API stands for Application Programming Interface. APIs allow communication between applications or services by providing a set of functions and procedures. API testing involves testing APIs and their integration with services to ensure correct functionality, reliability, performance, and security. Postman is a popular tool for API development that allows users to design, build, test, and document APIs through a graphical user interface.

1. Hello Everyone

2. WHAT IS API
API stands for Application Programming Interface.
They are basically collection of functions and procedures, which allow us to communicate two
application or libraries.
API is an interface between programs and services
At the most basic level, an API is a mechanism that enables an application or service to access a
resource within another application or service. The application or service doing the accessing is called
the client, and the application or service containing the resource is called the server.

3. How API Works
 Let’s use a simple laymen example to explain how an API works.
 Imagine you’re a customer at a restaurant. The waiter (the API) functions as an
intermediary between customers like you (the user) and the kitchen (web server).
You tell the waiter your order (API call), and the waiter requests it from the kitchen.
Finally, the waiter will provide you with what you ordered.
The waiter is the intermediary between you and the kitchen. In this metaphor, the
waiter is effectively an abstraction of the API.

4. WHAT IS API TESTING
 API Testing is testing that API’s and its integration with the services.
 It is one of the most challenging types of testing. If we miss the certain cases in API
testing then it will cause a very big problem in production environment. And it is
very to debug in production environment.
 API testing involves testing the collection of APIs and checking if they meet
expectations for functionality, reliability, performance, and security and returns the
correct response.

5. Why We Perform API Testing
 Many of the services that we use everyday rely on different interconnected API’s. If
any of them fail then services will not work.
 API testing is used to determine whether the output is well-structured and useful to
another application or not, checks the response on basis of input (request)
parameter, and checks how much time the API is taking to retrieve and authorize
the data too.
 Developer sometimes make mistake and created defective API’s.
 Validation of API is very important.

6. Role of Tester in API Testing
 Validate the keys with the minimum and maximum range.
 Has to perform XML, JSON, etc, schema or syntax validation.
 Verify the Response status code with the API document.
 Verify the error codes and messages.
 Verify each key and their expected values.
 Create documentation for their tested API’s.
 If any bug is found then they have to create a Defect for the issue.

7. Types of API
 REST
 SOAP
 JSON RPC
 XML RPC
REST is mostly used then followed by SOAP.

8. REST API
 Some APIs, such as SOAP or XML-RPC, impose a strict framework on developers. But REST APIs can
be developed using virtually any programming language and support a variety of data formats. The
only requirement is that they align to the following six REST design principles - also known as
architectural constraints:
 Uniform interface. All API requests for the same resource should look the same, no matter where
the request comes from. The REST API should ensure that the same piece of data, such as the name
or email address of a user, belongs to only one uniform resource identifier (URI). Resources
shouldn’t be too large but should contain every piece of information that the client might need.
 Client-server decoupling. In REST API design, client and server applications must be completely
independent of each other. The only information the client application should know is the URI of
the requested resource; it can't interact with the server application in any other ways. Similarly, a
server application shouldn't modify the client application other than passing it to the requested
data via HTTP.

9.  Statelessness. REST APIs are stateless, meaning that each request needs to include all the
information necessary for processing it. In other words, REST APIs do not require any server-side
sessions. Server applications aren’t allowed to store any data related to a client request.
 Cacheability. When possible, resources should be cacheable on the client or server side. Server
responses also need to contain information about whether caching is allowed for the delivered
resource. The goal is to improve performance on the client side, while increasing scalability on the
server side.
 Layered system architecture. In REST APIs, the calls and responses go through different layers. As a
rule of thumb, don’t assume that the client and server applications connect directly to each other.
There may be a number of different intermediaries in the communication loop. REST APIs need to
be designed so that neither the client nor the server can tell whether it communicates with the end
application or an intermediary.
 Code on demand (optional). REST APIs usually send static resources, but in certain cases, responses
can also contain executable code (such as Java applets). In these cases, the code should only run
on-demand.

10. How REST APIs work
 REST APIs communicate via HTTP requests to perform standard database functions
like creating, reading, updating, and deleting records (also known as CRUD) within
a resource. For example, a REST API would use a GET request to retrieve a record, a
POST request to create one, a PUT request to update a record, and a DELETE
request to delete one. All HTTP methods can be used in API calls. A well-designed
REST API is similar to a website running in a web browser with built-in HTTP
functionality.
 The state of a resource at any particular instant, or timestamp, is known as the
resource representation. This information can be delivered to a client in virtually
any format including JavaScript Object Notation (JSON), HTML, XLT, Python, PHP, or
plain text. JSON is popular because it’s readable by both humans and machines—
and it is programming language-agnostic.

11. Difference b/w REST and SOAP
Sr. No. Key REST API SOAP API
1
Implementation Rest API is implemented as it has no official
standard at all because it is an architectural style.
On other hand SOAP API has an official
standard because it is a protocol.
2
Internal
communication
REST APIs uses multiple standards like HTTP,
JSON, URL, and XML for data communication and
transfer.
SOAP APIs is largely based and uses only HTTP
and XML.
3
Resource
requirement
As REST API deploys and uses multiple standards
as stated above, so it takes fewer resources and
bandwidth as compared to SOAP API.
On other hand Soap API requires more resource
and bandwidth as it needs to convert the data
in XML which increases its payload and results
in the large sized file.
4
Description REST API uses Web Application Description
Language for describing the functionalities being
offered by web services.
On other hand SOAP API used Web Services
Description language for the same.
5
Security REST has SSL and HTTPS for security. On other hand SOAP has SSL( Secure Socket
Layer) and WS-security due to which in the
cases like Bank Account Password, Card
Number, etc. SOAP is preferred over REST.

12. HTTP METHODS
1 GET
The GET method is used to retrieve information from the given server using a given URI. Requests
using GET should only retrieve data and should have no other effect on the data.
2 HEAD
Same as GET, but transfers the status line and header section only.
3 POST
A POST request is used to send data to the server, for example, customer information, file upload,
etc. using HTML forms.
4 PUT
Replaces all current representations of the target resource with the uploaded content.
5 DELETE
Removes all current representations of the target resource given by a URI.
6 CONNECT
Establishes a tunnel to the server identified by a given URI.
7 OPTIONS
Describes the communication options for the target resource.
8 TRACE
Performs a message loop-back test along the path to the target resource.

13. HTTP Status Codes
S.N. Code and Description
1 1xx: Information
It means the request has been received and the process is continuing.
2 2xx: Success
It means the action was successfully received, understood, and accepted.
3 3xx: Redirection
It means further action must be taken in order to complete the request.
4 4xx: Client Error
It means the request contains incorrect syntax or cannot be fulfilled.
5 5xx: Server Error
It means the server failed to fulfill an apparently valid request.

14. What is Postman
 Postman is a collaboration platform for API development. It is a popular API client
and it enables you to design, build, share, test, and document APIs.
 Using the Postman tool, we can send HTTP/s requests to a service, as well as get
their responses. By doing this we can make sure that the service is up and running.
 Being originally a Chrome browser plugin, Postman now extends their solution with
the native version for both Mac and Windows.
 A test in Postman is fundamentally a JavaScript code, which run after a request is
sent and a response has been received from the server

15. Why Postman
 Postman has become a tool of choice for over 8 million users.
 Free: It is free to download and use for teams of any size.
 Easy: Just download it and send your first request in minutes.
 APIs Support: You can make any kind of API call (REST, SOAP, or plain HTTP) and
easily inspect even the largest responses.
 Extensible: You can customize it for your needs with the Postman API.
 Integration: You can easily integrate test suites into your preferred CI/CD service
with Newman (command line collection runner)
 Community & Support: It has a huge community forum

16. Postman Features
 Easy-to-use REST client
 Rich interface which makes it easy to use
 Can be used for both manual and automated API testing
 Can be run on Mac, Windows, Linux & Chrome Apps
 Has a bunch of integrations like support for Swagger & RAML formats
 Has Run, Test, Document and Monitoring Features
 Doesn’t require learning a new language
 Enable users to easily share the knowledge with the team as they can package up all the
requests and expected responses, then send to their colleagues.
 Can be integrated with CI-CD tools like Jenkins, TeamCity etc.,
 Comes with a detailed API documentation
 API development & Automating API tests execution