This is the most asked question in QA automation interviews: "Describe your API test automation framework." Every interviewer asks it. Every candidate struggles with it. Here is how to answer it like a senior engineer.
Memorize this structure. Practice it until it flows naturally. Interviewers love structured answers.
Tech stack: "We use REST Assured with TestNG for test execution, Jackson for POJO serialization, and Allure for reporting. Maven as build tool."
Architecture: "The framework has 6 layers — Config reads environment properties, Base sets up common request specs, POJOs model request and response bodies, Endpoint classes wrap REST Assured calls, Test classes contain assertions, and Allure handles reporting."
Config management: "We have separate properties files for dev, staging, and prod. A ConfigReader utility loads the right file based on the -Denv system property."
Request handling: "Each API resource has its own endpoint class. UserEndpoint for /users, AccountEndpoint for /accounts. Methods return raw Response objects. We use POJOs with Jackson annotations for request/response bodies."
Test execution: "Tests use TestNG DataProvider for data-driven testing. We have smoke and regression groups. testng.xml controls the suite. Maven profiles handle environment presets."
Reporting and CI: "AllureRestAssured filter captures every request/response automatically. Reports show pass/fail with full HTTP details. Tests run in GitHub Actions — smoke on every PR, regression nightly."
Q: Describe the API test automation framework you built.
A: Our framework uses REST Assured with TestNG, Jackson for serialization, and Allure for reporting. It has 6 layers. Config layer reads environment-specific properties files using a ConfigReader. Base layer has BaseTest which creates a common RequestSpecification with base URI, content type, and AllureRestAssured filter. POJO layer has separate request and response model classes with Jackson annotations. Endpoint layer has one class per API resource — each method wraps a REST Assured call and returns a raw Response. Test layer uses DataProvider for data-driven tests and TestNG groups for smoke vs regression. Allure captures every request and response automatically. We run smoke tests on every PR in GitHub Actions and full regression nightly against staging. Switching environments is just -Denv=staging.
Q: How do you handle authentication in your framework?
A: It depends on the auth mechanism. For token-based auth, BaseTest has a method that calls the auth endpoint, extracts the token, and adds it to the RequestSpec as a header. The credentials come from ConfigReader. For OAuth2, we store client_id and client_secret in config and generate a token in @BeforeSuite. For API key auth, the key is in config.properties and added as a header or query parameter in the RequestSpec. The key point is that individual test classes never deal with auth — BaseTest handles it once.
Q: How do you handle test data in your framework?
A: Three approaches depending on the scenario. For simple parametrized tests, we use TestNG DataProvider with inline data. For larger datasets, the DataProvider reads from CSV or JSON files in src/test/resources/testdata/. For tests that need dynamic data, we have a TestDataGenerator utility that creates random but valid data using Faker or custom logic. For cleanup, tests that create data also delete it in @AfterMethod. We follow the pattern: create data, use it, clean it up — so tests are independent and repeatable.
Q: What happens when a test fails? How do you debug it?
A: First, I check the Allure report. For each test, it shows the exact HTTP request (method, URL, headers, body) and the exact response (status, body). This is captured automatically by the AllureRestAssured filter. I can see exactly what was sent and received. If the issue is environmental, I check the config file to confirm the right base URL was used. If it is a data issue, I check the DataProvider. REST Assured also logs request and response details on validation failure, which shows up in the console. Between Allure and console logs, I can reproduce most issues within minutes.
Q: How do you ensure test independence in your framework?
A: Each test creates its own test data and cleans up after itself. We do not rely on shared state or test execution order. If testCreateUser creates a user, it stores the ID and deletes the user in @AfterMethod. DataProviders supply fresh data for each test run. We do not use static variables to share data between test classes. The BaseTest @BeforeClass creates a fresh RequestSpec for each class. If tests need a known starting state, we use API calls in setup methods to create it — never manual database inserts.
| Question | Key Point to Mention |
|---|---|
| How many tests do you have? | Give a real number. "Around 200-300 API tests across 15 endpoints" sounds credible. |
| How long does the suite take? | "Smoke runs in 2-3 minutes. Full regression is 15-20 minutes with parallel execution." |
| Who maintains the framework? | "The QA team owns it. Any team member can add tests. The framework code is reviewed in PRs like production code." |
| What was the hardest challenge? | Pick one: flaky tests due to test data, auth token expiry, or parallel execution thread safety. |
| How do you handle API versioning? | "Base URL includes the version — /api/v1 vs /api/v2. We run the same tests against both." |
| Do you do contract testing? | "We use JSON Schema validation as a lightweight contract check. For full contract testing, we would use Pact." |
Practice describing your framework out loud. Not in your head — out loud. Record yourself. Listen back. If you stumble on any part, that is the part you need to practice more. Interviewers can tell the difference between someone who built a framework and someone who read about one.
Key Point: When describing your framework in an interview, follow the structure: tech stack, architecture (6 layers), config management, request handling, test execution, and CI/CD. Be specific with numbers — test count, execution time, team size.
Key Point: Describe your framework in 6 parts: tech stack, architecture, config management, request handling, test execution, CI/CD. Practice saying it out loud until it flows naturally.
Answer all 5 questions, then submit to see your score.
1. In a well-designed API test framework, which layer should contain REST Assured given().when().get() calls?
2. What is the purpose of the AllureRestAssured filter added to RequestSpec?
3. Why should response POJOs have @JsonIgnoreProperties(ignoreUnknown = true)?
4. How does the framework switch between dev and staging environments?
5. Why should endpoint methods return raw Response objects instead of deserialized POJOs?