‭ PI Testing Series:‬

A
‭End to End API Testing‬

‭ hapter 1‬
C
‭ urated By:‬
C
‭Introduction to APIs and API Testing‬
‭Lamhot Siagian‬
 ‭TABLE OF CONTENTS‬

‭Introduction to APIs and API Testing‬ ‭‬

1
‭Understanding APIs‬ ‭1‬
‭Importance of API Testing‬ ‭3‬
‭Types of APIs‬ ‭5‬
‭Overview of API Testing Techniques‬ ‭7‬
‭Common Interview Questions and Answers Related to Basic APIs‬ ‭9‬

‭2‬
 ‭Introduction to APIs and API Testing, Curated by Lamhot Siagian‬

‭Chapter 1‬

‭Introduction to APIs and API Testing‬

‭Understanding APIs‬

‭ PIs‬ ‭(Application‬ ‭Programming‬ ‭Interfaces)‬ ‭is‬ ‭fundamental‬ ‭for‬ ‭modern‬ ‭software‬ ‭development,‬ ‭as‬ ‭they‬
A
‭enable‬‭different‬‭software‬‭systems‬‭to‬‭communicate‬‭with‬‭each‬‭other.‬‭Here’s‬‭a‬‭detailed‬‭overview‬‭to‬‭help‬‭you‬
‭understand what APIs are, how they work, and why they are important.‬

‭What is an API?‬

‭An‬ ‭API,‬ ‭or‬ ‭application‬ ‭programming‬ ‭interface,‬ ‭is‬ ‭a‬ ‭set‬ ‭of‬ ‭rules‬ ‭or‬ ‭protocols‬ ‭that‬ ‭enables‬ ‭software‬
‭ pplications to communicate with each other to exchange data, features and functionality..‬
a

‭How Do APIs Work?‬

I‭ t’s‬ ‭useful‬ ‭to‬ ‭think‬ ‭about‬ ‭API‬ ‭communication‬ ‭in‬ ‭terms‬ ‭of‬ ‭a‬ ‭request‬ ‭and‬ ‭response‬ ‭between‬ ‭a‬ ‭client‬ ‭and‬
‭server.‬‭The‬‭application‬‭submitting‬‭the‬‭request‬‭is‬‭the‬‭client,‬‭and‬‭the‬‭server‬‭provides‬‭the‬‭response.‬‭The‬‭API‬‭is‬
‭the bridge establishing the connection between them.‬

‭ ‬ ‭simple‬ ‭way‬ ‭to‬ ‭understand‬ ‭how‬ ‭APIs‬ ‭work‬ ‭is‬ ‭to‬ ‭look‬ ‭at‬ ‭a‬ ‭common‬ ‭example—third-party‬ ‭payment‬
A
‭processing.‬‭When‬‭a‬‭user‬‭purchases‬‭a‬‭product‬‭on‬‭an‬‭e-commerce‬‭site,‬‭the‬‭site‬‭might‬‭prompt‬‭the‬‭user‬‭to‬‭“Pay‬
‭with PayPal” or another type of third-party system. This function relies on APIs to make the connection.‬

‭-‬ ‭ hen‬ ‭the‬ ‭buyer‬ ‭clicks‬ ‭the‬ ‭payment‬ ‭button,‬ ‭an‬ ‭API‬‭call‬‭is‬‭sent‬‭to‬‭retrieve‬‭information.‬‭This‬‭is‬‭the‬
W
‭request.‬‭This‬‭request‬‭is‬‭processed‬‭from‬‭an‬‭application‬‭to‬‭the‬‭web‬‭server‬‭through‬‭the‬‭API’s‬‭Uniform‬
‭Resource Identifier (URI) and includes a request verb, headers, and sometimes, a request body.‬
‭-‬ ‭After‬‭receiving‬‭a‬‭valid‬‭request‬‭from‬‭the‬‭product‬‭webpage,‬‭the‬‭API‬‭calls‬‭to‬‭the‬‭external‬‭program‬‭or‬
‭web server, in this case, the third-party payment system.‬
-‭ ‬ ‭The server sends a response to the API with the requested information.‬
‭-‬ ‭The API transfers the data to the initial requesting application, in this case, the product website‬‭1‬

‭Components of an API‬

‭ .‬
1 ‭ ndpoints‬‭: URLs that provide access to specific resources‬‭or functionalities.‬
E
‭2.‬ ‭Methods/HTTP Verbs‬‭: Actions that can be performed‬‭(e.g., GET, POST, PUT, DELETE).‬
‭3.‬ ‭Requests‬‭: Data sent by the client to the server.‬
‭4.‬ ‭Responses‬‭: Data sent back by the server to the client.‬

‭1‬
‭https://www.ibm.com/topics/api‬

‭1‬
 ‭Introduction to APIs and API Testing, Curated by Lamhot Siagian‬

‭ .‬ H
5 ‭ eaders‬‭: Metadata about the request or response (e.g., authentication tokens, content type).‬
‭6.‬ ‭Payload/Body‬‭: Data being sent with the request (typically‬‭in JSON or XML format).‬

‭Benefits of Using APIs‬

‭APIs offer significant benefits, including:‬

‭ .‬
1 ‭ utomation‬‭: Streamlines repetitive tasks, boosting‬‭productivity.‬
A
‭2.‬ ‭Innovation‬‭: Enables external teams to innovate by‬‭leveraging existing functionalities.‬
‭3.‬ ‭Security‬‭: Adds a layer of protection by requiring‬‭authentication and authorization.‬
‭4.‬ ‭Cost Efficiency‬‭: Reduces expenses by using third-party tools instead of developing in-house‬
‭systems.‬‭2‬

‭API Use Cases‬

‭1.‬ I‭ ntegration‬‭: Connecting different applications and‬‭services, such as integrating payment gateways‬
‭into e-commerce platforms.‬
‭2.‬ ‭Automation‬‭: Automating repetitive tasks, such as deploying‬‭code, managing resources, or data‬
‭synchronization.‬
‭3.‬ ‭Data Access‬‭: Providing access to data from different‬‭sources, such as retrieving weather data or‬
‭financial information.‬
‭4.‬ ‭Third-Party Services‬‭: Enabling third-party developers‬‭to build applications that interact with your‬
‭services, such as social media apps using Facebook or Twitter APIs.‬
‭5.‬ ‭Microservices Architecture‬‭: Facilitating communication‬‭between microservices in a distributed‬
‭system.‬

‭API Documentation‬

‭ ood‬ ‭API‬ ‭documentation‬ ‭is‬ ‭essential‬ ‭for‬ ‭developers‬ ‭to‬ ‭understand‬ ‭how‬ ‭to‬ ‭use‬ ‭the‬ ‭API‬ ‭effectively.‬ ‭It‬
G
‭typically includes:‬

‭ .‬
1 ‭ ndpoint Descriptions‬‭: Detailed information about‬‭available endpoints and their purposes.‬
E
‭2.‬ ‭HTTP Methods‬‭: The methods supported by each endpoint‬‭(e.g., GET, POST).‬
‭3.‬ ‭Parameters‬‭: Required and optional parameters for each‬‭endpoint.‬
‭4.‬ ‭Request and Response Formats‬‭: Examples of request‬‭payloads and expected responses.‬
‭5.‬ ‭Authentication‬‭: Information about authentication and‬‭authorization mechanisms.‬
‭6.‬ ‭Error Handling‬‭: Common error codes and messages, along with troubleshooting information.‬

‭2‬
‭https://www.postman.com/what-is-an-api/#benefits-of-apis‬

‭2‬
 ‭Introduction to APIs and API Testing, Curated by Lamhot Siagian‬

‭Importance of API Testing‬

‭ PI‬ ‭testing‬ ‭is‬ ‭a‬ ‭crucial‬ ‭aspect‬ ‭of‬ ‭software‬ ‭development,‬ ‭offering‬ ‭numerous‬ ‭benefits‬ ‭and‬ ‭addressing‬ ‭key‬
A
‭challenges‬ ‭that‬ ‭can‬ ‭significantly‬ ‭impact‬ ‭the‬ ‭quality,‬ ‭reliability,‬ ‭and‬‭performance‬‭of‬‭software‬‭applications.‬
‭Here are the primary reasons why API testing is important:‬

‭1. Ensures Functionality‬

‭●‬ V ‭ erification of Requirements‬‭: API testing ensures‬‭that the API functions according to the specified‬
‭requirements. This involves checking that the endpoints are working correctly, the data is being‬
‭processed as expected, and the correct responses are returned.‬
‭●‬ ‭Detection of Errors Early‬‭: By testing APIs early in‬‭the development cycle, errors can be detected‬
‭and fixed before they become more difficult and costly to resolve.‬

‭2. Improves Reliability‬

‭●‬ C ‭ onsistent Performance‬‭: Regular API testing helps‬‭ensure that the API performs consistently‬
‭under various conditions, reducing the likelihood of unexpected failures in production‬
‭environments.‬
‭●‬ ‭Regression Testing‬‭: API tests can be automated and‬‭included in regression testing to ensure that‬
‭new changes do not break existing functionality.‬

‭3. Enhances Security‬

‭●‬ I‭ dentification of Vulnerabilities‬‭: API testing can‬‭reveal security vulnerabilities such as SQL‬
‭injection, cross-site scripting (XSS), and other common exploits.‬
‭●‬ ‭Validation of Authentication and Authorization‬‭: Ensures‬‭that security mechanisms like‬
‭authentication and authorization are working correctly, protecting sensitive data and functionality‬
‭from unauthorized access.‬

‭4. Boosts Performance‬

‭●‬ L ‭ oad and Stress Testing‬‭: API testing includes performance‬‭tests such as load and stress testing,‬
‭which help determine how well the API performs under heavy traffic and identify potential‬
‭bottlenecks.‬
‭●‬ ‭Scalability Assessment‬‭: Helps in assessing whether‬‭the API can scale effectively to handle‬
‭increased load as the user base grows.‬

‭5. Enhances User Experience‬

‭●‬ E ‭ nsures Smooth Integration‬‭: For APIs that are consumed‬‭by external developers or third-party‬
‭applications, thorough testing ensures that these integrations work smoothly, providing a better‬
‭user experience.‬
‭●‬ ‭Reduces Downtime‬‭: By identifying and resolving issues‬‭early, API testing helps reduce the chances‬
‭of downtime, ensuring that end-users experience fewer disruptions.‬

‭3‬
 ‭Introduction to APIs and API Testing, Curated by Lamhot Siagian‬

‭6. Facilitates Continuous Integration/Continuous Deployment (CI/CD)‬

‭●‬ A ‭ utomated Testing‬‭: API tests can be automated and integrated into CI/CD pipelines, providing‬
‭quick feedback to developers and ensuring that changes do not introduce new issues.‬
‭●‬ ‭Continuous Monitoring‬‭: Ongoing API testing helps monitor the API's health and performance‬
‭continuously, allowing for rapid response to issues.‬

‭7. Supports Development and Debugging‬

‭●‬ I‭ mproved Debugging‬‭: API tests provide detailed information‬‭about failures, making it easier for‬
‭developers to debug and resolve issues.‬
‭●‬ ‭Documentation and Clarity‬‭: Writing API tests often‬‭helps clarify the API's functionality and‬
‭expected behavior, which can improve the quality of documentation and assist other developers in‬
‭understanding how to use the API.‬

‭8. Reduces Costs‬

‭●‬ L ‭ ower Maintenance Costs‬‭: Identifying and fixing issues early in the development process reduces‬
‭the costs associated with post-release maintenance and support.‬
‭●‬ ‭Fewer Production Issues‬‭: Well-tested APIs are less‬‭likely to cause issues in production, leading to‬
‭reduced costs related to bug fixes and customer support.‬

‭9. Ensures Compliance and Standardization‬

‭●‬ A ‭ dherence to Standards‬‭: API testing ensures that the‬‭API complies with industry standards and‬
‭protocols, which is particularly important for APIs in regulated industries.‬
‭●‬ ‭Contract Testing‬‭: Validates that the API contracts‬‭(the agreed-upon schema and behavior between‬
‭API consumers and providers) are maintained, ensuring compatibility and reliability.‬

‭4‬
 ‭Introduction to APIs and API Testing, Curated by Lamhot Siagian‬

‭Types of APIs‬

‭ PIs‬‭come‬‭in‬‭various‬‭forms,‬‭each‬‭with‬‭its‬‭own‬‭strengths‬‭and‬‭purposes.‬‭Understanding‬‭these‬‭differences‬‭is‬
A
‭essential‬‭for‬‭picking‬‭the‬‭right‬‭API‬‭for‬‭your‬‭project‬‭and‬‭ensuring‬‭your‬‭application‬‭is‬‭effective,‬‭scalable,‬‭and‬
‭reliable.‬‭Let’s‬‭look‬‭at‬‭the‬‭different‬‭types‬‭of‬‭APIs,‬‭exploring‬‭what‬‭makes‬‭each‬‭unique‬‭and‬‭how‬‭they‬‭fit‬‭into‬
‭modern software development.‬

‭This table provides a high-level overview of various API types, their descriptions, and examples.‬‭3‬

‭API type‬ ‭Description‬ ‭Examples‬

‭ ibrary-based‬
L ‭ art of software libraries,‬
P J‭ ava API for Android app development, .NET‬
‭APIs‬ ‭language-specific, range from basic‬ ‭libraries used in Windows applications‬
‭utilities to complex GUI components‬

‭ perating‬
O ‭ rovide interfaces for OS interaction,‬
P ‭ indows API for Windows OS interaction,‬
W
‭system APIs‬ ‭manage hardware resources and‬ ‭POSIX API for UNIX-like systems‬
‭processes‬

‭Database APIs‬ E
‭ nable interaction with database‬ ‭ QL API for relational databases, Oracle’s‬
S
‭management systems, facilitate data‬ ‭OCI for Oracle databases‬
‭querying and manipulation‬

‭ ardware‬
H ‭ llow communication with hardware‬
A I‭ oT device APIs for smart home systems,‬
‭APIs‬ ‭devices, direct control over hardware‬ ‭Printer APIs for document processing‬
‭functions‬

‭Cloud APIs‬ ‭ rovided by cloud service platforms,‬

P ‭ mazon Web Services (AWS) API, Microsoft‬
A
‭enable interaction with cloud-based‬ ‭Azure API for cloud-based solutions‬
‭resources and services‬

‭ TTP APIs‬
H ‭ acilitate client-server communication‬ W
F ‭ eb services, mobile apps, IoT devices, social‬
‭(web API)‬ ‭over the web, use standard HTTP‬ ‭media platforms, content management‬
‭methods, lightweight and flexible‬ ‭systems‬

‭ EST APIs‬
R ‭ se HTTP requests for data‬
U ‭ eb services accessible via the web, social‬
W
‭(web API)‬ ‭operations, stateless and separate‬ ‭media APIs, cloud services‬
‭client-server concerns‬

‭ OAP APIs‬
S ‭ se service interfaces to expose‬
U ‭ nterprise-level services like banking,‬
E
‭(web API)‬ ‭business logic, high security, suitable‬ ‭healthcare, where security and transactions‬
‭for enterprise-level organizations‬ ‭are critical‬

‭ raphQL‬
G ‭ lients request only needed data,‬
C ‭ omplex data-driven web and mobile‬
C
‭APIs (web‬ ‭reduce data transfer over the network,‬ ‭applications, ad-hoc queries by the client‬
‭API)‬ ‭support multiple responses in one‬
‭request‬

‭3‬
‭https://www.nylas.com/api-guide/types-of-apis/‬

‭5‬
 ‭Introduction to APIs and API Testing, Curated by Lamhot Siagian‬

‭ pen APIs‬
O ‭ ccessible by third-party developers,‬
A ‭ witter API for tweets, Stripe API for‬
T
‭(public APIs)‬ ‭typically for external users, require‬ ‭payments, providing data or services to‬
‭API keys‬ ‭external developers‬

I‭ nternal APIs‬ ‭ esigned for internal use within an‬

D ‭ inking HR systems to internal employee‬
L
‭(private APIs)‬ ‭organization, enhance integration‬ ‭directories, improving internal efficiency and‬
‭between systems‬ ‭data security‬

‭Partner APIs‬ ‭ vailable to strategic business‬

A I‭ ntegration of supply chain systems, service‬
‭partners, require specific entitlements‬ ‭expansion to partners, creating revenue‬
‭channels, controlled data sharing with trusted‬
‭partners‬

‭ omposite‬
C ‭ ombine different data and service‬
C ‭ ggregating various services in a single call‬
A
‭APIs‬ ‭APIs, access multiple endpoints in one‬ ‭for smoother user experience, commonly used‬
‭call‬ ‭in microservices architectures‬

J‭ SON-RPC‬ ‭ ncode data as JSON or XML for‬

E ‭ emote procedure calls with simple‬
R
‭and XML-RPC‬ ‭remote procedure calls, send lists of‬ ‭request/response model, suitable for basic‬
‭APIs‬ ‭commands‬ ‭request/response scenarios‬

‭ ynchronous‬
S ‭ ynchronous: Request-response‬
S ‭ ynchronous: Essential data retrieval, web‬
S
‭and‬ ‭model, Asynchronous: Non-blocking,‬ ‭page loading, Asynchronous: Background‬
‭asynchronous‬ ‭no immediate response required‬ ‭tasks, real-time data streams‬

‭ ibrary-based‬
L ‭ art of software libraries,‬
P J‭ ava API for Android app development, .NET‬
‭APIs‬ ‭language-specific, range from basic‬ ‭libraries used in Windows applications‬
‭utilities to complex GUI components‬

‭6‬
 ‭Introduction to APIs and API Testing, Curated by Lamhot Siagian‬

‭Overview of API Testing Techniques‬

‭1. Unit Testing‬

‭‬ O
● ‭ bjective‬‭: Test individual API components in isolation.‬
‭●‬ ‭Tools‬‭: JUnit (Java), NUnit (C#), pytest (Python).‬
‭●‬ ‭Description‬‭: Unit tests are typically written by developers‬‭to test the functionality of specific‬
‭methods or functions in the API, ensuring that each part works as intended.‬

‭2. Functional Testing‬

‭‬ O
● ‭ bjective‬‭: Verify that the API performs its intended‬‭functions correctly.‬
‭●‬ ‭Tools‬‭: Postman, SoapUI, REST Assured.‬
‭●‬ ‭Description‬‭: Functional tests validate the API against‬‭the functional requirements and‬
‭specifications. This includes testing endpoints, methods (GET, POST, PUT, DELETE), and responses.‬

‭3. Integration Testing‬

‭‬ O
● ‭ bjective‬‭: Ensure that the API interacts correctly with other components and systems.‬
‭●‬ ‭Tools‬‭: Postman, SoapUI, JUnit (with integration test configurations).‬
‭●‬ ‭Description‬‭: Integration tests evaluate the interactions between different parts of the API and other‬
‭services or databases to ensure that integrated parts work together as expected.‬

‭4. Performance Testing‬

‭‬ O
● ‭ bjective‬‭: Assess the API’s performance under various‬‭conditions.‬
‭●‬ ‭Tools‬‭: JMeter, LoadRunner, Gatling.‬
‭●‬ ‭Description‬‭: Performance tests include load testing (to check API behavior under expected load),‬
‭stress testing (to determine the API’s breaking point), and endurance testing (to evaluate‬
‭performance over an extended period).‬

‭5. Security Testing‬

‭‬ O
● ‭ bjective‬‭: Identify vulnerabilities and ensure the API is secure.‬
‭●‬ ‭Tools‬‭: OWASP ZAP, Burp Suite, Postman (with security‬‭extensions).‬
‭●‬ ‭Description‬‭: Security testing involves checking for‬‭common vulnerabilities like SQL injection,‬
‭cross-site scripting (XSS), and ensuring proper authentication and authorization mechanisms are in‬
‭place.‬

‭6. Usability Testing‬

‭‬ O
● ‭ bjective‬‭: Ensure the API is easy to use and well-documented.‬
‭●‬ ‭Tools‬‭: Swagger, Postman.‬
‭●‬ ‭Description‬‭: Usability testing focuses on the API’s user experience, ensuring that the‬
‭documentation is clear, the endpoints are intuitive, and error messages are helpful.‬

‭7‬
 ‭Introduction to APIs and API Testing, Curated by Lamhot Siagian‬

‭7. Validation Testing‬

‭‬ O
● ‭ bjective‬‭: Validate the API’s functionality, performance,‬‭and security comprehensively.‬
‭●‬ ‭Tools‬‭: Postman, SoapUI.‬
‭●‬ ‭Description‬‭: Validation testing ensures that the API meets the business requirements and‬
‭expectations, combining functional, performance, and security testing aspects.‬

‭8. Compliance Testing‬

‭‬ O
● ‭ bjective‬‭: Ensure the API complies with industry standards‬‭and regulations.‬
‭●‬ ‭Tools‬‭: Postman, SoapUI, custom scripts.‬
‭●‬ ‭Description‬‭: Compliance testing checks if the API‬‭adheres to legal and regulatory requirements,‬
‭such as GDPR, HIPAA, and other industry-specific standards.‬

‭9. Mocking and Virtualization‬

‭‬ O
● ‭ bjective‬‭: Test the API in isolated environments by‬‭simulating dependencies.‬
‭●‬ ‭Tools‬‭: WireMock, MockServer, Postman (mock servers).‬
‭●‬ ‭Description‬‭: Mocking and virtualization allow testers to simulate the behavior of the API’s‬
‭dependencies, enabling testing in scenarios where real dependencies are unavailable or difficult to‬
‭configure.‬

‭10. Regression Testing‬

‭‬ O
● ‭ bjective‬‭: Ensure new changes do not negatively affect‬‭existing functionality.‬
‭●‬ ‭Tools‬‭: Postman, SoapUI, automated test scripts.‬
‭●‬ ‭Description‬‭: Regression testing involves re-running previously conducted tests to verify that new‬
‭code changes have not introduced any new bugs or issues.‬

‭Best Practices for API Testing‬

‭‬
● ‭ utomation‬‭: Automate as many tests as possible to ensure efficiency and repeatability.‬
A
‭●‬ ‭Version Control‬‭: Keep track of API versions and ensure‬‭tests are updated accordingly.‬
‭●‬ ‭Environment Management‬‭: Use consistent environments‬‭for testing to avoid discrepancies.‬
‭●‬ ‭Data Management‬‭: Use realistic data for testing to‬‭uncover potential issues.‬
‭●‬ ‭Continuous Integration/Continuous Deployment (CI/CD)‬‭:‬‭Integrate API testing into the CI/CD‬
‭pipeline to catch issues early.‬

‭8‬
 ‭Introduction to APIs and API Testing, Curated by Lamhot Siagian‬

‭Common Interview Questions and Answers Related to Basic APIs‬

‭1. What is an API?‬

‭ nswer:‬ ‭An‬ ‭API‬‭(Application‬‭Programming‬‭Interface)‬‭is‬‭a‬‭set‬‭of‬‭rules‬‭and‬‭protocols‬‭that‬‭allows‬‭different‬

A
‭software‬ ‭applications‬ ‭to‬ ‭communicate‬ ‭with‬ ‭each‬ ‭other.‬ ‭APIs‬ ‭define‬ ‭the‬ ‭methods‬ ‭and‬ ‭data‬ ‭formats‬ ‭that‬
‭applications can use to request and exchange information.‬

‭2. Can you explain the difference between REST and SOAP APIs?‬

‭Answer:‬

‭●‬ ‭REST (Representational State Transfer)‬‭:‬

‭○‬ ‭Uses standard HTTP methods (GET, POST, PUT, DELETE).‬
‭○‬ ‭Stateless, meaning each request from a client to a server must contain all the information‬
‭needed to understand and process the request.‬
‭○‬ ‭Typically uses JSON or XML for data interchange.‬
‭○‬ ‭It is easier to implement and more scalable for web services.‬
‭●‬ ‭SOAP (Simple Object Access Protocol)‬‭:‬
‭○‬ ‭A protocol-based approach that relies on XML for message format.‬
‭○‬ ‭Includes built-in error handling and supports more complex operations.‬
‭○‬ ‭Uses stricter standards and can work over several protocols (HTTP, SMTP, TCP).‬
‭○‬ ‭Generally more secure with built-in security features.‬

‭3. What are the main HTTP methods used in RESTful APIs and what are their purposes?‬

‭Answer:‬

‭‬
● ‭ ET‬‭: Retrieve data from the server.‬
G
‭●‬ ‭POST‬‭: Submit data to the server to create a new resource.‬
‭●‬ ‭PUT‬‭: Update an existing resource on the server.‬
‭●‬ ‭DELETE‬‭: Remove a resource from the server.‬
‭●‬ ‭PATCH‬‭: Apply partial modifications to a resource.‬

‭4. What is an API endpoint?‬

‭ nswer:‬‭An‬‭API‬‭endpoint‬‭is‬‭a‬‭specific‬‭URL‬‭that‬‭provides‬‭access‬‭to‬‭a‬‭particular‬‭resource‬‭or‬‭functionality‬‭of‬
A
‭the‬‭API.‬‭It‬‭represents‬‭one‬‭of‬‭the‬‭discrete‬‭units‬‭of‬‭interaction‬‭in‬‭an‬‭API‬‭and‬‭is‬‭typically‬‭a‬‭combination‬‭of‬‭the‬
‭base URL and a resource path.‬

‭5. Explain the concept of RESTful API statelessness.‬

‭ nswer:‬ ‭Statelessness‬ ‭in‬ ‭RESTful‬ ‭APIs‬‭means‬‭that‬‭each‬‭request‬‭from‬‭a‬‭client‬‭to‬‭a‬‭server‬‭must‬‭contain‬‭all‬

A
‭the‬ ‭information‬ ‭needed‬ ‭to‬ ‭understand‬ ‭and‬ ‭process‬ ‭the‬ ‭request.‬ ‭The‬ ‭server‬ ‭does‬‭not‬‭store‬‭any‬‭context‬‭or‬

‭9‬
 ‭Introduction to APIs and API Testing, Curated by Lamhot Siagian‬

s‭ ession‬ ‭information‬ ‭about‬ ‭the‬ ‭client‬ ‭between‬ ‭requests,‬ ‭making‬ ‭each‬ ‭request‬ ‭independent‬ ‭and‬
‭self-contained.‬

‭6. What is an API key and why is it used?‬

‭ nswer:‬‭An‬‭API‬‭key‬‭is‬‭a‬‭unique‬‭identifier‬‭used‬‭to‬‭authenticate‬‭a‬‭client‬‭accessing‬‭an‬‭API.‬‭It‬‭helps‬‭track‬‭and‬
A
‭control‬ ‭how‬ ‭the‬ ‭API‬ ‭is‬ ‭used,‬ ‭ensuring‬ ‭that‬ ‭only‬ ‭authorized‬ ‭users‬ ‭can‬ ‭make‬ ‭requests.‬ ‭API‬ ‭keys‬ ‭are‬
‭commonly used for security purposes to prevent misuse and limit the number of requests from a client.‬

‭7. What is CORS and why is it important in web APIs?‬

‭ nswer:‬ ‭CORS‬ ‭(Cross-Origin‬ ‭Resource‬ ‭Sharing)‬ ‭is‬ ‭a‬ ‭security‬ ‭feature‬ ‭implemented‬ ‭by‬ ‭web‬ ‭browsers‬ ‭to‬
A
‭prevent‬‭web‬‭pages‬‭from‬‭making‬‭requests‬‭to‬‭a‬‭different‬‭domain‬‭than‬‭the‬‭one‬‭that‬‭served‬‭the‬‭web‬‭page.‬‭It‬‭is‬
‭important‬ ‭in‬ ‭web‬‭APIs‬‭because‬‭it‬‭enables‬‭servers‬‭to‬‭specify‬‭who‬‭can‬‭access‬‭their‬‭resources,‬‭ensuring‬‭that‬
‭only trusted domains can make cross-origin requests.‬

‭8. What are some common status codes returned by APIs, and what do they mean?‬

‭Answer:‬

‭‬
● ‭ 00 OK‬‭: The request was successful.‬
2
‭●‬ ‭201 Created‬‭: A new resource was successfully created.‬
‭●‬ ‭204 No Content‬‭: The request was successful, but there is no content to return.‬
‭●‬ ‭400 Bad Request‬‭: The request was invalid or cannot be processed.‬
‭●‬ ‭401 Unauthorized‬‭: Authentication is required and has‬‭failed or not been provided.‬
‭●‬ ‭403 Forbidden‬‭: The server understands the request but refuses to authorize it.‬
‭●‬ ‭404 Not Found‬‭: The requested resource could not be‬‭found.‬
‭●‬ ‭500 Internal Server Error‬‭: An error occurred on the server side.‬

‭9. What is the purpose of API versioning and how can it be implemented?‬

‭ nswer:‬‭API‬‭versioning‬‭ensures‬‭that‬‭changes‬‭in‬‭the‬‭API‬‭do‬‭not‬‭break‬‭existing‬‭client‬‭applications.‬‭It‬‭allows‬
A
‭developers‬ ‭to‬ ‭introduce‬ ‭new‬ ‭features‬ ‭and‬‭improvements‬‭without‬‭disrupting‬‭the‬‭current‬‭functionality‬‭for‬
‭existing users. Versioning can be implemented in several ways:‬

/v1/users‬
‭●‬ ‭URL Path‬‭: Including the version number in the URL‬‭(e.g.,‬‭ ‭).‬
?version=1‬
‭●‬ ‭Query Parameters‬‭: Adding a version parameter in the‬‭query string (e.g.,‬‭ ‭).‬
Accept:‬
‭●‬ ‭Headers‬‭: Using a custom header to specify the version (e.g.,‬‭
application/vnd.myapi.v1+json‬
‭ ‭).‬

‭10. What are the differences between synchronous and asynchronous API calls?‬

‭Answer:‬

‭●‬ ‭Synchronous API Calls‬‭:‬

‭10‬
 ‭Introduction to APIs and API Testing, Curated by Lamhot Siagian‬

‭‬ T
○ ‭ he client sends a request and waits for the server to respond.‬
‭○‬ ‭The client is blocked until the response is received.‬
‭○‬ ‭Simple and straightforward but can lead to inefficiencies if the server takes a long time to‬
‭respond.‬
‭ ‬ ‭Asynchronous API Calls‬‭:‬
●
‭○‬ ‭The client sends a request and continues processing other tasks.‬
‭○‬ ‭The client is notified (usually via a callback or promise) when the response is ready.‬
‭○‬ ‭More efficient for long-running operations, as it doesn't block the client.‬

‭11. What is rate limiting in APIs and why is it important?‬

‭Answer:‬‭Rate‬‭limiting‬‭is‬‭a‬‭mechanism‬‭to‬‭control‬‭the‬‭number‬‭of‬‭requests‬‭a‬‭client‬‭can‬‭make‬‭to‬‭an‬‭API‬‭within‬
‭ certain time period. It is important for:‬
a

‭●‬ P ‭ reventing Abuse‬‭: Protects the API from being overwhelmed‬‭by too many requests from a single‬
‭client.‬
‭●‬ ‭Ensuring Fair Usage‬‭: Ensures that all clients have fair access to the API.‬
‭●‬ ‭Maintaining Performance‬‭: Helps maintain the API's‬‭performance and availability by avoiding‬
‭excessive load.‬

‭12. Explain the concept of API throttling.‬

‭ nswer:‬ ‭API‬ ‭throttling‬ ‭is‬ ‭a‬ ‭technique‬ ‭used‬ ‭to‬ ‭control‬ ‭the‬ ‭usage‬ ‭of‬ ‭an‬ ‭API‬ ‭by‬ ‭limiting‬ ‭the‬ ‭number‬ ‭of‬
A
‭requests‬ ‭that‬ ‭can‬ ‭be‬ ‭made‬ ‭in‬ ‭a‬‭specific‬‭time‬‭frame.‬‭It‬‭helps‬‭in‬‭managing‬‭the‬‭load‬‭on‬‭the‬‭server,‬‭ensuring‬
‭service‬‭availability,‬‭and‬‭preventing‬‭abuse.‬‭Throttling‬‭can‬‭be‬‭implemented‬‭by‬‭setting‬‭a‬‭limit‬‭on‬‭the‬‭number‬
‭of requests per minute, hour, or day.‬

‭11‬