top of page

API Basics for QE

This post explains how APIs work from a QA perspective and how they fit into modern testing strategies. It focuses on concepts that are useful in daily work and commonly discussed during interviews.


What Is an API?



API stands for Application Programming Interface, but in practice it means how applications communicate.


A typical flow looks like this:

  • A client (browser or mobile app) sends a request

  • A server processes it

  • A response is sent back


This request–response cycle happens thousands of times during a single user session, even if the user clicks only a few buttons.


Important distinction:

  • Application URLs are meant for browsers

  • API URLs are meant for programs

  • An API URL usually cannot be opened directly in a browser

  • A browser URL cannot handle API requests properly


API URLs Explained



An API URL has a clear structure:

  • Protocol: https

  • Domain: api.example.com

  • Path / Endpoint: /users/123

  • Query parameters: ?active=true&role=admin


Key concepts:

  • Base URLProtocol + domain + stable pathUsually constant in a test framework

  • EndpointResource pathChanges depending on the test

  • Query parametersExtra filters sent after ?


HTTP Methods and CRUD


Most APIs follow CRUD operations:

Each request may contain:

  • URL (required)

  • Headers (content type, authorization token)

  • Body (usually JSON, mostly for POST and PUT)


HTTP Response Status Codes


APIs communicate success or failure using status codes.


Success (200 range)

  • 200 – OK

  • 201 – Created

  • 204 – Success with no content


Client errors (400 range)

  • 401 – Unauthorized

  • 404 – Wrong endpoint or missing resource


Server errors (500 range)

  • Indicate backend issues

  • Hardest to debug

  • Usually require developer support and server logs


API Testing Strategies in Cypress


UI-Based Testing


Flow:

Cypress → UI → Server → Response → UI Update → Assertion

  • Closest to real user behavior

  • Slower execution

  • Can become flaky in complex scenarios


API Mocking

  • Intercept API calls before they reach the server

  • Return controlled responses

  • Faster and more stable

  • Risk: real integration issues may be missed


Direct API Testing

  • Browser is removed completely

  • Requests are sent directly to the server

  • Responses are validated at API level

  • Useful for backend validation

  • Cypress is capable, but not a pure API-testing tool


Client–Server Interaction Example: Login


Typical login flow:

  1. User enters credentials

  2. Browser sends API request with JSON payload

  3. Server validates and responds with user data

  4. UI displays personalized content


During processing, loaders or spinners are often shown to the user.

 
 
bottom of page