QA Interview Questions

Basics

What is API? Types (REST, SOAP).

API Testing

APIs are mechanisms that enable two software components to communicate with each other using a set of definitions and protocols.

  • REST (Representational State Transfer): Stateless, uses HTTP methods (GET, POST, PUT, DELETE), JSON/XML, flexible.
  • SOAP (Simple Object Access Protocol): Protocol, XML-based, more structured, built-in error handling.
  • Others: GraphQL, gRPC...

Explain API components & architecture.

API Testing
  • Client: Makes requests.
  • Server: Processes requests and returns responses.
  • Request: Method, URI, headers, body.
  • Response: Status code, headers, body.
  • Resources: Data entities exposed via API.

HTTP methods & their usage (GET, POST, PUT, PATCH, DELETE).

API Testing
  • GET: Retrieve data. Safe, idempotent.
  • POST: Create new resource. Not idempotent.
  • PUT: Update/Replace existing resource. Idempotent.
  • PATCH: Partially update existing resource. Not idempotent.
  • DELETE: Remove resource. Idempotent.

Explain HTTP status codes & categories.

API Testing
  • 1xx (Informational): Request received, continuing process.
  • 2xx (Successful): 200 OK, 201 Created.
  • 3xx (Redirection): 301 Moved Permanently.
  • 4xx (Client Error): 400 Bad Request, 401 Unauthorized, 404 Not Found.
  • 5xx (Server Error): 500 Internal Error, 503 Service Unavailable.

Difference between HTTP and HTTPS.

API Testing
HTTPS is HTTP with encryption (SSL/TLS), ensuring secure communication.

What are API endpoints?

API Testing
URLs that point to specific resources or functionalities within an API.

Explain API authentication vs. authorization.

API Testing
  • Authentication: Verifying who you are. (Are you registered?)
  • Authorization: Determining what you are allowed to do. (Do you have access?)

Locators in Selenium?

UI Testing
ID, Name, Class Name, Tag Name, Link Text, Partial Link Text, CSS Selector, XPath.

Explain OOPs concepts.

Java
Encapsulation, Inheritance, Polymorphism, Abstraction.

Authentication

Common authentication methods.

API Testing
  • Basic Auth: Username:password encoded in base64. Not very secure.
  • Bearer Token: Token in Authorization header. Stateless.
  • OAuth 2.0: Authorization framework for delegated access.
  • API Keys: Unique string passed in header or query param.

API Design and Best Practices

What is an API Gateway?

API Testing
A central entry point for all API requests, handling routing, security, rate limiting, and monitoring.

Difference between URI and URL.

API Testing
URI identifies a resource; URL is a type of URI that also specifies how to locate it (e.g., using a protocol like http). All URLs are URIs, but not all URIs are URLs.

Explain versioning in APIs. Why is it important?

API Testing
Managing changes to an API while maintaining compatibility for existing clients. Done via URL (/v1/users), header, or query param. Important for non-disruptive evolution.

Safe vs. Idempotent methods.

API Testing
  • Safe: No side effects (e.g., GET, HEAD).
  • Idempotent: Multiple identical requests have the same effect as one (e.g., GET, PUT, DELETE).

Explain request/response headers and body.

API Testing
  • Headers: Metadata (content type, auth, caching).
  • Body: Data payload (JSON, XML, etc.).

Data Formats

Explain JSON.

API Testing
JavaScript Object Notation, a lightweight data-interchange format, human-readable, easy for machines to parse.

Explain XML.

API Testing
Extensible Markup Language, a markup language that defines a set of rules for encoding documents in a format that is both human-readable and machine-readable.

Difference between JSON and XML.

API Testing
JSON is generally lighter, less verbose, and easier to parse (natively in JS) than XML. XML is more structured with tags and can include metadata.

RESTful APIs

What is a RESTful API? Principles.

API Testing
Follows REST principles: stateless, client-server, cacheable, layered system, uniform interface, code on demand (optional).

Difference between PUT and PATCH.

API Testing
PUT replaces the entire resource. PATCH updates part of it.

Difference between API and Web Service.

API Testing
All web services are APIs, but not all APIs are web services. Web services require a network (http), while APIs can be local.

API Management

What is API Throttling/Rate Limiting?

API Testing
Limiting the number of API requests a client can make in a given time period to prevent abuse or overload.

Explain API pagination. Why is it used?

API Testing
Breaking down large result sets into smaller, manageable 'pages' to improve performance and reduce server load.

Serialization & Deserialization

Explain serialization and deserialization.

API Testing
  • Serialization: Converting an object (like Java POJO) into a format (like JSON).
  • Deserialization: Converting a format (JSON) back into an object.
One Liner: Serialization converts Java objects into JSON for payloads; Deserialization converts API responses into Java objects.
Usage: Serialization for POST/PUT | Deserialization for Validation