Common API Test Cases 1. Response Validation ¢ Verify that the API response status code is 200 OK upon successful request ¢ Verify that the API response is in the expected format (e.g. JSON, XML) ¢ Verify that the API response contains all the expected fields ¢ Verify that the API response contains the correct data for each field¢ Verify that the API response time is within acceptable limits ¢ Verify that the API response headers are correct. « Verify that the API response contains a specific error message when the request fails due to validation errors ¢ Verify that the API response contains a specific error message when the request fails due to server-side errors2. Request Validation ¢ Verify that the API request parameters are correctly passed to the API Verify that the API request method is correct (e.g., GET, POST, PUT, DELETE) * Verify that the API endpoint URL is correct ¢ Verify API response headers is correct ¢ Verify API returns error message for missing request payload * Verify API returns error message for missing API request method3. Error Handling ¢ Verify API returns error message for forbidden access ¢ Verify API returns error message for server-side validation failure ¢ Verify API returns error message for invalid authentication credentials ¢ Verify API returns a specific error message for invalid data format in request ¢ Verify API returns error message and status code for invalid authentication credentials4. Success Handling * Verify that the API returns a success message if the resource is created successfully * Verify that the API returns a success message if the resource is updated successfully * Verify that the API returns a success message if the resource is deleted successfully ° Verify that the API returns a success message if the resource is retrieved successfully Verify that the API returns a success message if the resource is retrieved successfully5. Negative Scenarios ¢ Verify API response for invalid request method Verify API response for exceeded payload size ¢ Verify API response for malformed request URL ¢ Verify API response for non-existent resource « Verify API response for expired authentication token Verify API response for incorrect content type ¢ Verify API response for unexpected server errors ¢ Verify API response for invalid authentication credentialsTypes of Authentication 1. Basic Authentication 2. Pre-emptive Authentication 3. Digest Authentication 4. OAuth2 Authentication 5. OAuth AuthenticationRequest Structure 1. HTTP Method © GET * POST ¢ PUT ¢ DELETE « PATCH 2. URL « The URL identifies the location of the API endpoint that the client wants to access. e.g., https://www.alphabin.co/3. Request Header * Content-Type « Authorization * Accept 4. Request Parameters * Query Parameters « Path Parameters * Request Body5. Request Body * For HTTP methods like POST, PUT, and PATCH, the request body contains the data that the client wants to send to the server. 6. Authentication * If the API requires authentication, the client must include authentication credentials (e.g., API keys, OAuth tokens)