An API is an interface or communication protocol between a client & a server that intends to simplify the client-side application for a better user experience.
Methods of API
Get Method: The GET method is used to retrieve data from the server when doing so.
POST Method: We employ the POST technique whenever we want to add a new resource to the server.
PUT Method: The PUT method is used to modify any existing resource that needs to be updated. It alters the parameter if the one we wish to edit is already present. In the event that the parameter is not present, it is created.
PATCH Method: We utilize the PATCH method to update when we only want to make a partial change. We don’t need to send the entire payload in order to update the resource; we only pass the parameter that needs to be updated.
200 OK: The requested technique will determine the actual response. An entity that corresponds to the resource sought in the GET request will be included in the response.
201 Created: A new resource has been produced as a result of the request’s fulfillment.
202 Accepted: Although the processing of the request has begun, it has not yet been finished.
400 Bad Request: The server cannot or will not accept the request due to what appears to be a client error (such as incorrect request message framing, incorrect request size, excessive request size, or misleading request routing).
401 Unauthorized: Similar to 403 Forbidden, the 401 Unauthorized status code is used when authentication is necessary but has failed or has not yet been given.
403 Forbidden: When a request is 403 Forbidden, the server acknowledges that the request’s data is correct and that it can be processed. The user might not have the required permissions for a resource, which would explain this.
404 Not Found: The requested resource could not be found, but it might become accessible in the future (404 Not Found).
500 Internal Server Error: When an unexpected scenario is found and no more particular message is appropriate, a generic error message known as a 500 Internal Server Error is displayed.
501 Not Implemented: The server is either unable to process the request or is unaware of the request method. This typically denotes future accessibility (for instance, a new functionality of an API for web services).
502 Bad Gateway: A 502 Bad Gateway error means that the server was serving as a gateway or proxy when the upstream server sent it an incorrect response.
503 Service Unavailable: The server cannot process the request because it is overloaded or unavailable due to maintenance (503 Service Unavailable). This is typically a transient situation.
504 Gateway Timeout: A 504 Gateway Timeout error means that the upstream server failed to respond in a timely manner to the server functioning as a gateway or proxy.
Difference between HTTP and HTTPs:
Hypertext Transfer Protocol, or HTTP, is a protocol and syntax for presenting information that is used for data transmission across a network. The HTTP protocol is used to transmit the majority of data transferred over the Internet, including API calls and website content.
S stands for “secure” in HTTPS. An attacker would see a collection of seemingly random characters in the example above because HTTPS employs TLS (or SSL) to encrypt HTTP requests and responses.
“Anyone watching the session can view all requests and responses if a website utilizes HTTP rather than HTTPS. In essence, a malicious actor only needs to read the text of the request or the answer to determine precisely what information is being sent, requested, or received.
What are all validations done while performing API Testing?
Status code: – It checks to see if APIs are returning the appropriate status code. When a resource is created, the 201 status code should be updated with 400 for problematic requests, 500 for internal server errors, 401 for illegal access, etc..
JSON Schema: – When working with rest assured, it is occasionally necessary to verify whether the JSON structure is accurate or not in accordance with business logic.
Error messages: – In case of a negative scenario, we should get appropriate error messages with an error code like 400 in case of a bad request.
Response: – In the case of a happy path (positive scenarios), we validate the response that response values are expected values or not.
Header: – We can also validate headers, but it depends on the requirement.
Response time: – We can validate the response time of the API. Response time is the time that is taken by the server to validate API requests and then provide responses in return.