Top 20 API Testing Interview Questions &
Answers
Doc by Aston Cook
Learn how to speak confidently about API testing in interviews using Postman, Rest Assured,
and practical testing logic. These answers focus on real-world application, not just definitions.
1. What is an API?
Answer:
An API (Application Programming Interface) is a set of rules and protocols that allows different
software systems to communicate with each other.
2. What are the most common HTTP methods?
Answer:
GET (retrieve), POST (create), PUT (update/replace), PATCH (partial update), and DELETE
(remove data).
3. How do you validate a response in Postman?
Answer:
Use the “Tests” tab with JavaScript assertions. Check status codes, response time, body
content, headers, and data structures.
4. What’s the difference between PUT and PATCH?
Answer:
PUT replaces the entire resource. PATCH makes a partial update to a specific field or fields.
�5. How do you test error scenarios in an API?
Answer:
Send invalid or missing data, test with unauthorized access, check rate limits, and simulate
edge cases to verify proper error responses (like 400, 401, 404).
6. What is schema validation?
Answer:
It ensures the response JSON matches a defined structure. In Postman, this is done using tv4
or Ajv libraries. In Rest Assured, you can use built-in schema matchers.
7. What is the difference between SOAP and REST?
Answer:
SOAP is a protocol using XML and strict standards. REST is an architectural style using
standard HTTP methods and supports multiple formats like JSON and XML.
8. How do you test secured APIs?
Answer:
Use authentication methods like API key, Bearer token, or Basic Auth in headers. Automate
auth token generation if possible.
9. What is status code 200, 201, 204, 400, 401, and 500?
Answer:
200: OK
201: Created
�204: No Content
400: Bad Request
401: Unauthorized
500: Server Error
10. How do you chain requests in Postman?
Answer:
Save values from one response (like tokens or IDs) as environment variables, then use them in
later requests using {{variable}} syntax.
11. How do you send dynamic data in Postman?
Answer:
Use Pre-request scripts to generate values or pull from external data files with the Collection
Runner.
12. What are common response validations?
Answer:
● Status code
● Response time
● Specific key-value pairs in body
● Header content (e.g., Content-Type)
13. How do you assert nested JSON data in Rest Assured?
Answer:
�Use body("data.id", equalTo(2)) or extract values using JsonPath expressions to verify deep
structures.
14. What is a collection in Postman?
Answer:
A group of saved API requests organized under a project or test flow. Collections can be shared
or run in sequence.
15. How do you perform data-driven testing in Postman?
Answer:
Use the Collection Runner with a CSV or JSON file that holds test data. Reference values with
{{variableName}} in your requests.
16. What are common headers used in API requests?
Answer:
Content-Type, Authorization, Accept, User-Agent, and Cache-Control are common headers
depending on the API context.
17. How do you handle authentication tokens in automated tests?
Answer:
Extract the token from a login response and save it as a variable. Use it in headers for
subsequent requests in your test flow.
18. What tools can you use for API testing?
Answer:
�Postman, Rest Assured (Java), Newman (CLI for Postman), Karate DSL, Insomnia, and
Playwright’s request API module.
19. How do you test performance of an API?
Answer:
Use tools like JMeter, Postman’s monitor, or custom scripts to measure response time,
concurrent load, and bottlenecks.
20. How do you organize API test automation?
Answer:
Use folders or classes per endpoint, data files for inputs, reusable headers/auth config, and CI
integration to run on merge or schedule.
