🔗 API Testing (Postman, REST, GraphQL) Interview Questions and Answers (2025)
Basic Level Questions
❓ What is an API? ▶
An API (Application Programming Interface) is a set of protocols and tools for building software and allowing communication between different software components or systems.
🧰 What is REST? ▶
REST (Representational State Transfer) is an architectural style for designing scalable web services that use HTTP methods and stateless communication.
📬 What is Postman used for? ▶
Postman is a popular API testing tool used to create, send, and automate HTTP requests and verify responses.
🚦 What are HTTP methods commonly used in REST APIs? ▶
GET (retrieve), POST (create), PUT (update/replace), PATCH (partial update), and DELETE (remove).
🔌 What is GraphQL? ▶
GraphQL is a query language and runtime for APIs allowing clients to request only the data they need, improving efficiency and flexibility.
📡 What is an endpoint in API Testing? ▶
An endpoint is a specific URL at which a client can access resources or services provided by the API.
🛠️ What kinds of data formats are common in API communication? ▶
JSON and XML are the most common data formats used for transferring data via APIs.
🔍 What is status code 200 in REST API? ▶
Status code 200 means OK, indicating a successful HTTP request.
⏳ What does stateless mean in REST APIs? ▶
Stateless means each API request from client to server must contain all information to understand and process the request independently.
🔑 What is authentication in API Testing? ▶
Authentication verifies the identity of a user or application trying to access the API.
Intermediate Level Questions
🛠️ How do you test REST APIs using Postman? ▶
By creating requests with appropriate HTTP methods, adding headers/body, sending the requests to endpoints, and verifying status codes, headers, and response body.
🎯 What is API versioning and why is it important? ▶
API versioning controls changes to the API without breaking existing clients; it allows maintaining backward compatibility.
🔄 Explain the difference between PUT and PATCH methods. ▶
PUT updates or replaces the entire resource; PATCH modifies only specified parts of the resource.
🚦 What are common authentication mechanisms in API Testing? ▶
Basic Auth, OAuth 2.0, API Keys, JWT, and Bearer tokens.
📊 How do you validate API responses? ▶
By checking HTTP status codes, response body content, headers, response time, and data types against expected results.
🧩 What is schema validation in API Testing? ▶
Schema validation ensures the API response follows the predefined format, data types, and structure such as JSON Schema or GraphQL schema.
⚙️ How do you perform automation in API Testing with Postman? ▶
Using Postman Collections and the built-in Newman CLI tool to run tests in continuous integration environments.
🔗 What is GraphQL query and mutation? ▶
Queries fetch data from the server; mutations modify data or perform server-side actions.
📑 What are environment and global variables in Postman? ▶
They store reusable values for use across multiple requests — environment variables are tied to specific environments while global variables apply across all collections.
📈 How do you check API performance in Postman? ▶
By analyzing response time, throughput, and running tests under different loads (with the help of external tools or Postman monitors).
📚 How do you handle error responses in API Testing? ▶
By validating error status codes, error messages, and handling edge cases like timeouts or invalid inputs gracefully.
🔒 How do you test security in APIs? ▶
Test for authentication, authorization, injection attacks, data encryption, and rate limiting to prevent abuse.
🧪 What is the significance of CORS in API Testing? ▶
Cross-Origin Resource Sharing (CORS) controls how web browsers allow requests from different origins; testing ensures APIs correctly handle or restrict such requests.
🌐 Explain the role of API gateways in REST APIs. ▶
API gateways manage request routing, authorization, rate limiting, analytics, and can enforce security policies at the API boundary.
🛠️ What is mocking in API Testing? ▶
Mocking simulates API responses to test client applications or workflows without depending on actual API availability.
🔄 How do you test GraphQL APIs differently from REST APIs? ▶
GraphQL testing includes validating schemas, queries, mutations, subscriptions, and ensuring clients get only requested data efficiently.
📊 How do you automate regression tests for APIs? ▶
By creating reusable, maintainable test scripts and integrating them into CI/CD pipelines for frequent execution.
🎯 What are pre-request scripts and tests in Postman? ▶
Pre-request scripts execute before a request to set variables or conditions; tests run after a response to validate outputs.
📦 How do you handle versioning in APIs? ▶
Using URL versioning, request header versioning, or content negotiation to provide backward-compatible API upgrades.
🐞 How do you track bugs found in API Testing? ▶
By logging defects with detailed request/response info, steps to reproduce, severity, and assigning for timely fixes.
Advanced Level Questions
🛡️ How do you test API security for vulnerabilities like injection attacks and broken authentication? ▶
Use automated security scanners, penetration testing, verify input sanitization, enforce strong authentication flows, and monitor for abnormal activity.
⚙️ Explain how you would load test and stress test an API. ▶
Simulate expected loads for load testing and progressively increase requests beyond capacity for stress testing while monitoring response times and failure rates.
🔄 Describe how contract testing works in API development. ▶
Ensures that API providers and consumers adhere to a shared contract specifying requests and responses, preventing integration issues.
📡 How do you monitor APIs in production environments? ▶
Use tools to track uptime, response time, error rates, traffic usage, and alert on anomalies to maintain SLA compliance.
🧩 How can you test GraphQL subscriptions? ▶
Test real-time updates pushed from the server by establishing websocket connections and validating event streams.
🚀 What is API mocking, and when should it be used in CI/CD pipelines? ▶
API mocking simulates services allowing parallel development and testing when backend services are unavailable or unstable.
🎯 Explain the significance of idempotency in API design and testing. ▶
Idempotent APIs allow the same operation to be performed multiple times without additional side-effects, ensuring safe retries and fault tolerance.
📊 How do you measure API test coverage effectively? ▶
By ensuring all endpoints, HTTP methods, parameter combinations, error conditions, and authorization scenarios are tested.
✅ What are best practices to maintain API test automation suites? ▶
Keep tests modular, reusable, maintain clear documentation, integrate with CI/CD, handle dynamic data, and review tests for flaky behavior.
💡 Describe how rate limiting and throttling can be tested in APIs. ▶
Simulate high-frequency API calls to ensure limits are enforced and appropriate error codes like 429 are returned on exceeding thresholds.