Not all APIs are built the same way. There are three main styles you'll encounter in the industry: REST, SOAP, and GraphQL. As a QA engineer, you'll spend 90% of your time testing REST APIs. But you need to know the others because they show up in interviews and legacy projects.
REST (Representational State Transfer) is how most modern APIs work. It uses standard HTTP methods (GET, POST, PUT, DELETE), communicates in JSON format, and every resource has a unique URL. Simple, lightweight, and easy to test.
# REST API example — get a user
curl https://api.example.com/users/42
# Response: JSON
{
"id": 42,
"name": "Priya Sharma",
"email": "priya@example.com"
}SOAP (Simple Object Access Protocol) is older, heavier, and uses XML instead of JSON. You'll find it in banking, insurance, and government systems — anywhere that was built 10-15 years ago. It's strict, verbose, but very secure. Testing it is painful because XML is harder to read than JSON.
<!-- SOAP Request — same "get user" operation -->
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
<soap:Body>
<GetUser>
<UserId>42</UserId>
</GetUser>
</soap:Body>
</soap:Envelope>GraphQL was created by Facebook. Instead of multiple endpoints, there's one endpoint. You tell it exactly what fields you want, and it returns only those fields. No over-fetching, no under-fetching. Great for mobile apps where bandwidth matters.
# GraphQL — ask for exactly what you need
query {
user(id: 42) {
name
email
}
}
# Response: only what you asked for
{
"data": {
"user": {
"name": "Priya Sharma",
"email": "priya@example.com"
}
}
}| Feature | REST | SOAP | GraphQL |
|---|---|---|---|
| Data format | JSON (lightweight) | XML (verbose) | JSON |
| Protocol | HTTP | HTTP, SMTP, TCP | HTTP |
| Endpoints | Multiple (one per resource) | Single (WSDL) | Single |
| Learning curve | Easy | Hard | Medium |
| Speed | Fast | Slower (XML parsing) | Fast |
| Caching | Built-in (HTTP caching) | Manual | Custom |
| Error handling | HTTP status codes | SOAP faults | errors array in response |
| Used by | Twitter, GitHub, Stripe | Banks, SAP, PayPal (legacy) | Facebook, GitHub (v4), Shopify |
| Testing tools | Postman, curl, RestAssured | SoapUI, Postman | Postman, Altair, Insomnia |
| Industry share | ~80% | ~10% (declining) | ~10% (growing) |
In interviews, if they ask "what type of APIs have you tested?" — say REST confidently. If the company is in banking/insurance, mention SOAP awareness. If it's a startup or product company, mention GraphQL. Shows you know the landscape.
This entire path focuses on REST APIs. That covers 80% of what you'll encounter in the industry. SOAP and GraphQL testing are specialized — learn them when a project demands it.
Q: What is the difference between REST and SOAP?
A: REST is lightweight, uses JSON, and works with standard HTTP methods — easy to read, easy to test. SOAP is heavier, uses XML, and follows a strict contract (WSDL). SOAP has built-in security (WS-Security) and transaction support, which is why banks still use it. For new projects, REST is the default. For legacy enterprise systems, SOAP is common.
Q: What is GraphQL and how is it different from REST?
A: GraphQL uses a single endpoint where the client specifies exactly which fields it needs. REST has multiple endpoints and returns all fields by default. With GraphQL, you avoid over-fetching (getting data you don't need) and under-fetching (needing multiple calls). Facebook created it to optimize mobile API calls. Testing it is different — you send queries instead of hitting specific URLs.
Key Point: REST dominates the market at 80%. Know it deeply. Know SOAP and GraphQL exist. This path teaches REST.