API Testing
Intermediate
API Testing Cheat Sheet
HTTP methods, status codes, authentication, and common API testing patterns.
API Testing Cheat Sheet
HTTP Methods
| Method | Purpose | Idempotent? |
|---|---|---|
| GET | Read data | Yes |
| POST | Create data | No |
| PUT | Replace data | Yes |
| PATCH | Partial update | No |
| DELETE | Remove data | Yes |
Status Codes to Know
| Code | Meaning | Test For |
|---|---|---|
| 200 | OK | Happy path |
| 201 | Created | POST success |
| 204 | No Content | DELETE success |
| 400 | Bad Request | Invalid input |
| 401 | Unauthorized | Missing/bad auth |
| 403 | Forbidden | Wrong permissions |
| 404 | Not Found | Wrong URL/ID |
| 422 | Unprocessable | Validation errors |
| 500 | Server Error | Bug found! |
Python (requests)
import requests
r = requests.get("https://api.example.com/users", headers={"Authorization": "Bearer TOKEN"})
assert r.status_code == 200
assert len(r.json()) > 0
What to Test
- Happy path (valid data → expected response)
- Missing required fields
- Invalid data types
- Auth: no token, expired token, wrong role
- Edge cases: empty strings, max length, special characters
- Response time (< 200ms for most endpoints)