API Testing Interview Q&A Guide

Master API testing with Postman, REST vs SOAP, and real-world scenario-based questions.

📌 API Testing & Postman

1. What is Postman?

English: Postman is an API testing tool used to create, send, and validate API requests such as GET, POST, PUT, and DELETE.
Hinglish: Postman ek API testing tool hai jiska use hum API requests create, send aur validate karne ke liye karte hain.

2. What is an HTTP Method and Which is Most Common?

English: An HTTP method defines the type of operation. GET is most commonly used to retrieve data without modifying anything.
Hinglish: HTTP method batata hai action. GET sabse zyada use hota hai kyunki ye bas server se data fetch karta hai.

3. Difference Between GET and POST?

English / Hinglish:
- GET: Data read karne ke liye. Data URL me jaata hai (Fast but insecure).
- POST: Naya data create/send karne ke liye. Data Request Body me jaata hai (Secure).

Feature	GET	POST
Data Location	URL (Query Parameters)	Request Body
Security	Less Secure (Visible in URL)	More Secure
Data Limit	Limited (URL length)	Unlimited

4. What are the common Status Codes?

200 OK: Success.
201 Created: Resource created successfully.
400 Bad Request: Client error.
401 Unauthorized: Authentication required (Token missing/invalid).
403 Forbidden: Authenticated, but no permission to access.
404 Not Found: Resource/Endpoint missing.
500 Internal Server Error: Server crashed.

5. What are Query Parameters?

English: Query parameters are key-value pairs used to filter or customize responses, added after ? in the URL (e.g., /users?id=10).
Hinglish: Query Parameter API response ko filter ya customize karne ke liye use hota hai aur URL ke baad ? ke sath add hota hai.

6. How to pass a token from one API to another?

English / Hinglish: Extract the token from the Login API response and store it in an environment variable in the Tests tab:

pm.environment.set("token", pm.response.json().token);

In the Next API, use {{token}} under Authorization: Bearer Token.

7. What is Environment in Postman?

English: In Postman, an Environment is used to store variables like base URL, tokens, and credentials. It allows you to quickly switch contexts (Dev, QA, Prod).
Hinglish: Postman me Environment ka use hum variables store karne ke liye karte hain jaise base URL, token.

8. Variable Priority Order in Postman?

English / Hinglish: Order of Priority (Highest to Lowest):
Local > Data > Environment > Collection > Global

9. Explain HTTP in API.

English: HTTP (HyperText Transfer Protocol) is a communication protocol used between client and server in API testing. It defines how requests are sent and responses are received. Common HTTP methods are GET, POST, PUT, and DELETE.
Hinglish: HTTP ek communication protocol hai jo client aur server ke beech data exchange ke liye use hota hai API me. Ye batata hai request kaise jayegi aur response kaise aayega. Common HTTP methods hain GET, POST, PUT aur DELETE.

10. What is Token and Authentication in API?

English: Authentication is the process of verifying user identity. A token is a unique key generated by the server after successful login, which is sent with every API request to access secured resources.
Hinglish: Authentication ka matlab hota hai user ki identity verify karna. Token ek unique key hoti hai jo login ke baad server generate karta hai aur har API request ke saath bheji jaati hai secure access ke liye.

11. What is API and what are status codes?

English: API allows communication between two systems. Status codes indicate response result like 200, 400, 500.
Hinglish: API do systems ke beech communication karata hai. Status codes response ka result batate hain jaise 200, 400, 500.

12. Explain 400 status code.

English: 400 means Bad Request. The request sent by client is incorrect.
Hinglish: 400 ka matlab Bad Request hota hai. Client ne galat request bheji hai.

13. What is 500 Internal Server Error?

English: 500 means server side error. Request is correct but server failed to process it.
Hinglish: 500 ka matlab server side error hota hai. Request sahi hoti hai par server process nahi kar paata.

14. Explain API GET, POST, PUT methods.

English:
- GET → fetch data
- POST → create data
- PUT → update data
Hinglish:
- GET → data laata hai
- POST → data bhejta hai
- PUT → update karta hai

15. Summarize HTTP status codes.

English:
- 200 → Success
- 400 → Bad Request
- 404 → Not Found
- 500 → Server Error
Hinglish:
- 200 → success
- 400 → client error
- 404 → not found
- 500 → server error

16. What is Microsoft Graph API?

English: Microsoft Graph API is a RESTful web API provided by Microsoft that allows developers to access and manage data from multiple Microsoft services like Outlook, OneDrive, Teams, and Azure Active Directory using a single endpoint. It acts as a central gateway to interact with Microsoft cloud services and uses OAuth 2.0 for secure authentication.

Hinglish: Microsoft Graph API ek REST API hai jo Microsoft provide karta hai. Iska use karke hum Microsoft ke different services jaise Outlook, OneDrive, Teams aur Azure Active Directory ka data ek hi endpoint se access aur manage kar sakte hain. Ye ek central gateway ki tarah kaam karta hai aur secure authentication ke liye OAuth 2.0 use karta hai.

📌 API Basics & Postman

1. What is an API and why is it tested?

English: API (Application Programming Interface) is a set of rules that allows two software components to communicate. We test it to ensure data integrity, security, and backend reliability.
Hinglish: API do softwares ke beech pul ka kaam karti hai. Iska test data aur logic check karne ke liye hota hai.

2. What is Postman and what are its core features?

English: Postman is a tool for developing and testing APIs. Features include collections, environments, global variables, and automated tests (JS scripts).
Hinglish: Postman API testing ka best tool hai jisme requests save karne (Collections) aur test script likhne ke features hain.

3. Difference between Query Parameters and Path Parameters?

English: Path Parameters: Part of the URL (e.g., /users/123). Query Parameters: Appended after ? (e.g., /users?age=25) and used for filtering.
Hinglish: Path param URL ka hi hissa hota hai; Query param ? ke baad lagaya jata hai filter aur sorting ke liye.

4. What are Global, Collection, and Environment variables in Postman?

English: Global: All-in-one. Collection: Within one folder. Environment: Specific to a setup like QA or Prod.
Hinglish: Global har jagah apply hote hain; Environment sirf chune gaye mode (QA/Prod) pe; Collection sirf us group pe.

5. How to automate tests in Postman?

English: By writing JavaScript code in the "Tests" tab of a request (using the pm.test() function).
Hinglish: Postman ke "Tests" tab mein JS script likh kar assertions/checks lagaye ja sakte hain.

📌 HTTP Protocol & REST Concepts

6. Explain HTTP Status Codes (2xx, 3xx, 4xx, 5xx).

English:

2xx: Success (200 OK, 201 Created).
3xx: Redirection (301 Moved).
4xx: Client Error (400 Bad Request, 401 Unauthorized, 404 Not Found).
5xx: Server Error (500 Internal Server Error).

Hinglish: 2 series matlab kamyabi, 4 series client ki galti, aur 5 series server ki galti.

7. Difference between GET and POST?

English: GET: Fetches data (data in URL, limited size). POST: Sends data (data in body, secure, no size limit).
Hinglish: GET data laata hai aur URL mein dikhta hai; POST data bhejne ke liye hota hai aur jyadatar body mein hidden hota hai.

8. Difference between PUT and PATCH?

English: PUT: Replaces entire resource. PATCH: Updates only specific fields (Partial update).
Hinglish: PUT poora badal deta hai; PATCH thoda sa part badalta hai (like sirf phone number).

9. What are RESTful Web Services constraints?

English: Statelessness, Client-Server architecture, Cacheability, Layered system, and Uniform Interface.
Hinglish: REST ke kuch rules hain (Stateless etc.) jisse ye flexible aur scalable banti hain.

10. What is 'Idempotency' in API methods?

English: A method is idempotent if calling it multiple times has the same outcome (e.g., GET, PUT, DELETE). POST is NOT idempotent.
Hinglish: Agar method baar-baar chalane pe same result de toh wo idempotent hai (jaise PUT ya DELETE).

📌 JSON & API Security

11. What is JSON and why it is preferred over XML?

English: JSON (JavaScript Object Notation) is lightweight, faster to parse, and more human-readable compared to XML.
Hinglish: JSON halka aur fast hota hai, aur iska code padhne mein XML se aasan hai.

12. How do you handle Authentication in APIs?

English: Using headers like Authorization: Bearer <token>, API Keys, or Basic Auth (Username:Password).
Hinglish: Header mein token ya keys daal kar user ki pehchan process ki jati hai.

13. Explain OAuth 2.0 briefly.

English: An authorization protocol where a client gets an 'Access Token' to perform actions on behalf of a user without sharing passwords.
Hinglish: Bina password bataye permission lene ka tareeka (जैसे Login with Google).

14. What is 'Payload' and 'Headers'?

English: Payload: Data sent in the body. Headers: Metadata information (like Content-Type: application/json).
Hinglish: Payload asli data hota hai; Header request ke baare mein informatio hoti hai.

15. What are common API security risks?

English: Injection attacks, Broken Object Level Authorization (BOLA), Unprotected endpoints, and Excessive data exposure.
Hinglish: API hacking ki threats jaise purana login use karna ya galti se security gaps chodh dena.

📌 Scenario-Based API Questions

16. How to test an API that has no documentation?

English: Use tools like Fiddler, Charles Proxy, or Chrome Network tab to capture requests while interacting with the application UI.
Hinglish: Proxy tools use karke ye pata lagao ki UI kaunsi calls kar raha hai.

17. What is 'API Mocking'?

English: Simulating the behavior of a real API with fake responses. Useful when the backend is not ready but frontend/testing must proceed.
Hinglish: Asli API banne se pehle uski nakal (fake API) banana testing ke liye.

18. Difference between 401 Unauthorized and 403 Forbidden?

English: 401: Identity unknown (no valid credentials). 403: Identity known but access denied (no permission for this resource).
Hinglish: 401 matlab user login nahi hai; 403 matlab login toh hai par use ye dekhne ki ijazat nahi hai.

19. What is 'Contract Testing' in API?

English: Verifying that the API provider (server) and consumer (client) agree on the structure of data exchanged.
Hinglish: Ye check karna ki Client aur Server dono response format (keys/types) pe agree kar rahe hain.

20. How to handle large JSON responses?

English: Using JSON Path expressions to parse and validate specific fields instead of checking the whole string.
Hinglish: JSON Path use karke sirf kaam ki cheezein pick karo pure response ko padhne ke bajaye.

📌 Web Services (SOAP vs REST) & Real Scenarios

1. What is a web service?

English: A web service is an interface that allows different applications to communicate and exchange data over the internet.
Hinglish: Web service ek interface hota hai jo do different applications ke beech internet ke through data exchange karne deta hai.

2. What is the difference between SOAP and REST web services?

English / Hinglish:
- REST: Lightweight, supports JSON and XML, simpler and faster, no WSDL required.
- SOAP: XML-based, heavy, uses WSDL, complex but highly secure.

Hinglish: SOAP XML-based aur heavy hota hai, jabki REST lightweight hota hai aur JSON/XML support karta hai. SOAP WSDL use karta hai, REST nahi karta.

Feature	REST	SOAP
Protocol vs Style	Architectural Style	Protocol
Data Format	JSON, XML, HTML, Text	Only XML
Performance	Fast, lightweight	Slow, heavy payload

3. What is WSDL and what does it contain?

English: WSDL stands for Web Services Description Language. It is an XML file describing the web service. It contains: Service name, Port and endpoint, Operations (methods), and Request/Response structural format.
Hinglish: Ye ek XML file hoti hai jo web service ke operations, request-response format aur endpoint batati hai.

4. Tell me about a time you identified a critical bug through automation.

"During a regression run, automation flagged a scenario where deactivated/inactive users were still able to log in. I immediately analyzed logs & captured screenshots, reported the issue with priority, and informed the development team. It was a security bug. Automation helped catch it early before production, saving a lot of manual effort and risk."

5. Describe a challenging situation with developers or deadlines and how you handled it.

"Once we had a major release with tight deadlines. Developers delivered changes very late. Instead of pushing back, I prioritized critical test cases first, used automation scripts to speed up regression, collaborated closely with devs for quick fixes, and escalated blockers early. As a result, we delivered on time with good quality."

6. Explain about your current project?

English: My current project is a web-based application. My role is to design test cases, execute manual testing, and automate regression test cases using Selenium with Java. I also perform API testing using Postman/SOAP UI and log defects in Jira.
Hinglish: Mera current project ek web-based application hai. Mera role test cases design karna, manual testing karna aur Selenium Java se regression test cases automate karna hai.

7. How to raise a defect in Jira tool?

Click on Create Issue.
Select Issue Type as Bug.
Enter Summary and Description.
Add exact Steps to Reproduce.
Mention Expected and Actual Result.
Attach screenshots/logs.
Click Submit.

8. What is UNION in SQL?

English: UNION is an SQL operator used to combine the result of two or more SELECT queries into a single result set. Both queries must have the same number of columns and compatible data types. By default, it removes duplicates.
Hinglish: UNION ek SQL operator hai jo do ya zyada SELECT queries ko combine karta hai.