30 Must‑Know Interview Questions & Answers for Modern Software Development

Fundamentals

1. What is idempotence?

Idempotence means that performing an operation multiple times yields the same result as performing it once. For example, HTTP GET, PUT, and DELETE are idempotent, while POST is not.

2. How to handle pagination in API responses?

import requests
def fetch_all_pages(url, params=None):
    all_data = []
    page = 1
    while True:
        if params is None:
            params = {}
        params['page'] = page
        response = requests.get(url, params=params)
        data = response.json()
        if not data:  # assume empty list when no more data
            break
        all_data.extend(data)
        page += 1
    return all_data

3. Explain HTTP status codes 400 and 500 and their differences.

400 Bad Request: The client sent a malformed request that the server cannot understand. 500 Internal Server Error: The server encountered an unexpected condition that prevented it from fulfilling the request.

4. How to perform JSON Schema validation in Python?

from jsonschema import validate, ValidationError
schema = {
    "type": "object",
    "properties": {
        "name": {"type": "string"},
        "age": {"type": "integer"}
    },
    "required": ["name", "age"]
}

data = {"name": "Alice", "age": 30}
try:
    validate(instance=data, schema=schema)
    print("Validation successful")
except ValidationError as e:
    print(f"Validation error: {e}")

5. What is CORS and how to configure it?

CORS (Cross‑Origin Resource Sharing) is a security mechanism that controls which origins can access resources. It is configured by setting response headers such as Access-Control-Allow-Origin.

# Configure CORS in a Flask app
from flask import Flask
from flask_cors import CORS

app = Flask(__name__)
CORS(app, resources={r"/api/*": {"origins": "*"}})  # allow all origins for /api/*

Tools and Frameworks

6. List and briefly describe common API automation testing frameworks.

Postman – graphical interface, easy to start, supports scripting. Rest‑Assured – Java library for JVM, fluent API. pytest + requests – Python combination, flexible and powerful for large projects. Selenium WebDriver – primarily for UI testing but can be used for API testing as well.

7. How to parametrize tests with pytest?

import pytest

@pytest.mark.parametrize("input,expected", [
    ("input1", "expected1"),
    ("input2", "expected2")
])
def test_example(input, expected):
    assert some_function(input) == expected

8. What is a pytest fixture and give an example.

import pytest

@pytest.fixture
def sample_data():
    return [1, 2, 3]

def test_sum(sample_data):
    assert sum(sample_data) == 6

9. What is a Mock object? Provide an example.

from unittest.mock import Mock

def get_data_from_api(api_client):
    return api_client.get_data()

def test_get_data_from_api():
    mock_api_client = Mock()
    mock_api_client.get_data.return_value = {'key': 'value'}
    result = get_data_from_api(mock_api_client)
    assert result == {'key': 'value'}

10. What is coverage testing and how to perform it in Python?

pip install coverage
coverage run -m pytest
coverage report

Performance Testing

11. Explain Load Testing vs. Stress Testing and their differences.

Load Testing simulates normal user load to verify system behavior under expected conditions. Stress Testing gradually increases load until the system fails, identifying its breaking point.

12. How to use Locust for performance testing?

from locust import HttpUser, TaskSet, task, between

class UserBehavior(TaskSet):
    @task
    def index(self):
        self.client.get("/")

class WebsiteUser(HttpUser):
    tasks = [UserBehavior]
    wait_time = between(1, 5)

13. How to analyze Locust performance reports?

Locust provides real‑time statistics such as requests per second (RPS), average response time, and failure rate via its web UI. Data can also be exported as CSV for deeper analysis.

14. How to perform performance testing with JMeter?

JMeter is an open‑source tool where you create a Test Plan via the GUI, configure thread groups, loops, request parameters, and then run the test to view results.

15. How to configure distributed testing in JMeter?

Set up multiple JMeter instances as slaves, edit jmeter.properties on the master to list slave hosts, start the slave processes, and launch the test from the master.

Security Testing

16. What is SQL Injection and how to prevent it?

SQL Injection inserts malicious SQL into input fields to compromise the database. Prevention includes using prepared statements and parameterized queries.

17. How to use OWASP ZAP for security testing in Python?

import requests
zap_url = 'http://localhost:8080'
target_url = 'http://example.com'
# Start a new scan
response = requests.post(f"{zap_url}/JSON/ascan/action/scan/", params={
    'url': target_url,
    'apikey': 'your_api_key'
})
scan_id = response.json()['scan']
print(f"Scan ID: {scan_id}")

18. What is XSS and how to prevent it?

Cross‑Site Scripting injects malicious scripts into webpages. Prevention involves strict input validation and output escaping.

19. How to implement OAuth 2.0 authentication in an API?

import requests

token_url = 'https://api.example.com/oauth/token'
data = {
    'grant_type': 'client_credentials',
    'client_id': 'your_client_id',
    'client_secret': 'your_client_secret'
}
response = requests.post(token_url, data=data)
access_token = response.json()['access_token']
headers = {'Authorization': f'Bearer {access_token}'}
api_response = requests.get('https://api.example.com/data', headers=headers)
print(api_response.text)

20. What is JWT and how to use it for authentication?

import jwt
import datetime
secret_key = 'your_secret_key'
payload = {
    'user_id': 123,
    'exp': datetime.datetime.utcnow() + datetime.timedelta(seconds=600)
}
token = jwt.encode(payload, secret_key, algorithm='HS256')
headers = {'Authorization': f'Bearer {token}'}
response = requests.get('https://api.example.com/data', headers=headers)
print(response.text)

CI/CD

21. What is CI/CD and how to implement it in a project?

CI (Continuous Integration) frequently merges code into a shared repository with automated builds and tests. CD (Continuous Deployment) automatically releases passing builds to production. Tools include Jenkins, GitLab CI/CD, GitHub Actions, etc.

22. How to configure a build job in Jenkins?

Create a new Freestyle project, set source code management (e.g., Git), add build triggers, define build steps (Shell, Maven, etc.), and configure post‑build actions such as archiving artifacts or notifications.

23. What is Docker and how to use it in CI/CD pipelines?

Docker packages applications into containers, ensuring consistent environments across development, testing, and production. CI/CD pipelines can build Docker images, run tests inside containers, and push images to registries for deployment.

24. How to use GitHub Actions for CI/CD?

name: Python application
on: [push, pull_request]
jobs:
  build:
    runs-on: ubuntu-latest
    steps:
    - uses: actions/checkout@v2
    - name: Set up Python
      uses: actions/setup-python@v2
      with:
        python-version: '3.x'
    - name: Install dependencies
      run: |
        python -m pip install --upgrade pip
        pip install -r requirements.txt
    - name: Run tests
      run: |
        pytest

25. What is Travis CI and how to configure it?

language: python
python:
  - "3.8"
install:
  - pip install -r requirements.txt
script:
  - pytest

Code Quality and Maintenance

26. What is static code analysis and how to use it in Python?

pip install pylint
pylint your_script.py

27. How to format Python code with black?

pip install black
black your_script.py

28. What is unit testing and how to write unit tests in Python?

import unittest

def add(a, b):
    return a + b

class TestAdd(unittest.TestCase):
    def test_add(self):
        self.assertEqual(add(1, 2), 3)
        self.assertEqual(add(-1, 1), 0)

if __name__ == '__main__':
    unittest.main()

29. What is refactoring and how to perform it in a project?

Refactoring improves code structure without changing external behavior, aiming for better readability, maintainability, and extensibility. It can be done incrementally, supported by tests, and by applying design patterns where appropriate.

30. What is technical debt and how to manage and reduce it?

Technical debt consists of shortcuts taken for rapid delivery that increase future maintenance cost. Management strategies include regular code reviews, maintaining a debt backlog, allocating time for refactoring, and encouraging team members to propose improvements.