General testing questions Flashcards
What are Microservices?
an architectural and organizational approach to software development where software is composed of small independent services that communicate over well-defined APIs.
microservices architecture consists of decoupled, independently run services that communicate via APIs to execute single functions within data maps that enable microservices to function as a whole like a traditional, monolithic app.
What are advantages of Microservices?
- Scalable - each service to be independently scaled to meet demand for the application feature it supports.
- Easy deployment.
- Technological Freedom - teams have the freedom to choose the best tool to solve their specific problems.
- Reusable code.
- Resilience - service independence increases an application’s resistance to failure. In a monolithic architecture, if a single component fails, it can cause the entire application to fail. With microservices, applications handle total service failure by degrading functionality and not crashing the entire application.
How is Microservice testing different?
- Unit testing: a single unit is usually a full application stack - %front end, programming layer and a database.
- Integration
What is the diff between RestAPI PUT and PATCH
use PUT when you want to completely replace the resource, and use PATCH when you want to make partial updates to the resource
How do you handle authentication and authorization in RESTful APIs?
- Basic Authentication: The client sends the username and password in the Authorization header of the HTTP request. The server checks the username and password against its database and responds with a 401 status code if the credentials are invalid.
- Token-based Authentication: The client sends a token in the Authorization header of the HTTP request. The token is typically a JSON Web Token (JWT) that contains information about the user and is signed by the server. The server verifies the signature and responds with a 401 status code if the token is invalid.
- OAuth2: OAuth2 is a widely used standard for authorization in RESTful APIs. It allows users to grant limited access to their resources to third-party applications. The user first authenticates with the server, and then the server issues an access token that the client can use to access the user’s resources.
most commonly used HTTP status codes
- 200 OK: request successful, server has returned the requested data in the response body.
- 201 Created: a new resource has been created. The URI of the resource is typically included in the response body or Location header.
- 204 No Content: server has successfully processed the request but is not returning any data.
- 400 Bad Request: the client has sent an invalid request, such as missing or invalid parameters.
- 401 Unauthorized: the client is not authorized to access the requested resource.
- 403 Forbidden: the client is authenticated but does not have the necessary permissions.
- 404 Not resource was not found on the server.
- 500 Internal Server Error:
- 502 Bad Gateway: Indicates that the server acting as a gateway or proxy received an invalid response from the upstream server.
10.503 Service Unavailable: Indicates that the server is temporarily unable to handle the request due to maintenance or overload.
what is URI
Uniform Resource Identifier
A URI consists of two main parts: the scheme and the path. The scheme indicates the protocol used to access the resource, such as HTTP or HTTPS. The path is the location of the resource on the server, which can include a domain name, a port number, and a file path.
ex: https://openai.com/
what is SOAP
simple object access protocol
What is REST
representational state transfer
SOAP vs REST
- Soap - protocol, REST - architectural standard
- Soap - uses XML and WSDL(web services description lang), REST - generally in JSON. It is based on URI. Because REST follows stateless model, REST does not enforces message format.
- SOAP is preferred for secure transactions, REST for mobile
symmetric vs asymmetric decryption
symmetric encryption uses the same key for encryption and decryption, while asymmetric encryption uses two different keys: a public key for encryption and a private key for decryption.
what are the types of API testing
- Functional
- Performance
- Security:
Penetration testing -an API’s functions, processes, and resources are attacked by an outsider with little knowledge of how the API works.
Fuzz testing - stress test, involves inputting an influx of data to see whether an API will withstand it or result in a forced crash. - Runtime and error detection testing
- Validation testing
what are REST caching techniques
- Cache-Control headers
HTTP/1.1 200 OK
Cache-Control: max-age=3600
Content-Type: image/jpeg
<JPEG>
2. ETag headers (if ETag for a resource didn't change, use the cached resource),
3. Last-Modified headers
4. Expiration headers.
</JPEG>
diff between POST and PUT
PUT - update an existing resource or to create a new resource if it doesn’t exist.
PUT - idempotent -> making the same request multiple times has the same effect as making it once.
In a PUT request, the client specifies the URI of the resource to update and includes the complete new representation of the resource in the request body.
POST is used to submit data to a server to create a new resource.
POST requests are not idempotent, which means that making the same request multiple times may result in different effects.
In a POST request, the server generates the URI of the new resource and includes it in the response. The client does not specify the URI of the new resource in the request.
what is REST API
representational state transfer api (representation state - current state of resource) is an architectural style for creating web-based services that allows client-server communication through HTTP requests and responses.
A RESTful API is designed to interact with resources or data stored on a server. It uses HTTP methods such as GET, POST, PUT, and DELETE to perform operations on the resources.
