API TESTING 2
I. What are HTTP status codes?
Browsers and servers interact via the Hypertext Transfer Protocol (HTTP) status code. The browser
transmits your request to a server, which then delivers a response when you use the internet to seek
information from a server. The HTTP status code, which informs the browser of the request's status and
whether or not something went wrong, as well as the reason for the error, is a component of that response.
The requested page, the client's browser, and the server are among the details carried by HTTP headers for
requests and answers, and these details can determine the status codes.
II. What are common HTTP status codes?
Numerous HTTP status codes are available. Wikipedia now lists 75 different status codes, the majority of
which you've probably never heard of
1xx informational response
Communicates transfer protocol-level information.
- 1. 100 Continue, this response means everything is functioning properly and can proceed. The code indicates the server is processing the request and can complete it. The 100 code is an interim response and tells you the request has not caused an error.
- 2. 101 Switching Protocol, the server received the data request and can comply. The server, however, will change protocols based on information in the Upgrade header field. This status code does not indicate an error.
- 3. 102 Processing, the server received the request, but there isn't any response yet. The server is processing the request, which is ongoing. This code also indicates an error has not occurred.
2xx success
The client accepts the request and is processed it successfully at the server.
- 1. 203 Non-Authoritative Information, the returned data does not match the data available on the server. This often can indicate the data arrived via a proxy source of the server that contained the original data. This code means the server received a 200 OK from its origin, but it's returning a modified version of the response.
- 2. 204 No Content, the server sends this code when it received and understood the request. With this code, though, the server is signaling it has no data to return. Even though there's no content to send, this code indicates the HTTP headers are proper.
- 3. 205 Reset Content, the server has completed the request, but there was a problem. This status code represents a correctable error. You can solve this by resetting the document view and trying again.
3xx redirection
Indicates that the client must take some additional action in order to complete their request. Most of the
codes related to this series are for URL Redirection.
- 1. 300 Multiple choices, The request has more than one potential response. The server often sends a report with this code that includes a list of the potential choices. To get the data, you can choose from the responses the server provides.
- 2. 301 Moved permanently, This code indicates the URL no longer exists or is broken. This message often includes the new URL for you to use. It also signifies to the user to update all references to this URL.
- 3. 302 Found, The Uniform Resource Identifier (URI) changed, but the change is not permanent. A 302 Found means more changes might occur in the future, so consider using the new URI to complete requests. This code is one way to create a temporary redirect.
- 4. 305 Use proxy, The request needs to use a server proxy to complete successfully. This message tells the user to send the request again. The second request will go to the server proxy, which can provide the data.
- 5. 307 Temporary redirect, This response means the Uniform Resource Identifier is different. The server has to use a new, temporary URI to return data. This code also indicates future requests likely won't use the temporary URI and will function as normal.
4xx client errors
This category of error status codes points the finger at clients (these are specific to client-side errors.)
- 1.400 Bad request, this code indicates invalid syntax prevented the server from receiving a request. Servers return this code when the requester made the error and should correct it before trying again. This could mean the client used invalid message framing or improperly routed the message.
- 2. 401 Unauthorized, the server cannot complete the request. The server believes the user does not have the authorization to receive the data. After sending this code, a server won't complete the request until user authentication happens.
- 3. 403 Forbidden, the server understood the request, but it is refusing to fulfill it. Sometimes, the user does not have access to the requested content or data, and the server rejects the request. This also can mean the client needs an account to request data or the request would create a duplicate record.
- 4. 404 Not found, the 404 error is one of the most common codes servers send. The error means the server can't find information in that location now, but it might be able to in the future. It also can occur when a page has a new location, but a user didn't provide the old one with a redirect.
- 5. 408 Request timeout, this code means a request took too long to process. It also could indicate the request didn't make it through to the server. Sometimes, internet problems can interrupt the process, but the user can try again.
- 6. 410 Gone, the information a user requested from the server no longer exists. This code means the information existed at some point, but it doesn't anymore. The server also can't tell you whether the information exists somewhere else.
- 7. 422 Unprocessable Entity, the request was well-formed but was unable to be followed due to semantic errors.
- 8. 429 Too Many Requests, The user has sent too many requests in a given amount of time.
5xx server errors
The browser makes a valid request, but an error happened on the server side of the process (these are
specific to the server-side error).
- 1. 500 Internal Server Error, a generic error message, is given when an unexpected condition was encountered and no more specific messages are suitable.
- 2. 501 Not Implemented, the server either does not recognize the request method or lacks the ability to fulfill the request. Usually, this implies future availability (e.g., a new feature of a web-service API).
- 3. 502 Bad Gateway, the server was acting as a gateway or proxy and received an invalid response from the upstream server.
- 4. 503 Service Unavailable, the server cannot handle the request (because it is overloaded or down for maintenance). Generally, this is a temporary state
- 5. 504 Gateway Timeout, the server was acting as a gateway or proxy and did not receive a timely response from the upstream server
- 6. 505 HTTP Version Not Supported, the server does not support the HTTP protocol version used in the request.
III. What are the common API testing types?
While there are certainly specialty tests, and no list can be asked to be comprehensive in this realm, most
tests fit broadly into the following nine categories that you should remember before attending an API
testing interview.
- 1. Validation Testing
- 2. Functional Testing
- 3. UI testing
- 4. Load testing
- 5. Runtime/ Error Detection
- 6. Security testing
- 7. Penetration testing
- 8. Fuzz testing
- 9. Interoperability and WS Compliance testing
IV. What are the Limits of API Usage?
Many APIs have a certain limit set up by the provider. Thus, try to estimate your usage and understand
how that will impact the overall cost of the offering. Whether this will be a problem depends in large part
on how data is leveraged. Getting caught by a quota and effectively cut off because of budget limitations
will render the service (and any system or process depending on it) virtually useless.