To validate API request and Response in JSON format
b) make changes to the code.
c) git add . //add those changes(or staging)
d) git status //to check changes moved to
staging
e) git commit -m”commit message”
f) git push
----
g) git checkout -b “branch-name” //for creating a branch
h) git branch //check if branch created or
available branches
i) git checkout “branch name” //Switch to
branch
Here you successfully switch to branch.
Now you can push your code by “git push”
- HTTP
URL in your browser’s address bar is http:// and the HTTPS URL is
https://.
- HTTP
is unsecured while HTTPS is secured.
- HTTP
sends data over port 80 while HTTPS uses port 443.
- HTTP
operates at application layer, while HTTPS operates at transport layer.
- No
SSL certificates are required for HTTP, with HTTPS it is required that you
have an SSL certificate and it is signed by a CA.
- HTTP
doesn’t require domain validation, where as HTTPS requires at least domain
validation and certain certificates even require legal document
validation.
- No
encryption in HTTP, with HTTPS the data is encrypted before sending.
4. Most Used Authentication Methods
• Basic• API Key• Bearer• OAuth• Cookie bases Authentication
Basic Authentication
This is the most straightforward method and the easiest. With this method, the sender places a username: password into the request header. The username and password are encoded with Base64, which is an encoding technique that converts the username and password into a set of 64 characters to ensure safe transmission.
API Key:
Some APIs use API keys for authorization. An API key is a token that a client provides when making API calls. The key can be sent in the query string: or as a request header, or as a cookie:
API keys are supposed to be a secret that only the client and server know. Like Basic authentication, API key-based authentication is only considered secure if used together with other security mechanisms such as HTTPS/SSL.
Bearer Authentication:
Bearer authentication (also called token authentication) is an HTTP authentication scheme that involves security tokens called bearer tokens.
The name “Bearer authentication” can be understood as “give access to the bearer of this token.” The bearer token allowing access to a certain resource or URL and most likely is a cryptic string, usually generated by the server in response to a login request.
The client must send this token in the Authorization header when making requests to protected resources:
Authorization: Bearer <token>
OAuth (2.0):
Cookie bases Authentication:The previous versions of this spec, OAuth 1.0 and 1.0a, were much more complicated than OAuth 2.0. The biggest change in the latest version is that it is no longer required to sign each call with a keyed hash. The most common implementations of OAuth use one or both of these tokens instead:• access token: sent like an API key, it allows the application to access a user’s data; optionally, access tokens can expire.• refresh token: optionally part of an OAuth flow; refresh tokens retrieve a new access token if they have expired. OAuth2 combines Authentication and Authorization to allow more sophisticated scope and validity control.OAuth 2.0 is the best choice for identifying personal user accounts and granting proper permissions. In this method, the user logs into a system. That system will then request authentication, usually in the form of a token. The user will then forward this request to an authentication server, which will either reject or allow this authentication. From here, the token is provided to the user, and then to the requester. Such a token can then be checked at any time independently of the user by the requester for validation and can be used over time with strictly limited scope and age of validity.This is fundamentally a much more secure and powerful system than the other approaches, mainly because it allows for the establishment of scopes which can provide access to different parts of the API service and since the token is revoked after a certain time - makes it much harder to re-use by attackers.
Cookie authentication uses HTTP cookies to authenticate client requests and maintain session information. It works as follows:
The client sends a login request to the server.
On the successful login, the server response includes the Set-Cookie header that contains the cookie name, value, expiry time and some other info. Here is an example that sets the cookie named JSESSIONID:Set-Cookie: JSESSIONID=abcde12345; Path=/; HttpOnlyThe client needs to send this cookie in the Cookie header in all subsequent requests to the server.Cookie: JSESSIONID=abcde12345On the logout operation, the server sends back the Set-Cookie header that causes the cookie to expire.
5. What is API Gateway.
The API Gateway is responsible for request routing, composition, and protocol translation. All requests from clients first go through the API Gateway. It then routes requests to the appropriate microservice. The API Gateway will often handle a request by invoking multiple microservices and aggregating the results. It can translate between web protocols such as HTTP and WebSocket and web‑unfriendly protocols that are used internally.
Go to Settings--> Proxy-->Add a custom proxy configuration-->Provide Proxy Details
07. How to add certificates in Postman?
Go to Settings--> Certificates -->Import-->Add Certificate
08. What will be response code you will get after using wrong Json payload?
400- Bad request
500 server error
12: What is web services
1. What tool to use for API testing?
3. Collections and parameters in Postman?
4. Where to check status code and headers in Postman?
5. How to set global variable in Postman?
6. How to use authentication and authorization in Postman?
7. Check response meesage in Postman?t
8. How to download the response of a request using Postman?
9 How to use collection runner?
10. Cookies and Headers also we need to validate apart from status code and response body?
11. What type of status codes you have worked ?
12. Which one has the higher priority in Postman? A global variable or a local variable?
13: Whar are the types of workspace in Postman?
14. How to run the requests in collection for multiple times?
Ans: got to Collection Runner and define the number of times require to execute the requests in "Iterations" inputbox
15. How to give delay between iteration cycle in POstman while running collection?
Ans: Use the Delay inputbox, the default time unit is in ms.
16. What are the methods in API you have used?
Ans: GET, POST, PUT, DELETE, PATCH, HEAD, OPTIONS
17. How you get request details or end points in your project and test it?
Ans: Swagger or confluence and append your server address with request in Postman.
18. How to set up proxy in Postman?
Ans: Go to Settings--> Proxy-->Add a custom proxy configuration-->Provide Proxy Details
19. How to add certificates in Postman?
Ans: Go to Settings--> Certificates -->Import-->Add Certificate
20. What variables we have in POSTMAN?
Ans: Global and Environment
2. Different HTTP Methods you are aware of in API Testing.
GET: Fetches a resource from the server
POST: Creates a new resource on the server.
PUT: Updates an existing resource on the server.
DELETE: Deletes a resource on the server
PATCH: Updates an existing resource on the server.
3. Commonly used Status Codes for API Testing.
200: OK
201: Created
400: Bad Request
401: Unauthorized
403: Forbidden
404: Not Found
500: Internal Server Error
503: Service Unavailable
4. Explain your project framework? (this question is asked in all rounds)
5. Git Commands for pushing code to the repository.
What the interviewer meant was to tell him the process I follow from cloning the repository to push the code and creating a pull request.
a) git clone “repo-url”
b) git checkout -b “branch-name” //for creating a branch
c) make changes to the code.
d) git add . //add those changes(or staging)
e) git commit -m”commit message”
f) git push
g) Creating a pull request from the Github UI to merge the branch to master.
6). Different types of waits in Selenium.
You can check this article: Waits in Selenium.
7. What happens If I put both implicit and explicit code in my selenium code?
I was like we should not use both waits together according to Selenium official documentation.
8. Difference b/w Delete and truncate.
DELETE: The contents of the table cannot be rolled back. It’s permanently deleted
TRUNCATE: The tables data is temporarily deleted and can be rolled back if required.
9. SQL query to select rows in which the date is greater than a particular date.
SELECT * from table_name WHERE date_col > 'date'
10. SQL query to select only rows that don’t have values in a particular column.
SELECT * from table_name WHERE col_name IS NULL;
11. Test cases for booking movie ticket.
12. Test Cases for login functionality(both UI and API)
13. Java program to count occurrences of words in a String.(Click to view program)
Round 2 :
1. Introduction
2. What is Kafka? (Mentioned in my resume)
3. What is API? With Example?
API(Application Programming Interface) is an interface between two applications. Therefore it enables us to transfer data between these two applications.
For Example:
In a Client-Server architecture, the Client requests data from a server and the server responds with the requested data.
You might be wondering where API is?
API can be sitting on the server:
1. Taking your request
2. Feting data from the database.
3. Returning you the response
Hence acting as an interface between your request and the database.
4. Difference between status codes 410 and 403
401: Unauthorized Access. This means you are not able to login to the application because of a wrong username or password.
403: Forbidden. This means you are already logged in to the application but don’t have permission to access the resource.
5. Difference between 500 and 503
500: Internal Server Error i.e., the server is not able to handle your request.
503: Service Unavailable i.e., the server is available but the service is not available.
6. Difference Between PUT and Patch
Both are used for updating a resource on the server.
PUT: Replaces the whole object
PATCH: Replaces a particular field of an object
1. what is an API?
2. Whats the diff between Rest vs SOAP
3. What are the different http methods
4. What are the different status codes and when will they occur?
5. what are the different ways you validate XML response?
6. What are the different ways you validate rest api response
7. How do you use POJO’s? Sample POJO code for a Json
8. How do you pass payload to rest api call during automation?
9. Explain your automation framework?
10. Explain challenges that you face during automation of rest api’s
11. What are the diff types of testing you do with an API
12. what is the diff between regular calls vs oauth calls?
13. How do you test security testing using API’s
14. How do you do performance testing with API’s
15. what is the different between Put vs Patch
No comments:
Post a Comment