Top API Interview Questions for SDET

5 min readJan 5, 2024

Hi there! I put together API interview questions for SDET or Test Automation roles.

Please consider taking my Udemy course Interview Preparation for SDET(Java) if you prefer video sessions with more detailed explanations.

What is API?

API stands for Application Programming Interface. It is a bridge between the data layer and the application client. Also, APIs define how different software components should interact, allowing them to communicate with each other.

REST (Representational State Transfer) and SOAP (Simple Object Access Protocol) are common architectural styles for web APIs.

What is HTTP and HTTPS?

HTTP (Hypertext Transfer Protocol)

HTTPS (Hypertext Transfer Protocol Secure)

HTTP and HTTPS are protocols used for communication between a client (such as a web browser) and a server over the Internet. They define how data is transferred and formatted during the exchange of information. The key differences between HTTP and HTTPS are related to security. HTTPS adds a layer of encryption, making it more secure.


How do you do API testing?

  1. Analyze API documentation
  2. Send request
  3. Validate response (verify status code and verify response body if applicable)

What is the difference between SOAP API and REST API?

SOAP (Simple Object Access Protocol) and REST (Representational State Transfer) are two different architectural styles for designing web services.

- SOAP uses XML as the message format whereas REST can use multiple formats, but JSON is more commonly used.

- REST is inherently stateless whereas SOAP can be stateful or stateless, however, ofter relies on sessions and maintains its state.

- SOAP may be more suitable for scenarios where strict standards and security are essential, while REST is often preferred for its simplicity, flexibility, and efficiency in web and mobile applications.

What API methods do you know?

GET method: reads data
POST method: saves the data
PUT method: edits the data
DELETE method: deletes data
— — — —
PATCH method: can be used to partially update specified data
OPTIONS method: request information from the endpoint
HEAD method: retrieves only the headers of a response without the response body.
CONNECT method: establishes a network connection to a resource, typically used for SSL/TLS tunneling.
TRACE method: the web server will respond to requests that use the TRACE method by echoing in its response the exact request that was received for diagnostic purposes.

What is the difference between PUT and PATCH?

PUT means replacing the entire resource with given data, while PATCH means replacing only specified fields.

What status code responses do you know?

1xx — Informational response. Informational responses are used to indicate that the task is in progress.
2xx — Success.
3xx — Redirected.
4xx — Client error.
5xx — Server error. A valid request was made by the client but the server failed to complete the task.

For example:
200 — OK
201 — Created
404 — Not Found
403 — Forbidden

How does authentication work in API?

Basic Authentication: The client includes a username and password in the request headers using the “Authorization” header, with the credentials base64-encoded.

Token-based Authentication: Users authenticate with a server to obtain a token. The token is then included in the request headers for subsequent API calls. For example, Bearer token and OAuth (Open Authorization).

Certificate-based Authentication: Clients present a digital certificate during the authentication process. The server validates the certificate to ensure the client’s identity.

What is the query parameter in API?

The query parameters are key-value pair data that we can include together with our request to pass data to the server. They are appended to the end of the URL after the ? symbol and are separated by &.

For example:

What is the difference between the path parameter and the request parameter?

The path parameter is part of the URL path itself.

For example:

The query parameters are key-value pair data that we can include together with our request to pass data to the server. They are appended to the end of the URL after the ? symbol and are separated by &.

For example:

What is the request body/payload?

The request body, also known as the payload, is part of an API request where data is sent from the client to the server. The common formats are JSON and XML.

How does the RestAssured library work? Give me one example.

RestAssured is a popular Java library designed for simplifying the testing of REST APIs. It provides a behavioral-driven style for constructing expressive and readable API tests. One example I can give you:

package api;

import io.restassured.http.ContentType;
import io.restassured.http.Header;
import io.restassured.response.Response;
import org.junit.Assert;
import org.junit.Test;

import static io.restassured.RestAssured.given;

public class RestAssuredTest {
public void testGetStudent() {
Header header = new Header("Authorization", "Bearer asumeValidToken");
Response response = given()
Assert.assertEquals(200, response.getStatusCode());
Assert.assertEquals(6688, (int) response.body().jsonPath().get("id"));

Thank you for your attention. Please consider taking my online courses: