REST APIs: Concepts and How to Test Them
REST (Representational State Transfer) is a common style for web APIs. As a QA, you need to understand resources, URLs, HTTP methods, and how to test REST endpoints. This post gives you the concepts and a testing angle.
REST in brief
- Resources: Things the API exposes (e.g. users, orders, products). Each resource has a URL (e.g.
/users,/orders/123). - HTTP methods: GET (read), POST (create), PUT/PATCH (update), DELETE (remove). Same URL can behave differently for different methods.
- Stateless: Each request carries what the server needs; no server-side session required (auth often via headers).
URLs and methods
GET /users— list users.GET /users/1— get user with id 1.POST /users— create user (body with data).PUT /users/1orPATCH /users/1— update user 1.DELETE /users/1— delete user 1.
You test each method: valid and invalid inputs, permissions, and response format.
How to test REST APIs
- Positive: Valid request → expected status (e.g. 200, 201) and correct body/headers.
- Negative: Invalid input, missing auth, wrong method → expected error status (e.g. 400, 401, 404) and error body.
- Edge: Boundary values, empty list, missing optional fields.
- Idempotency and safety: GET and DELETE semantics; POST vs PUT when applicable.
Summary
- REST = resources (URLs) + HTTP methods (GET, POST, PUT/PATCH, DELETE); stateless.
- Test each endpoint for positive, negative, and edge cases; check status codes and response body.
- Use the next posts (HTTP details, Postman, test design) to build concrete test cases and automation.