Which test types should a small team prioritize?

Smoke, Functional, and Regression first. Then add Integration and Security. Load, Stress, and Fuzz can be added as the team matures.

Where does contract testing fit in this model?

Contract testing is a specialized form of integration testing. It lives at the service boundary and validates that API schemas match between producer and consumer.

How do I answer this in an SDET interview?

Draw the architecture layers on a whiteboard. Map each test type to its layer. Explain when each runs and what it catches. This systems-thinking answer impresses interviewers.

8 Types of API Tests Mapped to the Right Architecture Layer: Where Each Lives and Why

Most SDETs can name 8 types of API tests. But ask them where in the architecture each lives and why — blank stares. This mapping is what separates candidates who understand systems from those who memorize lists.

Contents

The Architecture Map

Test Type	Architecture Layer	When to Run	What It Catches
Smoke	API Gateway / Load Balancer	Every deployment	Is the system alive?
Functional	Individual Microservice	Every PR	Business rules, state changes, DB writes
Integration	Service-to-Service boundary	Every PR	POST-GET-UPDATE contract validation
Load	Gateway + All Services	Nightly/Weekly	Behavior under expected traffic
Stress	Full Stack	Before release	Breaking point and recovery
Security	Gateway + Every Endpoint	Every meaningful change	OWASP Top 10 vulnerabilities
Fuzz	Every Service Endpoint	Weekly	Crashes from malformed input
Regression	Full Service Layer	Every PR + Nightly	Yesterday’s behavior still holds

1. Smoke Tests: The Heartbeat

Lives at the load balancer and API gateway. Answers one question: is the system accepting requests? Run on every deployment before anything else touches the pipeline.

test('API smoke check', async ({ request }) => {
  const health = await request.get('/api/health');
  expect(health.ok()).toBeTruthy();
  
  const auth = await request.get('/api/auth/status');
  expect(auth.status()).toBe(200);
  
  const db = await request.get('/api/health/db');
  expect(db.ok()).toBeTruthy();
});

2. Functional Tests: Business Logic

Lives inside individual microservices. Validates that business rules execute correctly — state changes happen, DB writes persist, downstream events fire.

3. Integration Tests: The Handshakes

Lives at service-to-service boundaries. Validates the POST-GET-UPDATE contract: if I create something via Service A, can Service B read it correctly?

How to Audit Your Test Suite

Map your existing tests against this table. Which of the 8 types are missing? Most teams have functional and regression covered but completely skip security and fuzz testing.

8 Types of API Tests Mapped to the Right Architecture Layer: Where Each Lives and Why

The Architecture Map

1. Smoke Tests: The Heartbeat

2. Functional Tests: Business Logic

3. Integration Tests: The Handshakes

How to Audit Your Test Suite

Playwright Codegen Explained: How to Use It Correctly and When NOT to Rely on It

Agentic Quality Engineering: How AI Agents Are Replacing Traditional Test Automation in 2026

Requirement Traceability Matrix : How to Create RTM with Download Example(with MindMap)

5 Qualities of Good QA From My Mentors

From Manual Tester to AI Engineer: The 90-Day Roadmap for Indian QA Professionals in 2026

42% of All Code Is Now AI-Generated. 96% of Developers Don’t Trust It. QA Just Became the Most Important Role in Tech.

Leave a Reply Cancel reply

The Architecture Map

1. Smoke Tests: The Heartbeat

2. Functional Tests: Business Logic

3. Integration Tests: The Handshakes

How to Audit Your Test Suite

Similar Posts

Leave a Reply Cancel reply