REST Assured appears in almost every SDET and QA automation interview. Companies want to know if you have actually written tests or just watched tutorials. These questions test real hands-on experience. Read the answers, but more importantly — write the code from the exercises so you can answer from experience, not memory.
Q: What is REST Assured? Why is it preferred for API automation?
A: REST Assured is an open-source Java library for testing REST APIs. It provides a BDD-style fluent API — given() for request setup, when() for the HTTP method, then() for response validation. It is preferred because: 1) Tests are written in Java, fitting naturally into Maven/Gradle projects. 2) Built-in Hamcrest matchers provide readable assertions. 3) Automatic JSON/XML parsing without manual Jackson/Gson calls. 4) Integrates with TestNG and JUnit. 5) Supports authentication, cookies, multipart uploads. 6) Industry standard — most QA frameworks in Java use it.
Q: How do you validate the response body in REST Assured?
A: Two ways. Inline with Hamcrest: .body("name", equalTo("John")), .body("items.size()", greaterThan(0)), .body("users.email", hasItem("admin@test.com")). Or extract and assert: Response response = ...extract().response(); String name = response.jsonPath().getString("name"); Assert.assertEquals(name, "John"). The Hamcrest approach is cleaner for simple checks. Extraction is better when you need the value for subsequent requests or complex logic. You can also deserialize to POJO: .extract().as(User.class).
Q: How do you handle authentication in REST Assured?
A: REST Assured supports multiple auth types. Basic auth: given().auth().basic("username", "password"). Bearer token: given().header("Authorization", "Bearer " + token). OAuth 2.0: given().auth().oauth2(accessToken). For preemptive basic auth (sends credentials without waiting for 401): given().auth().preemptive().basic("user", "pass"). In real frameworks, I put the auth setup in RequestSpecBuilder so every request includes the token. The token itself comes from environment variables or a config file, never hardcoded.
Q: What is the difference between .body() assertion and .extract()?
A: .body() validates inline — the test fails immediately if the matcher does not match. It is declarative: "this field MUST have this value." .extract() pulls data out of the response for use in Java code — you get a Response object or a specific value. Use .body() when you just need to validate. Use .extract() when you need the value for the next request (like extracting a token from login, or an ID from create). You can combine both: validate first with .body(), then .extract() at the end.
Q: How do you send a POST request with a JSON body?
A: Three ways: 1) String body — pass a raw JSON string to .body(). Quick but error-prone. 2) HashMap — create a Map<String, Object>, put key-value pairs, pass to .body(). REST Assured converts to JSON. 3) POJO — create a Java class matching the JSON structure with getters/setters, pass the object to .body(). Jackson serializes it. Always set .contentType(ContentType.JSON). The POJO approach is best for frameworks because it is type-safe, reusable, and IDE-autocomplete friendly.
Q: What are RequestSpecBuilder and ResponseSpecBuilder?
A: RequestSpecBuilder creates a reusable request template — base URI, content type, headers, auth. ResponseSpecBuilder creates a reusable response validation template — expected status code, content type, response time. Define them in @BeforeClass, use .spec(requestSpec) in given() and .spec(responseSpec) in then(). Benefits: eliminates duplication, centralizes config, easy maintenance. When the base URL changes, you update one line. In frameworks, these live in a BaseTest class that all test classes extend.
Q: How do you deserialize a JSON response to a Java object?
A: Use .extract().as(ClassName.class). REST Assured uses Jackson (or Gson) under the hood. The POJO must have: a no-arg constructor, fields matching JSON keys (or @JsonProperty annotations), and getters/setters. For arrays: .extract().as(User[].class) returns an array. For a list: use .extract().jsonPath().getList("users", User.class). Jackson must be on the classpath — add jackson-databind to pom.xml. Deserialization is essential for chained tests where you create a resource and then use its fields in subsequent requests.
Q: How do you log requests and responses for debugging?
A: Request logging: given().log().all() logs method, URI, headers, body. Response logging: .then().log().all() logs status, headers, body. For production tests: .log().ifValidationFails() logs only when assertions fail — clean output on success, full details on failure. Global setting: RestAssured.enableLoggingOfRequestAndResponseIfValidationFails() applies to all tests. Selective logging: .log().uri() for URL only, .log().headers() for headers only, .log().body() for body only. Never use .log().all() in CI permanently — it can leak auth tokens in logs.
| Question | Answer |
|---|---|
| What static imports does REST Assured need? | import static io.restassured.RestAssured.* and import static org.hamcrest.Matchers.* |
| How to set base URI globally? | RestAssured.baseURI = "https://api.example.com" |
| How to pass a path param? | .pathParam("id", 1) with .get("/users/{id}") |
| How to pass a query param? | .queryParam("page", 1) |
| How to check response time? | .time(lessThan(3000L)) — note the L suffix |
| How to extract a field? | .extract().jsonPath().getString("name") |
| What does equalTo() come from? | Hamcrest library (org.hamcrest.Matchers) |
| How to validate all items in array? | .body("field", everyItem(matcher)) |
| PUT vs PATCH? | PUT replaces all fields, PATCH updates partial fields |
| How to run tests via Maven? | mvn test or mvn test -Dtest=ClassName |
Key Point: REST Assured interview questions test real coding experience. Know the given/when/then pattern, body methods (String/Map/POJO), specs, extraction, matchers, and logging. Practice the code, do not just memorize answers.
Answer all 5 questions, then submit to see your score.
1. What is the correct order of the BDD-style syntax in REST Assured?
2. Which method is used to send a POST request body in REST Assured?
3. What Hamcrest matcher checks that every element in a JSON array matches a condition?
4. How do you extract the response as a Java POJO in REST Assured?
5. What does RequestSpecBuilder help you achieve?