API Testing and Automation

2.

Core Concepts for API Testing

2.1.

HTTP Protocol Fundamentals

2.1.1.

Request-Response Model

2.1.1.1.

Client-Server Architecture

2.1.1.2.

Stateless Communication

2.1.2.

2.1.2.1.

2.1.2.1.1.

Safe Operations

2.1.2.1.2.

Idempotent Nature

2.1.2.2.

2.1.2.2.1.

Resource Creation

2.1.2.2.2.

Non-Idempotent Operations

2.1.2.3.

2.1.2.3.1.

Full Resource Updates

2.1.2.3.2.

Idempotent Updates

2.1.2.4.

2.1.2.4.1.

Partial Resource Updates

2.1.2.5.

2.1.2.5.1.

Resource Removal

2.1.2.6.

2.1.2.6.1.

Method Discovery

2.1.2.7.

2.1.2.7.1.

Header-Only Responses

2.1.3.

HTTP Status Codes

2.1.3.1.

1xx Informational Responses

2.1.3.1.1.

2.1.3.1.2.

101 Switching Protocols

2.1.3.2.

2xx Success Responses

2.1.3.2.1.

2.1.3.2.2.

2.1.3.2.3.

2.1.3.2.4.

2.1.3.3.

3xx Redirection Responses

2.1.3.3.1.

301 Moved Permanently

2.1.3.3.2.

2.1.3.3.3.

304 Not Modified

2.1.3.4.

4xx Client Error Responses

2.1.3.4.1.

400 Bad Request

2.1.3.4.2.

401 Unauthorized

2.1.3.4.3.

2.1.3.4.4.

2.1.3.4.5.

405 Method Not Allowed

2.1.3.4.6.

2.1.3.4.7.

422 Unprocessable Entity

2.1.3.4.8.

429 Too Many Requests

2.1.3.5.

5xx Server Error Responses

2.1.3.5.1.

500 Internal Server Error

2.1.3.5.2.

502 Bad Gateway

2.1.3.5.3.

503 Service Unavailable

2.1.3.5.4.

504 Gateway Timeout

2.1.4.

HTTPS and Security

2.1.4.1.

SSL/TLS Fundamentals

2.1.4.2.

Certificate Validation

2.1.4.3.

Encryption in Transit

2.2.

API Request Components

2.2.1.

Endpoint Structure

2.2.1.1.

2.2.1.2.

2.2.1.3.

URL Construction

2.2.2.

Request Headers

2.2.2.1.

Content-Type Header

2.2.2.2.

2.2.2.3.

Authorization Header

2.2.2.4.

User-Agent Header

2.2.2.5.

2.2.2.6.

Cache-Control Headers

2.2.3.

2.2.3.1.

2.2.3.2.

2.2.3.3.

2.2.3.4.

2.2.3.5.

2.2.4.

Query Parameters

2.2.4.1.

Filtering Parameters

2.2.4.2.

Sorting Parameters

2.2.4.3.

Pagination Parameters

2.2.4.4.

Search Parameters

2.2.5.

Path Parameters

2.2.5.1.

Resource Identification

2.2.5.2.

2.2.5.3.

Parameter Validation

2.3.

API Response Components

2.3.1.

Response Headers

2.3.1.1.

2.3.1.2.

2.3.1.3.

2.3.1.4.

Security Headers

2.3.1.5.

Custom Response Headers

2.3.2.

Response Body Structure

2.3.2.1.

2.3.2.2.

Error Information

2.3.2.3.

2.3.2.4.

Pagination Data

2.3.3.

Status Line Components

2.3.3.1.

2.3.3.2.

2.3.3.3.

2.4.

2.4.1.

2.4.1.1.

Syntax and Structure

2.4.1.2.

Objects and Arrays

2.4.1.3.

2.4.1.4.

Nested Structures

2.4.1.5.

2.4.2.

2.4.2.1.

Element Structure

2.4.2.2.

2.4.2.3.

2.4.2.4.

XML Schema Definition

2.4.3.

Other Data Formats

2.4.3.1.

2.4.3.2.

Protocol Buffers

2.4.3.3.

Form-Encoded Data

2.4.3.4.

2.4.3.5.

2.5.

Authentication and Authorization

2.5.1.

Authentication vs Authorization

2.5.2.

Basic Authentication

2.5.2.1.

Header Structure

2.5.2.2.

Base64 Encoding

2.5.2.3.

Security Considerations

2.5.3.

API Key Authentication

2.5.3.1.

Header-Based Keys

2.5.3.2.

Query Parameter Keys

2.5.3.3.

2.5.4.

Token-Based Authentication

2.5.4.1.

2.5.4.2.

2.5.4.2.1.

Header Structure

2.5.4.2.2.

2.5.4.2.3.

Signature Verification

2.5.4.2.4.

Token Expiration

2.5.4.2.5.

2.5.5.

OAuth Authentication

2.5.5.1.

2.5.5.2.

OAuth 2.0 Flows

2.5.5.2.1.

Authorization Code Flow

2.5.5.2.2.

2.5.5.2.3.

Client Credentials Flow

2.5.5.2.4.

Resource Owner Password Flow

2.5.5.3.

Scopes and Permissions

2.5.6.

Session-Based Authentication

2.5.7.

Multi-Factor Authentication

2.5.8.

Certificate-Based Authentication

Previous

1. Introduction to APIs and API Testing

Go to top

Next

3. Manual API Testing