Interview Questions for API Testing Using Postman

Introduction – Why API Testing Using Postman Is Important in Interviews

In today’s applications, APIs are the core layer connecting UI, backend services, mobile apps, and third-party systems. Because of this, most QA, Automation, and SDET interviews include interview questions for API testing using Postman. 

Interviewers prefer Postman because: 

  • It’s widely used in real projects  
  • It allows manual and basic automation testing  
  • It shows how well you understand backend logic without UI dependency  

In interviews, Postman questions help recruiters evaluate: 

  • Your understanding of REST APIs  
  • Your ability to validate responses, headers, and status codes  
  • Your real-time debugging and testing approach  
  • Your readiness to move into API automation  

This guide includes: 

  • Clear interview answers  
  • Postman examples  
  • JSON/XML samples  
  • Status code explanations  
  • Postman scripts  
  • Scenario-based questions 

What Is API Testing? (Clear & Simple) 

API testing is a type of software testing that validates the functionality, reliability, performance, and security of APIs (Application Programming Interfaces) by sending requests and verifying responses. 

Instead of testing the graphical user interface (UI), API testing focuses on backend communication between systems. APIs act as intermediaries that allow different software applications to exchange data and communicate with each other. 

API testing verifies whether APIs: 

  • Return correct responses  
  • Process requests accurately  
  • Handle errors properly  
  • Maintain security standards  
  • Perform efficiently under load conditions  

Why API Testing Is Important 

Modern applications depend heavily on APIs for communication between: 

  • Web applications  
  • Mobile applications  
  • Databases  
  • Third-party services  
  • Cloud platforms  

If APIs fail, important business operations may stop functioning properly. 

Areas Validated in API Testing 

Functional Validation 

Checks whether APIs work according to business requirements. 

Data Validation 

Ensures API responses contain accurate data. 

Error Handling 

Validates how APIs behave under invalid conditions. 

Security Validation 

Checks authentication and authorization mechanisms. 

Performance Validation 

Measures response time and scalability. 

Example 

Sending a GET request to: 

/users/1 

and validating whether the correct user details are returned in the response. 

Real-Time Scenario 

In a banking application, API testing verifies whether account balance APIs return accurate balance information after successful authentication. 

REST vs SOAP vs GraphQL (Interview Comparison) 

Feature REST SOAP GraphQL 
Protocol HTTP XML-based HTTP 
Data Format JSON / XML XML only JSON 
Performance Fast Slower Optimized 
Flexibility High Low Very High 
Usage in Postman Very High Moderate Growing 

Unable to insert the picture

Most interview questions for API testing using Postman focus on REST APIs

Interview Questions for API Testing Using Postman (90+ Q&A) 

Section 1: Postman & API Basics (Q1–Q20)  

1. What is Postman? 

Postman is a popular API testing tool used to design, send, test, and automate API requests. 

It helps testers and developers validate backend services without depending on the UI layer. 

Postman supports: 

  • REST APIs  
  • SOAP APIs  
  • GraphQL APIs  
  • Authentication testing  
  • Automation scripts  
  • API collections  

It is widely used in real-time projects because it simplifies API testing and debugging. 

2. Why is Postman used for API testing? 

Postman is used because it makes API testing faster and easier without requiring heavy coding knowledge. 

Benefits of using Postman: 

  • Easy request creation  
  • Fast response validation  
  • Supports automation scripts  
  • Useful for debugging APIs  
  • Supports authentication methods  
  • Helps perform API chaining  
  • Useful for regression testing  

Postman is one of the most commonly used tools in QA and API testing projects. 

3. What types of APIs can be tested using Postman? 

Using Postman, we can test: 

  • REST APIs  
  • SOAP APIs  
  • GraphQL APIs  

REST APIs are the most commonly tested because modern applications mainly use REST architecture. 

4. What is an API? 

An API (Application Programming Interface) allows different software systems to communicate with each other. 

APIs act as an intermediary layer between systems. 

Example 

  • Mobile app communicates with backend server using APIs  
  • Payment gateways interact through APIs  
  • Weather applications fetch data using APIs  

Modern applications heavily depend on APIs for backend communication. 

5. What is API testing? 

API testing validates API requests, responses, headers, authentication, status codes, schema, and business logic without involving the UI layer. 

API testing focuses on: 

  • Backend logic  
  • Data validation  
  • Integration testing  
  • Error handling  
  • Security validation  

It is faster and more stable than UI testing because it directly validates backend services. 

6. What are HTTP methods? 

HTTP methods define operations performed on API resources. 

Common HTTP methods: 

Method Purpose 
GET Retrieve data 
POST Create resource 
PUT Full update 
PATCH Partial update 
DELETE Remove resource 

These methods are fundamental in REST API testing. 

7. What is GET request? 

GET request is used to retrieve data from the server. 

Example 

GET /api/users/101 

This request may fetch details for user ID 101. 

GET requests should not modify data. 

8. What is POST request? 

POST request is used to create new data or resources on the server. 

Example 

POST /api/users 

POST requests usually contain request payloads. 

Example Payload 


“name”: “Ravi”, 
“role”: “QA” 

POST requests are commonly used for: 

  • Registration  
  • Login  
  • Order creation  

9. Difference between PUT and PATCH? 

PUT 

PUT performs a full update of a resource. 

Missing fields may get overwritten. 

PATCH 

PATCH performs a partial update and modifies only specified fields. 

Example 

PUT 

“name”: “Ravi”, 
“email”: “ravi@test.com” 

PATCH 

“email”: “new@test.com” 

Simple difference: 

  • PUT → Full update  
  • PATCH → Partial update  

10. What is DELETE request? 

DELETE request is used to remove data or resources from the server. 

Example 

DELETE /api/users/101 

Expected status code is often: 

204 No Content 

DELETE requests should remove the specified resource successfully. 

11. What is an endpoint? 

An endpoint is a specific URL representing an API resource or operation. 

Example 

/users/10 

This endpoint may return details for user ID 10. 

Endpoints combined with HTTP methods define API actions. 

12. What is request payload? 

Request payload is the data sent to the API in the request body. 

Payloads are commonly used in: 

  • POST requests  
  • PUT requests  
  • PATCH requests  

Example 


“username”: “testuser”, 
“password”: “pass123” 

Payload validation is important during API testing. 

13. What is response body? 

Response body is the data returned by the API after processing the request. 

Example 


“token”: “abc.def.xyz”, 
“userId”: 101 

Response validation ensures APIs return correct business data. 

14. What is stateless API? 

A stateless API means each request contains all required information for processing independently. 

The server does not store session information between requests. 

REST APIs are generally stateless. 

Each request should include: 

  • Authentication token  
  • Headers  
  • Parameters  

15. What is idempotency? 

Idempotency means sending the same request multiple times produces the same result without additional side effects. 

Example 

PUT /users/101 

Repeated PUT requests should not create duplicate data. 

Idempotent Methods 

  • GET  
  • PUT  
  • DELETE  

Non-Idempotent Method 

  • POST  

POST may create duplicate records if repeated. 

16. What is authentication? 

Authentication verifies the identity of users or systems. 

Common authentication methods: 

  • Bearer Token  
  • JWT Token  
  • API Key  
  • Basic Authentication  

Authentication ensures only valid users can access APIs. 

17. What is authorization? 

Authorization checks whether authenticated users have permission to access specific resources or perform certain operations. 

Example 

  • Admin users can delete records  
  • Normal users may only view records  

Authorization controls access levels and permissions. 

18. What authentication types are supported in Postman? 

Postman supports multiple authentication types: 

  • Bearer Token  
  • Basic Authentication  
  • API Key  
  • OAuth 2.0  

Authentication testing is one of the most commonly asked interview topics. 

19. What is API versioning? 

API versioning manages API changes without breaking existing integrations. 

Example 

/api/v1/users 
/api/v2/users 

Versioning helps: 

  • Maintain backward compatibility  
  • Introduce new features safely  
  • Support older clients  

20. What is negative API testing? 

Negative API testing validates API behavior using invalid or unexpected inputs. 

Example scenarios: 

  • Invalid credentials  
  • Missing mandatory fields  
  • Expired tokens  
  • Invalid payloads  
  • Special characters  

Negative testing ensures APIs handle failures properly. 

HTTP Status Codes – Must Know for Postman Interviews 

Code Meaning Example 
200 OK Successful GET 
201 Created Successful POST 
204 No Content Successful DELETE 
400 Bad Request Invalid input 
401 Unauthorized Invalid token 
403 Forbidden Access denied 
404 Not Found Invalid endpoint 
409 Conflict Duplicate record 
422 Unprocessable Business rule failure 
500 Server Error Backend failure 

Section 2: API Validation Using Postman (Q21–Q45) 

21. What validations do you perform in Postman? 

Common validations include: 

  • Status code validation  
  • Response body validation  
  • Header validation  
  • Schema validation  
  • Response time validation  
  • Authentication validation  
  • Business logic validation  

Interviewers expect validation beyond status codes. 

22. Is status code validation enough? 

No. 

An API may return 200 OK but still provide incorrect business data. 

Example 


“total”: -500 

The status code is successful, but the business logic is incorrect. 

Always validate: 

  • Response body  
  • Business rules  
  • Schema  
  • Headers  
  • Calculations  

23. How do you validate response body in Postman? 

Response body is validated using JavaScript test scripts in Postman. 

Example 

pm.test(“Token exists”, function () { 
 
const json = pm.response.json(); 
 
pm.expect(json.token).to.not.be.undefined; 
 
}); 

This validation checks whether the token field exists in the response. 

24. How do you validate headers in Postman? 

Headers are validated using Postman test scripts. 

Example 

pm.test(“Content-Type is JSON”, function () { 
 
pm.expect(pm.response.headers.get(“Content-Type”)) 
.to.include(“application/json”); 
 
}); 

Common headers validated: 

  • Content-Type  
  • Authorization  
  • Cache-Control  

25. How do you validate response time? 

Response time can be validated using: 

pm.response.responseTime 

Example 

pm.test(“Response time is below 2 seconds”, function () { 
 
pm.expect(pm.response.responseTime).to.be.below(2000); 
 
}); 

Performance validation is important for user experience. 

26. What is schema validation? 

Schema validation ensures API response structure matches the expected API contract. 

It validates: 

  • Field names  
  • Data types  
  • Mandatory fields  
  • Arrays  
  • Nested objects  

Schema validation helps detect unexpected backend changes. 

27. What is positive API testing? 

Positive API testing validates APIs using valid inputs and expected workflows. 

Example 

  • Valid login credentials  
  • Correct payload  
  • Authorized access  

Expected result: 

  • Successful response  
  • Correct data returned  

28. What is negative API testing? 

Negative API testing validates API behavior using invalid or missing parameters. 

Example 

  • Invalid token  
  • Missing mandatory fields  
  • Incorrect payload format  
  • Invalid credentials  

Expected result: 

  • Proper error handling  
  • Correct status codes  

29. What is boundary value testing? 

Boundary value testing validates minimum and maximum input values. 

Example 

If valid quantity range is: 

  • Minimum = 1  
  • Maximum = 100  

Test values: 

  • 0  
  • 1  
  • 2  
  • 99  
  • 100  
  • 101  

Boundary testing helps identify validation defects. 

30. What is API regression testing? 

API regression testing means re-testing APIs after code changes to ensure existing functionality still works correctly. 

Regression testing helps detect: 

  • Broken functionality  
  • Integration issues  
  • Unexpected side effects  

Regression suites are commonly automated using Postman collections and Newman. 

31. What is API smoke testing? 

API smoke testing is a basic health check performed to verify whether critical APIs are working correctly before detailed testing begins. 

Smoke testing validates: 

  • API availability  
  • Server accessibility  
  • Basic functionality  
  • Authentication flow  

Example 

Checking whether: 

  • Login API works  
  • Core APIs respond successfully  
  • Server is reachable  

If smoke testing fails, further testing is usually stopped because the build may be unstable. 

32. What is pagination testing? 

Pagination testing validates APIs that return large datasets page by page instead of sending all records at once. 

Example 

GET /users?page=2&size=10 

Validations performed: 

  • Correct number of records per page  
  • No duplicate records  
  • No missing records  
  • Correct page navigation  
  • Proper last-page handling  

Pagination testing is common in search and reporting APIs. 

33. What is filtering testing? 

Filtering testing validates whether query parameters correctly return filtered data. 

Example 

GET /users?status=active 

Expected result: 

  • Only active users should be returned  

Common validations: 

  • Correct filtered data  
  • Multiple filter combinations  
  • Empty filter responses  
  • Invalid filter handling  

Filtering validation ensures data accuracy. 

34. What is sorting testing? 

Sorting testing validates whether API responses are returned in the correct order. 

Example 

GET /users?sort=name 

Common validations: 

  • Ascending order  
  • Descending order  
  • Alphabetical sorting  
  • Numeric sorting  
  • Date-based sorting  

Sorting validation is commonly used in search APIs and analytics systems. 

35. What is API chaining? 

API chaining means using the response from one API as input for another API request. 

Example Workflow 

  1. Login API returns token  
  1. Token stored in variable  
  1. Token reused in Profile API  

Example Script 

pm.environment.set(“token”, pm.response.json().token); 

API chaining validates complete workflows and is very commonly asked in interviews. 

36. How do you store token in Postman? 

Tokens are usually stored using environment variables in Postman. 

Example 

pm.environment.set(“token”, pm.response.json().token); 

Stored tokens can then be reused across multiple API requests. 

Environment variables make authentication handling easier and more dynamic. 

37. What is Pre-request Script? 

Pre-request Script is JavaScript code executed before sending an API request in Postman. 

It is commonly used for: 

  • Token generation  
  • Timestamp generation  
  • Dynamic request preparation  
  • Data setup  

Pre-request scripts help automate dynamic workflows. 

38. Why use Pre-request Script? 

Pre-request Scripts are used to generate dynamic values before requests are sent. 

Common use cases: 

  • Generating tokens  
  • Creating timestamps  
  • Generating random test data  
  • Dynamic authentication handling  

Example 

pm.environment.set(“timestamp”, Date.now()); 

This helps automate real-time API workflows. 

39. What is Collection Runner? 

Collection Runner is a feature in Postman used to execute collections multiple times automatically. 

It supports: 

  • Regression testing  
  • Data-driven testing  
  • Bulk API execution  

Collection Runner improves automation and execution speed. 

40. What is Newman? 

Newman is the command-line runner for Postman collections. 

It allows Postman collections to run outside the Postman UI. 

Common use cases: 

  • CI/CD pipelines  
  • Jenkins integration  
  • Automated execution  
  • Scheduled API testing  

Newman is commonly used in automation projects. 

41. What is data-driven testing in Postman? 

Data-driven testing means executing APIs multiple times using external test data files such as CSV or JSON. 

Example 

Testing login API with multiple users: 

Username Password 
user1 pass1 
user2 pass2 

This improves test coverage and reduces manual execution effort. 

42. What is API mocking in Postman? 

API mocking means simulating API responses when actual backend services are unavailable. 

Mock APIs help: 

  • Frontend teams continue development  
  • Perform early testing  
  • Simulate expected responses  

Postman provides mock server functionality for this purpose. 

43. What is environment in Postman? 

An environment in Postman is a set of variables used for different environments such as: 

  • Development  
  • QA  
  • Staging  
  • Production  

Example variables: 

  • Base URL  
  • Tokens  
  • User IDs  

Environments help avoid hardcoding values. 

44. Difference between global and environment variables? 

Global Variables Environment Variables 
Available everywhere Specific to environment 
Shared across collections Used for environment-specific values 
Less secure for sensitive data Better for environment isolation 

Example 

Global variable: 

companyName = ABC 

Environment variable: 

baseUrl = qa-api.company.com 

Environment variables are preferred for dynamic testing. 

45. What is logging in Postman? 

Logging in Postman means capturing request and response details for debugging and analysis. 

Common logging details: 

  • Request payload  
  • Response body  
  • Headers  
  • Tokens  
  • Error messages  

Example 

console.log(pm.response.json()); 

Logging helps troubleshoot API failures efficiently. 

Real-Time API Validation Example Using Postman 

Sample Request 

POST /api/login 
Content-Type: application/json 
 

“username”: “testuser”, 
“password”: “pass123” 

Sample Response 


“token”: “abc.def.xyz”, 
“expires_in”: 3600, 
“userId”: 101 

Validations 

Expected validations include: 

  • Status code should be 200  
  • Token should not be null  
  • expires_in > 0  
  • userId should be numeric  
  • Response format should be JSON  
  • Response time should meet SLA  

These validations ensure both technical and business correctness. 

Postman Test Script Examples 

Status Code Validation 

pm.test(“Status code is 200”, function () { 
 
pm.response.to.have.status(200); 
 
}); 

Token Validation 

pm.test(“Token exists”, function () { 
 
const json = pm.response.json(); 
 
pm.expect(json.token).to.not.be.undefined; 
 
}); 

Response Time Validation 

pm.test(“Response time is less than 2000ms”, function () { 
 
pm.expect(pm.response.responseTime).to.be.below(2000); 
 
}); 

Interviewers commonly ask candidates to explain these validations. 

Automation Snippets (Interview Bonus) 

Rest Assured (Java – Basic) 

Using Rest Assured: 

given() 
 
.contentType(“application/json”) 
 
.body(payload) 
 
.when() 
 
.post(“/login”) 
 
.then() 
 
.statusCode(200); 

Basic automation awareness creates a strong advantage in interviews. 

Python Requests (Basic) 

import requests 
 
response = requests.post(url, json=payload) 
 
assert response.status_code == 200 

Python is commonly used for lightweight API automation. 

Scenario-Based Interview Questions for API Testing Using Postman 

These are very common in interviews. 

1. API returns 200 but wrong data – what do you validate? 

I validate: 

  • Response body  
  • Business logic  
  • Backend calculations  
  • Database values  
  • Schema consistency  

Status code validation alone is not enough. 

2. Login API works, profile API fails – possible reasons? 

Possible reasons: 

  • Invalid token  
  • Expired token  
  • Incorrect authorization header  
  • Backend dependency issue  
  • Environment mismatch  

I would debug using logs and request tracing. 

3. Token expired but API still accessible – defect? 

This is a security and authorization defect because expired tokens should not allow API access. 

Expected response: 

401 Unauthorized 

4. API works in Postman but not in UI – why? 

Possible reasons: 

  • Frontend integration issue  
  • Missing headers  
  • CORS issue  
  • Session handling issue  
  • Different environments  

This usually requires frontend and backend debugging together. 

5. API slow only in production – possible causes? 

Possible causes: 

  • High production traffic  
  • Database bottlenecks  
  • Network latency  
  • Server load issues  
  • Caching problems  

Performance monitoring and logs help identify root cause. 

6. Duplicate records created – what validation missed? 

Possible missed validations: 

  • Duplicate checks  
  • Idempotency validation  
  • Retry handling  
  • Concurrency testing  

This issue commonly occurs in payment and order systems. 

7. Unauthorized user accesses secured API – issue? 

This is a security and authorization issue. 

Access control validation failed. 

8. API crashes for special characters – what testing? 

This requires: 

  • Negative testing  
  • Input validation testing  
  • Security testing  

APIs should handle special characters safely. 

9. Same request returns different responses – why? 

Possible reasons: 

  • Caching issue  
  • Database inconsistency  
  • Race conditions  
  • Backend synchronization problems  

Response consistency validation is important. 

10. Payment deducted but order not created – what testing? 

This requires: 

  • Rollback testing  
  • Transaction testing  
  • Data consistency validation  

Partial transactions should not occur. 

11. API returns null fields – how do you handle? 

I use assertions to validate mandatory fields. 

Example 

pm.expect(json.userId).to.not.be.null; 

Null validation is important for schema and business validation. 

12. API schema changes suddenly – impact? 

Possible impact: 

  • Frontend failures  
  • Automation failures  
  • Integration failures  
  • Contract mismatches  

Schema validation helps detect such changes quickly. 

13. API fails only in Newman – possible reasons? 

Possible reasons: 

  • Environment variable mismatch  
  • Incorrect command configuration  
  • Missing dependencies  
  • Authentication issues  
  • CI/CD configuration problems  

I would analyze Newman logs and environment setup. 

14. API returns XML instead of JSON – issue? 

This is a content-type or response-format issue. 

Expected header: 

Content-Type: application/json 

Incorrect formats may break frontend and automation scripts. 

15. Partial data saved after failure – what testing missed? 

Possible missed validations: 

  • Rollback validation  
  • Transaction validation  
  • Data consistency checks  

This indicates improper transaction handling. 

How Interviewers Evaluate Your Answers 

Interviewers mainly evaluate: 

  • API fundamentals  
  • Practical Postman usage  
  • Validation beyond status codes  
  • Real-time debugging mindset  
  • Scenario-based thinking  
  • Functional validation approach  

Hands-on explanation matters more than memorized definitions. 

Postman API Testing Interview Cheatsheet 

  • Never trust only 200 OK  
  • Always validate response body  
  • Use environment variables  
  • Test negative scenarios  
  • Understand authentication clearly  
  • Practice real APIs in Postman  
  • Validate business logic  
  • Learn API chaining  
  • Use meaningful assertions  
  • Practice scenario-based debugging 

FAQs – Interview Questions for API Testing Using Postman 

Q1. Is Postman enough for API testing interviews? 
Yes — for many API testing interviews, strong Postman knowledge is enough, especially for: 

  • Freshers  
  • Manual QA roles  
  • Functional API testing roles  
  • Service-based company interviews  

But for Automation QA and SDET roles, Postman alone is usually not enough. 

The expectation depends on: 

  • Your experience level  
  • Company type  
  • Role requirements  
  • Automation expectations 

Q2. Do interviewers expect automation knowledge? 
Yes — in many modern API testing interviews, interviewers do expect at least basic automation knowledge, especially for candidates with around 2 years experience and above. 

However, the level of expectation depends on: 

  • Role type  
  • Company type  
  • Experience level  
  • Project requirements  

You usually do NOT need advanced framework expertise unless the role is heavily automation-focused. 

Q3. REST or SOAP – which is more important? 
 

For most modern API testing interviews and real-world projects, REST is much more important than SOAP. 

Today, most applications use REST APIs because they are: 

  • Lightweight  
  • Faster  
  • Easier to integrate  
  • Easier to automate  
  • Better suited for web and mobile applications  

However, basic SOAP knowledge is still useful because some enterprise and legacy systems continue using SOAP services. 

Why REST Is More Important Today 

REST APIs are heavily used in: 

  • Web applications  
  • Mobile applications  
  • Microservices architecture  
  • Cloud platforms  
  • SaaS applications  
  • Third-party integrations  

Most modern backend systems are REST-based. 

That is why interviewers focus heavily on REST concepts during API testing interviews. 

Q4. Biggest mistake candidates make? 
The biggest mistake candidates make in API testing interviews is focusing only on tools and status codes instead of understanding real business behavior and backend validation. 

Many candidates think: 

“I sent the request in Postman and got 200 OK, so the API works.” 

But interviewers expect much deeper analysis, especially for candidates with around 2 years of experience. 

1. Trusting Only 200 OK 

This is the most common mistake. 

Candidates often validate only: 

Status code = 200 

But APIs can still return incorrect business data. 

Example 


“total”: -500 

The API technically succeeded, but the business logic is wrong. 

Interviewers expect validation of: 

  • Response body  
  • Business calculations  
  • Database updates  
  • Schema  
  • Headers  
  • Workflow behavior  

Not just status codes. 

2. Knowing Only Basic Postman Usage 

Many candidates only know: 

  • Sending requests  
  • Checking response  
  • Viewing status code  

But at 2 years experience, interviewers expect more advanced usage such as: 

  • Assertions  
  • API chaining  
  • Dynamic variables  
  • Pre-request scripts  
  • Environment variables  
  • Collection Runner  
  • Negative testing  

Example 

pm.expect(r.total).to.eql(r.subtotal – r.discount + r.tax); 

This demonstrates business validation thinking. 

3. Ignoring Business Logic 

API testing is not only technical testing. 

Interviewers expect candidates to validate: 

  • Discounts  
  • Tax calculations  
  • Order workflows  
  • Payment handling  
  • Access permissions  
  • Duplicate prevention  

Example Questions 

  • Can duplicate orders happen?  
  • Can unauthorized users access APIs?  
  • Are invalid transactions blocked?  
  • Does rollback work properly?  

Business logic validation is one of the most important interview areas. 

4. No Negative Testing Mindset 

Many candidates test only happy paths. 

Strong candidates always test: 

  • Invalid payloads  
  • Missing fields  
  • Expired tokens  
  • Invalid authentication  
  • Boundary values  
  • Special characters  
  • Empty requests  

Negative testing shows deeper understanding of API behavior. 

5. Weak Debugging Approach 

Weak answer: 

“I will report the defect.” 

Strong answer: 

  • Check logs  
  • Verify request payload  
  • Compare database records  
  • Validate headers  
  • Analyze backend logic  
  • Reproduce the issue  
  • Check dependent services  

Interviewers heavily evaluate troubleshooting ability at this level. 

6. No Real-Time Scenario Thinking 

Many candidates memorize definitions but struggle with practical questions. 

Common interview scenarios: 

  • API returns 200 but wrong data — what do you do?  
  • Login works but profile API fails — why?  
  • Payment deducted but order not created — what testing applies?  
  • Retry creates duplicate records — how prevent it?  

Interviewers prefer practical thinking over memorized theory. 

7. Weak Understanding of Authentication 

Candidates commonly confuse: 

  • Authentication  
  • Authorization  
  • JWT tokens  
  • Bearer tokens  
  • 401 vs 403  

These are among the most frequently asked API interview topics. 

You should clearly understand: 

  • How tokens work  
  • How tokens expire  
  • How tokens are passed  
  • Role-based access control  

8. No Automation Awareness 

Some candidates think API testing means only manual testing in Postman. 

But modern projects increasingly expect: 

  • Basic automation knowledge  
  • Assertions  
  • API automation awareness  
  • CI/CD basics  

Even simple knowledge of: 

  • Rest Assured  
  • Python requests  
  • Newman  

creates a stronger profile. 

9. Weak Assertions 

Some candidates validate only: 

pm.response.to.have.status(200); 

Interviewers expect stronger validations such as: 

  • Schema validation  
  • Field validation  
  • Business rule validation  
  • Header validation  
  • Range validation  

Assertions should validate meaningful behavior, not just technical success. 

10. Explaining “What” but Not “Why” 

Weak answer: 

“I validated response fields.” 

Better answer: 

“I validated totals and discounts because incorrect calculations may cause financial defects.” 

Interviewers value reasoning and risk awareness. 

Q5. How should freshers prepare? 
If you want to prepare quickly for Infosys API testing interviews, focus only on the topics that Infosys interviewers repeatedly ask. 

Do not try to learn everything deeply at once. 

Infosys interviews usually focus more on: 

  • API fundamentals  
  • Practical testing knowledge  
  • Real-time scenarios  
  • Postman usage  
  • Functional validation  

Basic automation awareness 

Leave a Comment

Your email address will not be published. Required fields are marked *