This API uses standard HTTP status codes. Knowing these is essential for both testing and interviews.
| Code | Meaning | When You Will See It |
|---|---|---|
| 200 | OK | Successful GET, PUT, or login/register |
| 201 | Created | Successful POST (new user, new order) |
| 204 | No Content | Successful DELETE (no response body) |
| 400 | Bad Request | Invalid JSON or missing required fields |
| 401 | Unauthorized | Missing or invalid token |
| 403 | Forbidden | Valid token but insufficient permissions |
| 404 | Not Found | Product or order ID does not exist |
| 409 | Conflict | Duplicate email during registration |
| 422 | Validation Error | Fields present but invalid format |
| 429 | Too Many Requests | Rate limit exceeded (100 requests/min) |
Every response follows a consistent format. Success responses have "success": true with a data object. Error responses have "success": false with an error object.
{
"success": true,
"data": { ... }
}{
"success": false,
"error": {
"code": "ERROR_CODE",
"message": "What went wrong",
"details": [...]
}
}If you prefer a GUI over curl, Postman is the industry standard. Here is how to set it up for TesterRank's Practice API.
baseUrl (set to your API base URL) and token (leave empty for now).{{baseUrl}}/auth/register. Set Body → raw → JSON with your name, email, and password.{{token}}.if (pm.response.code === 200 || pm.response.code === 201) {
var data = pm.response.json();
pm.environment.set("token", data.data.token);
}You can also authenticate with the X-API-Key header instead of Bearer tokens. Add it as a custom request header: X-API-Key: YOUR_API_KEY.
| Method | Endpoint | Auth Required | Description |
|---|---|---|---|
| POST | /auth/register | No | Create a new account |
| POST | /auth/login | No | Login and get a token |
| GET | /auth/me | Yes | View your profile |
| GET | /products | No | List/search/filter products |
| GET | /products/:id | No | Get a single product |
| POST | /orders | Yes | Place a new order |
| GET | /orders | Yes | List your orders |
| GET | /orders/:id | Yes | Get a specific order |
| DELETE | /orders/:id | Yes | Cancel a pending order |
Q: What should you validate when testing a REST API?
A: A thorough API test checks: (1) Status code — correct for the operation. (2) Response body — correct structure and data. (3) Response headers — Content-Type, caching, rate limit headers. (4) Error handling — proper codes and messages for invalid input. (5) Authentication — endpoints correctly reject unauthorized requests. (6) Performance — response time is acceptable.
Answer all 10 questions, then submit to see your score.
1. What HTTP method is used to create a new resource?
2. What status code indicates a successful DELETE?
3. What header is used for Bearer Token authentication?
4. What status code means "resource already exists"?
5. Which query parameter controls pagination page size?
6. What curl flag shows response headers?
7. What does status 401 Unauthorized mean?
8. In the API response format, where is the data on a successful request?
9. What is the difference between API Key and Bearer Token?
10. What status code means the request exceeded the rate limit?