- JSON stands for JavaScript Object Notation.
- JSON is a lightweight format for storing and transporting data.
- JSON is often used when data is sent from a server to a web page.
- JSON is "self-describing" and easy to understand.
An API is an interface that allow applications to communicate with one another, while a web service is a network-based resource that fulfills a specific task.
Ex.
Webservices : ---> https://www.irctc.co.in
API: ---> https://www.irctc.co.in/API/reservation/bookreservation/
All web services are APIs, but not all APIs are web services.
Web services must require a network while APIs can be on- or offline.
3. What tool to use for API testing?
- Postman
- Rest Assured
- SOAPUI
- Katalon
- Karate
- Tricentis TOSCA
- UFT
- Jmeter
4. What all http code return on CRUD operations?
OR
What type of status codes you have worked ?
CREAT(POST)
- 200 OK - It’s the basic status code to tell the client everything went good
- 201 Created - It defines that the resource has been created successfully
READ(GET)
- 200 OK - Most of the GET actions return with a 200 OK status.
- 206 Partial Content - This response code indicates that the request has succeeded and has the body contains the requested ranges of data, as described in the Range header of the request.
- 404 Not Found - API could not find what requested
UPDATE(PUT/PATCH)
- 200 OK - This is the most appropriate code for most use-cases.
- 204 No Content - A proper code for updates that don’t return data to the client
- 202 Accepted - It shows that the update has been succeeded.
DELETE
- 200 OK - Some people think a delete function of any kind should return the deleted element, so a representation of the deleted element can be included in the response body.
- 204 No Content - It tells the client the deletion is complete and return no response body (as the resource has been deleted).
- 202 Accepted - If the deletion is asynchronous and takes some time, which is the case in distributed systems, it can be appropriate to return this code with some information or URL to tell the client when it will be deleted.
5. What is difference between Authentication and Authorization in Postman?
Authentication is about validating your credentials such as Username/User ID and password to verify your identity. Authorization occurs after Authentication, Which determines your rights to grant you access of perticular resources.
6. How to set up proxy in Postman?
Postman-->Go to Settings--> Proxy-->Add a custom proxy configuration-->Provide Proxy Details
Postman-->Go to Settings--> Proxy-->Add a custom proxy configuration-->Provide Proxy Details
7. How to add certificates in Postman?
Go to Settings--> Certificates -->Import-->Add Certificate
Go to Settings--> Certificates -->Import-->Add Certificate
8. Commonly used Status Codes for API Testing.
200: OK
201: Created
204: No Content
400: Bad Request
401: Unauthorized
403: Forbidden
404: Not Found
500: Internal Server Error
503: Service Unavailable
9. Difference between status codes 410 and 403
401: Unauthorized Access. This means you are not able to login to the application because of a wrong username or password.
403: Forbidden. This means you are already logged in to the application but don’t have permission to access the resource.
500: Internal Server Error i.e., the server is not able to handle your request.
503: Service Unavailable i.e., the server is available but the service is not available.
503: Service Unavailable i.e., the server is available but the service is not available.
11. Postman feature provide below feature
1. Web service Client
2. Manual Testing
3. Automation testing - Data driven approach
4. API Mocking
5. API Monitoring
6. Schema validation
7. Newman - Integration with Jenkins
8. API documentation
9. Share collections
12.How do you start API testing in a Sprint. -
1) Story details will be available in JIRA or any other agile management tools.
2) Understand the scope of the story and check any flow diagram is present, environment details, sample requests and responses, authentication types, any third party payload is getting called internally and find the data mapping sheet.
3) Prepare test cases
4) Start to validate the service by hitting valid endpoint URL with authentication (both positive and negative scenarios)
5) Capture the responses
6) Automate the scenarios in any automation based on client requirements
7) verify the swagger details to ensure the value of request is number or String
13) Challenges we faced during API Testing
It's a huge list let me highlight few things
1. Third party webservices will be down (which we are calling internally)
2. Mapping sheet info will not be updated properly so that we might end up incorrect validations.
3. In the limited amount of time we will not be able to test all the positive and negative scenarios
4. We should not assume anything in webservices testing it will backfire us so always get the clarification for all the things.
5. If you don’t know the method allows you to send string type and you pass integer! Or sending an empty parameter. Validation of parameter is necessary
No comments:
Post a Comment