API when facing an interview for a software engineering position.

Image Source: freeCodeCamp

Questions Based on APIs

01. What is an API?

An API (Application Programming Interface) is a software intermediary that enables two applications to communicate with each other. It comprises a number of subroutine definitions, logs, and tools for creating application software.

Some API examples, here are the well-known ones: Google Maps API, Amazon Advertising API, Twitter API, YouTube API, etc.

02. What is the difference between API and Web services?

• All Web services are APIs but not all APIs are Web services.
• Web services might not contain all the specifications and cannot perform all the tasks that APIs would perform.
• A Web service uses only three styles of use: SOAP, REST, and XML-RPC for communication whereas APIs have multiple methods of communication.
• A Web service always needs a network to operate while APIs don’t need a network for operation.

Questions Based on Creating an API

03. What are some styles for creating a Web API? / Explain the architectural style for creating web API?

The architectural style for creating web API are:

• HTTP for client-server communication
• XML/JSON as a formatting language
• Simple URI as the address for the services
• Stateless communication

04. Who can use a Web API?

Web API can be consumed by any clients which support HTTP verbs such as GET, PUT, DELETE, POST. Since Web API services do not require configuration, they can be easily used by any client. In fact, even portable devices such as mobile devices can easily use Web API, which is undoubtedly the biggest advantage of this technology.

Questions Based on REST

05. What is REST?

REST stands for Representational State Transfer. REST is an architectural style for web development. REST architecture lays out guidelines for the transfer of resource representations between clients and servers on the web.

06. What is REST API?

A REST API or RESTful API is a web API that conforms to the REST architecture style.

REST, or Representational State Transfer, is a set of functions that help developers perform requests and receive responses. REST is an architectural style for developing web services which exploit the ubiquity of HTTP protocol and uses HTTP method to define actions. Interaction is performed through HTTP Protocol. REST is stateless, so the server has no status or session data. With an effectively-applied REST API, you can restart the server in between two calls. Web services typically use the POST method to perform operations. REST, however, uses GET to access resources.

07. Explain what is REST and RESTFUL?

REST represents REpresentational State Transfer; it is a relatively new aspect of writing web API.

RESTFUL is referred for web services written by applying REST architectural concept are called RESTful services, it focuses on system resources and how state of resource should be transported over HTTP protocol to different clients written in different language. In RESTFUL web service HTTP methods like GET, POST, PUT and DELETE can be used to perform CRUD operations.

08. What are some key characteristics of REST?

Some key characteristics of REST include:

• REST is stateless, therefore the SERVER has no state (or session data)
• With a well-applied REST API, the server could be restarted between two calls as every data is passed to the server
• Web service mostly uses POST method to make operations, whereas REST uses GET to access resources

09. Describe the 5 constraints of the REST architectural style and their benefits.

A truly RESTful API must conform to the five REST architectural constraints:

Uniform interface:

• Interface between client and server that allows for standardized client-server communication in a single language
• Necessary for the decoupling of client and server

Client-server:

• Client-server model, for separation of concerns between client and server
• Permits client and server to operate and evolve independently
• Supports portability and scalability

Stateless:

• Refers to the stateless communication protocol, wherein the server stores no information about session states
• Improves performance by reducing server load

Cacheable:

• Servers mark their responses as cacheable or non-cacheable
• Clients and intermediaries are able to cache server responses
• Reduces client-server interaction, supports scalability and performance

Layered system:

• Layers between client and server can consist of intermediaries such as proxy servers or load balancers
• Layers have separate responsibilities but are able to interact with each other
• Supports system scalability and security

10. What is the concept of statelessness in REST?

Statelessness means that the client and server don’t store information about each other’s state. The REST architecture is called stateless as it does not store any state related to the client session on the server. Essentially session states are entirely kept on the client side. This is effectively called Statelessness.

It ensures that the server cannot take undue advantage of any stored data. However, since no data is stored, each request from the client to the server must contain all the necessary information about the request. It treats each client request as a new request.

Since the server stores no information, as a consequence, the client request contains all information required for the server to process the request and the client application is responsible for storing session state

11. What are the advantages and disadvantages of Statelessness in REST APIs?

Advantages of statelessness:

• Statelessness allows scaling of the APIs to millions of concurrent users as it does not have any session-related dependencies and can be deployed on any server
• The server knows “where” each client is in the application as all the necessary information is sent with each request
• Statelessness makes REST APIs simpler as it removes all complexity involving server-side synchronization

Disadvantages of Statelessness:

• A lot of additional information must be sent along with each request for the client
• This repeated data transfer may decrease network performance
• Being stateless also reduces the server-side control over the application’s behavior

12. What are the HTTP methods supported by REST?

HTTP methods supported by REST are:

• GET : It requests a resource at the request URL. It should not contain a request body as it will be discarded. Maybe it can be cached locally or on the server.
• POST : It submits information to the service for processing; it should typically return the modified or new resource
• PUT : At the request URL it updates the resource
• DELETE : At the request URL it removes the resource
• OPTIONS : It indicates which techniques are supported
• HEAD : About the request URL it returns meta information

13. Mention what are resources in a REST architecture?

Resources are identified by logical URLs; it is the key element of a RESTful design. Unlike, SOAP web services in REST, you view the product data as a resource and this resource should contain all the required information.

14. What are the advantages and disadvantages of a REST API?

Advantages of a REST API:

• Designed for high performance, portability, reliability, and scalability
• Client-server separation allows each to individually operate and scale
• Easy to test and adapt to various environments
• Easy to learn as it uses HTTP protocol
• Supports various data transfer technologies including JSON, XML, YAML, images, and more
• Uses less bandwidth than other methods, such as Simple Object Access Protocol (SOAP) technology

Disadvantages of a REST API:

• Doesn’t enforce security practices
• HTTP method limits you to synchronous requests
• Due to statelessness, you might be unable to maintain state (e.g. in sessions)

15. What is the difference between AJAX and REST?

• In Ajax, the requests are sent to the server by using XMLHttpRequest objects. The response is used by the JavaScript code to dynamically alter the current page. REST has a URL structure and a request/response pattern that revolve around the use of resources.
• Ajax is a set of technology; it is a technique of dynamically updating parts of UI without having to reload the page. REST is a type of software architecture and a method for users to request data or information from servers.
• Ajax eliminates the interaction between the customer and server asynchronously. REST requires the interaction between the customer and server.

16. Explain the HTTP request methods supported by REST, and when they are used.

REST APIs are based on HTTP requests or verbs, which each perform a different task. REST supports the following HTTP requests:

• GET method: Request data from server
• POST method: Submit data to create new resource on server-defined URL
• PUT method: Submit data to create new resource at client-defined URL
• DELETE method: Remove resource from server
• OPTIONS method: Return request methods supported by a service
• HEAD method: Return meta information such as response headers
• PATCH method: Modify part of the resource on the server

17. What is CRUD?

CRUD is an acronym for the four basic operations used in relational database management systems (RDBMS).

Each operation in CRUD relates to an HTTP method that REST supports.

• Create: POST
• Read: GET
• Update: PUT
• Delete: DELETE

18. Can GET request to be used instead of PUT to create a resource?

The PUT or POST method should be used to create a resource. GET is only used to request data from a specified resource.

19. What is the difference between PUT and POST operations?

PUT and POST operations are quite similar, except for the terms of the result generated by them.

• PUT is idempotent (i.e. multiple requests will yield the same result) therefore, invoking it any number of times will not have an impact on resources. POST is not idempotent, therefore if you invoke POST multiple times it keeps creating more resources.

[Understanding idempotency: An example of an idempotent operation would be the operation of multiplying a number by one. No matter how many times you multiply five by one, you’ll get the same result.]

• PUT responses aren’t cacheable whereas POST responses can be cacheable, provided proper cache-control header.
• Updates or replaces target resource with request’s payload in PUT operations while Request’s payload is processed by the webserver based on target resource in POST operations.

20. Describe PUT and POST operations by using a example scenario

Scenario: Let’s say we are designing a network application. Let’s list down a few URIs and their purpose to get to know when to use POST and when to use PUT operations.

• GET /device-management/devices: Get all devices
• POST /device-management/devices : Create a new device
• GET /device-management/devices/{id} : Get the device information identified by “id”
• PUT /device-management/devices/{id} : Update the device information identified by “id”
• DELETE /device-management/devices/{id} : Delete device by “id”

21. Mention which markup language can be used in restful web api?

JSON and XML are the two markup languages that can be used in restful web API.

22. What is a RESTFul Web Services?

Mostly, there are two kinds of Web Services that should be remembered in your next API testing interview:

1. SOAP (Simple Object Access Protocol) — an XML-based method to expose web services.
2. Web services developed in the REST style are referred to as RESTful web services. These web services use HTTP methods to implement the concept of REST architecture. A RESTful web service usually defines a URI, Uniform Resource Identifier a service, provides resource representation like JSON and a set of HTTP methods.

23. What is a “Resource” in REST?

REST architecture treats any content as a resource, which can be either text files, HTML pages, images, videos or dynamic business information.

REST Server gives access to resources and modifies them, where each resource is identified by URIs/ global IDs.

24. Which protocol is used by RESTful Web services?

RESTful web services use the HTTP protocol as a medium of communication between the client and the server.

25. What is messaging in RESTful Web services?

RESTful web services use the HTTP protocol as a communication tool between the client and the server. The technique that when the client sends a message in the form of an HTTP Request, the server sends back the HTTP reply is called Messaging. These messages comprise message data and metadata, that is, information on the message itself.

26. What is SOAP?

SOAP, also known as Simple Object Access Protocol, is an XML-based messaging protocol. It aids in the exchanging of information between computers. You utilize SOAP API to make, find, delete or update records. In instances where there are more than 20 different calls, SOAP API can be utilized to do searches and manage passwords by adapting the protocol to whatever language supports web services.

27. What are SOAP Web services?

This is one of the fundamental Web services testing questions that you must know the answer. The SOAP (Simple Object Access Protocol) is defined as an XML-based protocol. It is known for designing and developing web services as well as enabling communication between applications developed on different platforms using various programming languages over the Internet. It is both platform and language independent.

28. How does SOAP work?

SOAP is used to provide a user interface that can be accessed by the client object, and the request that it sends goes to the server, which can be accessed using the server object. The user interface creates some files or methods consisting of server object and the name of the interface to the server object. It also contains other information such as the name of the interface and methods. It uses HTTP to send the XML to the server using the POST method, which analyzes the method and sends the result to the client. The server creates more XML consisting of responses to the request of user interface using HTTP. The client can use any approach to send the XML, like the SMTP server or POP3 protocol to pass the messages or reply to queries.

29. When to use SOAP API?

Use the SOAP API to create, retrieve, update or delete records, like accounts, leads, and user-defined objects. With more than 20 different calls, you can also use the SOAP API to manage passwords, perform searches, etc. by using the SOAP API in any language that supports web services.

30. What is the difference between SOAP and REST?

• SOAP is a protocol through which two computer communicates by sharing XML document. Rest is a service architecture and design for network-based software architectures.
• In SOAP, the data format is limited to XML | REST supports various data formats including plain text, HTML, XML, JSON, and YAML.
• SOAP-based reads cannot be cached. REST reads can be cached.
• SOAP is like a custom desktop application, closely connected to the server. A REST client is more like a browser; it knows how to standardize methods and an application has to fit inside it.
• SOAP is slower than REST. REST is faster than SOAP.
• SOAP runs on HTTP but envelopes the message. REST uses the HTTP headers to hold meta information.
• SOAP is heavyweight and requires more bandwidth. REST is lightweight and requires less bandwidth.

31. SOAP or Rest APIs, which method to use?

SOAP is the heavyweight choice for Web service access. It provides the following advantages when compared to REST:

• SOAP is not very easy to implement and requires more bandwidth and resources.
• SOAP message request is processed slower as compared to REST and it does not use a web caching mechanism.
• WS-Security: While SOAP supports SSL (just like REST) it also supports WS-Security which adds some enterprise security features.
• WS-AtomicTransaction: Need ACID Transactions over a service, you’re going to need SOAP.
• WS-ReliableMessaging: If your application needs Asynchronous processing and a guaranteed level of reliability and security. Rest doesn’t have a standard messaging system and expects clients to deal with communication failures by retrying.
• If the security is a major concern and the resources are not limited then we should use SOAP web services. Like if we are creating a web service for payment gateways, financial and telecommunication related work, then we should go with SOAP as here high security is needed.

REST is easier to use for the most part and is more flexible. It has the following advantages when compared to SOAP:

• Since REST uses standard HTTP, it is much simpler.
• REST is easier to implement, requires less bandwidth and resources.
• REST permits many different data formats whereas SOAP only permits XML.
• REST allows better support for browser clients due to its support for JSON.
• REST has better performance and scalability. REST reads can be cached, SOAP based reads cannot be cached.
• If security is not a major concern and we have limited resources. Or we want to create an API that will be easily used by other developers publicly then we should go with REST.
• If we need Stateless CRUD operations then go with REST.
• REST is commonly used in social media, web chat, mobile services and Public APIs like Google Maps.
• RESTful service returns various MediaTypes for the same resource, depending on the request header parameter “Accept” as application/xml or application/json for POST and /user/1234.json or GET /user/1234.xml for GET.
• REST services are meant to be called by the client-side application and not the end user directly.
• ST in REST comes from State Transfer. You transfer the state around instead of having the server store it, this makes REST services scalable.

32. What factors help inform your decision on which style of Web services — SOAP or REST — to use?

REST is usually preferred because of its simplicity, performance, scalability and support across many data formats. However, SOAP is a viable choice when service requires an advanced level of security and reliability.

33. What are the core components of an HTTP request?

An HTTP request contains five key elements:

1. An action showing HTTP methods like GET, PUT, POST, DELETE.
2. Uniform Resource Identifier (URI), which is the identifier for the resource on the server.
3. HTTP Version, which indicates HTTP version, for example-HTTP v1.1.
4. Request Header, which carries metadata (as key-value pairs) for the HTTP Request message. Metadata could be a client (or browser) type, format supported by the client, format of a message body format, cache settings, and so on.
5. Request Body, which indicates the message content or resource representation.

34. What are the most commonly used HTTP methods supported by REST?

• GET is only used to request data from a specified resource. Get requests can be cached and bookmarked. It remains in the browser history and haS length restrictions. GET requests should never be used when dealing with sensitive data.
• POST is used to send data to a server to create/update a resource. POST requests are never cached and bookmarked and do not remain in the browser history.
• PUT replaces all current representations of the target resource with the request payload.
• DELETE removes the specified resource.
• OPTIONS is used to describe the communication options for the target resource.
• HEAD asks for a response identical to that of a GET request, but without the response body.

35. Explain HTTP response status codes.

HTTP response codes indicate the result of client requests. Common HTTP status codes include:

• 200: Successful request
• 201: Entity or entities created from successful request
• 400: Bad request. Invalid client request.
• 401: Unauthorized. User isn’t authorized to access a resource and may be unauthenticated
• 403: Forbidden. User isn’t authorized to access a resource, user is authenticated
• 404: Not found. Resource not found
• 500: Internal server error. Generic server error
• 502: Bad gateway. Response from upstream server is not valid
• 503: Service unavailable. Result of server-side issue, including overload or system failure

36. What are the Limits of API Usage?

Many APIs have a certain limit set up by the provider. Thus, try to estimate your usage and understand how that will impact the overall cost of the offering. Whether this will be a problem depends in large part on how data is leveraged. Getting caught by a quota and effectively cut-off because of budget limitations will render the service (and any system or process depending on it) virtually useless.

Questions Based on API Testing

37. What is API testing?

API testing is a type of software testing that determines if the developed APIs are functional, reliable and secure. Some of the common API testing types are validation, security, UI, functional, load, penetration, runtime/error detection, fuzz and interoperability and WS Compliance.

38. What are the advantages of API Testing?

• Test for Core Functionality: API testing gives access to the application without needing a user interface. This allows you to detect the minor issues before they become big problems during GUI testing.
• Time Effective: API testing is typically less time-consuming than GUI testing because it uses less code. As a result, it offers a more effective and efficient test coverage.
• Language-Independent: Another benefit is that the data is transferred using XML or JSON. These modes of exchange are language-independent, allowing users to select any coding language when choosing automation testing services.
• Easy Integration with GUI: API testing is easily integrated with GUI testing.

39. What is the procedure for performing API testing?

When performing API testing, you’ll first choose the suite where you’d like to add the API case that you wish to test, then you choose the test development mode. After that, you create test cases for the desired API methods, configure the control parameters and test conditions of the application as well as the method of validation. Then you can perform the API test. Once the test is complete, you check the test reports, filter and sequence all of the API test cases.

40. What are the major/ common challenges faced in API testing?

• Parameter Selection
• Parameter Combination
• Call sequencing
• Output verification and validation
• Another important challenge is providing input values, which is very difficult as GUI is not available in this case.

41. What are some tools used for API testing?

A few popular tools are Katalon Studio, Postman, SoapUi Pro, Tricentis Tosca and Apigee.

42. What must be checked when performing API testing?

During the API testing process, a request is raised to the API with the known data. This way you can analyze the validation response. While testing an API, you should consider:

• Accuracy of data
• Schema validation
• HTTP status codes
• Data type, validations, order and completeness
• Authorization checks
• Implementation of response timeout
• Error codes in case API returns, and
• Non-functional testing like performance and security testing

43. What is the best approach method to perform API testing?

The following factors should be considered when performing API testing:

• Defining the correct input parameters
• Verifying the calls of the mixture of two or more added value parameters
• Defining the basic functionality and scope of the API program
• Writing appropriate API test cases and making use of testing techniques such as equivalence class, boundary value, etc. to check the operability
• Testing case execution
• Comparing the test result with the expected result
• Verifying the API behavior under conditions such as connection to files and so on.

44. What kinds of bugs does API testing find most commonly?

Missing or duplicate functionality, failure to handle errors effectively and seamlessly as well as any performance, stress, multi-threading, reliability or security issues, unimplemented and improper errors, unused flags, and inconsistent error handling are some of the errors that can be found through API testing.

45. What are the differences between API Testing and Unit Testing?

• API testing is carried out by the QA team, while Unit Testing is carried out by the development team.
• API testing consists of mostly black box testing while unit testing is white box testing.
• API testing aimed to assess the full functionality of the system for it will be employed by the end-user (external developers who will use the API). Unit testing is used to verify whether each unit in isolation performs as expected or not.
• API testing often runs after the build is ready and authors do not have access to the source code. In unit testing, each of the code modules must be ensured to pass the unit test before being built by the developers.

References:

An overview of HTTP - HTTP | MDN

API Architecture — Best Practices for designing REST APIs

Most Common API Interview Questions and Their Answers to Ace the Interview

15 Rest API Interview Question & Answers (2022 Update)

13 REST API interview questions you need to know

Top 50+ Web API Testing Interview Questions (Ultimate list for 2022)