This is THE question. Every QA automation interview, without exception, asks some version of "Walk me through your API testing project." If you did this capstone seriously, you have a real project to talk about. Let me teach you how to present it.
Structure your answer in 6 parts. Practice it until you can deliver it in exactly 3 minutes. Not 1 minute (too shallow). Not 10 minutes (interviewer loses interest). Three minutes.
Context: "I built a complete API test suite for two public APIs — JSONPlaceholder for CRUD and relationship testing, ReqRes.in for authentication and pagination. I used both Postman/Newman and REST Assured to demonstrate proficiency in both tools."
Postman side: "The Postman collection has 20+ requests organized into folders — Auth, CRUD, Edge Cases. Every request has assertions for status code, response structure, and business logic. I run it through Newman with the htmlextra reporter. I also did data-driven testing with a CSV file — the collection runs once per row."
REST Assured side: "The REST Assured project is a Maven project with TestNG and Allure. It follows the framework architecture — ConfigReader for environment properties, BaseTest for common request setup, POJOs for request/response models. Tests are organized by type: CrudTests, SchemaTests, NegativeTests, DataDrivenTests."
Test coverage: "I cover 4 test types. CRUD tests for all HTTP methods with specific assertions. Schema validation using JSON Schema files for every resource. Negative tests for invalid IDs, missing fields, wrong types, and non-existent resources. Data-driven tests using DataProvider with external JSON files."
Reporting and execution: "Tests are grouped into smoke and regression using TestNG groups. Allure generates HTML reports with full request/response details captured by the AllureRestAssured filter. The testng.xml has separate suites for smoke and full regression."
Numbers: "Total: 46 test executions from 29 test methods. Smoke suite runs in under 30 seconds. Full regression in under 2 minutes. All green. Report uploaded as artifact."
Q: Walk me through your API testing project.
A: I built an end-to-end API test suite covering two APIs — JSONPlaceholder for CRUD and resource relationships, ReqRes.in for authentication and pagination. The Postman side has a 20+ request collection with environment variables, chained requests, and assertions on every request. I run it through Newman with HTML reports and CSV data-driven iterations. The REST Assured side is a Maven project with TestNG, Jackson, and Allure. It has ConfigReader for environment switching, BaseTest with AllureRestAssured filter, and POJOs for type-safe request/response handling. Tests are split into four classes: PostCrudTests with 10 tests covering all HTTP methods, PostSchemaTests validating JSON schema for 3 resources, PostNegativeTests with 11 tests covering invalid IDs, missing fields, and edge cases, and PostDataDrivenTests using DataProvider with external JSON files. Total 46 test executions. Full suite runs under 2 minutes with Allure report showing request/response details for every test.
Q: What was the most challenging part of this project?
A: The negative testing design was the trickiest part. JSONPlaceholder is a mock API — it accepts almost anything. POST with empty body? Returns 201. String where integer is expected? Accepted. In a real API, these would be 400 errors. The challenge was documenting the expected behavior accurately and noting where a real API would behave differently. I added comments in each negative test explaining what a production API would return. This taught me that test expectations must match the API under test, not what you think the API should do.
Q: How do you decide what to test first?
A: I prioritize by risk and usage. Smoke tests cover the critical path — can I create a resource, can I read it back, does authentication work. These run on every build. Then regression adds filtering, pagination, schema validation, and negative tests. Edge cases come last. I tag tests with TestNG groups — smoke runs in 30 seconds and catches show-stoppers. Full regression runs nightly. If I find a bug in production, I write a failing test first, then add it to the smoke suite so it never regresses.
Q: How would you add a new endpoint to your test suite?
A: Four steps. First, I add the JSON schema file to resources/schemas/. Second, I create a POJO for the request and response if the body structure is new. Third, I write tests — typically one CRUD test, one schema test, and two to three negative tests. Fourth, I add the test class to testng.xml. The whole process takes about 30 minutes because the framework handles all the boilerplate. ConfigReader, BaseTest, Allure filter — all inherited automatically. The new test class just extends BaseTest and starts writing assertions.
Q: What would you do differently in a real project vs this capstone?
A: Three things. First, I would add an endpoint layer — wrapper classes like PostEndpoint and UserEndpoint that encapsulate REST Assured calls, so tests never see given().when().get() directly. I skipped it here to keep the capstone focused on testing concepts. Second, I would add test data cleanup — create data in @BeforeMethod, delete in @AfterMethod, so tests are truly independent. Third, I would integrate with CI/CD — GitHub Actions running smoke on every PR, regression nightly, with Allure report published as a build artifact and Slack notifications on failure.
| Red Flag | What Interviewer Thinks | What to Say Instead |
|---|---|---|
| Only tested happy paths | Does not think about failures | Cover positive, negative, and edge cases systematically |
| No schema validation | Does not understand API contracts | Validate JSON schema for every resource type |
| Hardcoded URLs in tests | Never worked on multi-env projects | Config externalized in properties files with -Denv flag |
| No reporting | Cannot prove testing happened | Allure generates HTML reports with request/response details |
| Cannot explain framework architecture | Probably copy-pasted from YouTube | Describe the 6 layers: Config, Base, POJOs, Endpoints, Tests, Reports |
| Says "I tested 100 test cases" but cannot name 5 | Numbers are inflated | Be specific: 10 CRUD, 5 schema, 11 negative, 20 data-driven |
Key Point: When describing your project, be specific. Name the APIs. Name the tools. Give exact numbers — 29 methods, 46 executions, 4 test types. Interviewers can smell vague answers. Specific answers show real experience.
Record yourself giving the 3-minute walkthrough. Watch it back. Do you sound confident or hesitant? Do you stumble on any section? Practice the weak parts 10 more times. The candidates who get offers are the ones who practiced their answers out loud, not just in their head.
Key Point: Present your API testing project in 3 minutes: context, Postman side, REST Assured side, test coverage types, reporting/execution, and exact numbers. Practice out loud until it flows naturally.
Answer all 5 questions, then submit to see your score.
1. You are writing a Postman test for a POST /api/register endpoint that requires email and password. You send a request with only email. What should you assert?
2. In a data-driven Newman run with a CSV file containing 5 rows, how many times does the Postman collection execute?
3. Your REST Assured test sends GET /posts?userId=99999. The API returns status 200 with an empty array []. What does this tell you?
4. Your JSON schema has "additionalProperties": false. The API adds a new field called "updatedAt" to the response. What happens?
5. In an interview, you are asked "How many tests does your API suite have?" Your suite has 29 test methods but runs 46 times due to DataProviders. What is the correct answer?