GET, HEAD, OPTIONS are safe and idempotent methods whereas PUT and DELETE methods are only idempotent. POST and PATCH methods are neither safe nor idempotent.
REST API Interview Questions and Answers
Freshers / Beginner level questions & answers
Ques 1. What is REST API (RESTful Web Services)?
An API, or application programming interface, is a software-to-software interface that permits communication and data sharing between otherwise independent applications. All data is regarded as resources in a REST API, and each resource is identified by a distinct standard resource identifier (URI).
Ques 2. What is the REST stands for?
Representational State Transfer is referred to as REST.
Ques 3. RESTful web services, what exactly do you mean?
RESTful web services, which adhere to the REST architecture, are another name for REST API.
Ques 4. What characteristics distinguish RESTful web services?
The following distinguishing characteristics of RESTful online services:
- server-client decoupling
- communication assistance
- thin, uniform interface
- stateless
- layered approach
- cacheable
- on-demand code
Ques 5. What does messaging mean in the context of RESTful internet services?
When a REST client wishes to send a request to the server using a REST API web service, they can do so using an HTTP application form, and the server is no different. In REST, this type of communication is known as messaging.
Ques 6. Why "Addressing" is important in RESTful internet services.
Addressing is the term used to describe how RESTful web services locate different sorts of resources using a URL on the REST server. Resources typically address a single or a number of resources.
Ques 7. What are the Idempotent methods?
Duplicate calls on the client side are known to result in problems since idempotent techniques are known to provide the same result even after the identical request has been submitted many times.
Ques 8. How can testing be done on RESTful web services?
Tools like Swagger and Postman, which allow users to examine query parameters, headers, and response headers, as well as document endpoints and convert them to XML and JSON, can be used to test RESTful web services.
Ques 9. What do RESTful web services payloads entail?
In RESTful web services, payloads are the request data sent via the POST or GET or PUT or DELETE technique and located in the message's body of an HTTP request.
Ques 10. Which protocols are used by REST APIs?
REST APIs employ the HTTP protocol for client communication, whereas other protocols are used elsewhere.
Ques 11. What markup language are used to describe the resources in REST APIs?
Extensible Markup Language (XML) and JSON are used to represent the resources in REST APIs or JavaScript Object Notation.
Ques 12. Distinguish between POST and PUT techniques.
POST Approach:
- On the server, a resource can be created with POST.
- POST lacks idempotence which means non-idempotent.
- Responses from POST are cacheable.
PUT Approach:
- A resource at a certain URI can be changed to another resource using the PUT command.
- PUT is idempotent, meaning that no matter how many times it is called, only one resource will be produced.
- Responses from PUT are not.
Ques 13. What is a practical illustration of a REST API?
- Weather apps use public REST APIs to communicate related data and display weather information.
- Airlines use APIs to disclose flight information to ticketing and travel websites for commercial usage.
- APIs are used by public transit providers to publish their data online and make it instantly accessible to mapping and navigation apps.
Ques 14. How do you create a representation of resources for RESTful web services?
- Both the client and the server should have no trouble understanding it.
- Regardless of the layout of the format, it should be comprehensive.
- It should take into account how the resources are connected to one another and handle them carefully.
Ques 15. What are the important components of the construction of RESTful web services.
- Resources
- Demand
- Headers
- Status codes
- Request Body
- Response Body
Ques 16. Describe the architectural design used to provide web APIs.
The architectural design used to create web APIs is
- Client-server communication via HTTP
- As a formatting language, XML/JSON
- Simple URI is used as the services' address.
- Stateless interaction
Ques 17. What is URI?
Unified resource identifier is referred to as a URI. A URI in REST is a string which designates a web server's resource. Each resource has a distinct URI that, when used in a Http response, enables clients to target it and do actions on it. Addressing is the process of directing traffic to a resource using its URI.
Ques 18. What is Payload?
In the HTTP requests, the term "payload" refers to data in the content of the HTTP request and/or response messages.
Ques 19. How are APIs tested?
RESTful APIs can be tested using a variety of software tools, including JMeter, Katalon and PostmanStudio. Sending numerous calls from the testing tool and watching how your API reacts are often steps in the testing process. You can quickly run numerous different scenarios thanks to the capability for automated testing provided by various testing solutions.
Ques 20. What is a resource in a restful web service?
The core idea behind Restful architecture is resource. A resource is a thing that:
- a kind, connection to other resources, and techniques that use it.
Resources are labeled as:
- their URI, the HTTP methods they accept, the type of data in the request and response, and the data format.
Ques 21. What function does a URI serve in RESTful web services?
Uniform Resource Identifier is what URI stands for. In a REST architecture, a URI identifies each resource. Locating a resource or resources on the server hosting the web service is the purpose of a URI.
Ques 22. What are HTTP status codes and their meaning?
A few HTTP response status codes:
- Code 200: success.
- Code 201:resource has been successfully created.
- Code 204: no content in the response body.
- Code 404: no method available.
- Code 500: Internal server error.
Ques 23. What do you know about HTTP status codes?
These are the standard codes that refer to the predefined status of the task at the server. Following are the status codes formats available:
- 1xx - represents informational responses
- 2xx - represents successful responses
- 3xx - represents redirects
- 4xx - represents client errors
- 5xx - represents server errors
Ques 24. What are the HTTP Methods?
HTTP Methods are also known as HTTP Verbs. They form a major portion of uniform interface restriction followed by the REST that specifies what action has to be followed to get the requested resource. Below are some examples of HTTP Methods:
- GET: This is used for fetching details from the server and is basically a read-only operation.
- POST: This method is used for the creation of new resources on the server.
- PUT: This method is used to update the old/existing resource on the server or to replace the resource.
- DELETE: This method is used to delete the resource on the server.
- PATCH: This is used for modifying the resource on the server.
- OPTIONS: This fetches the list of supported options of resources present on the server.
The POST, GET, PUT, DELETE corresponds to the create, read, update, delete operations which are most commonly called CRUD Operations.
Ques 25. What are the HTTP methods and idempotent and which are non-idempotent?
Ques 26. Can you tell what constitutes the core components of HTTP Request?
In REST, any HTTP Request has 5 main components, they are:
- Method/Verb − This part tells what methods the request operation represents. Methods like GET, PUT, POST, DELETE, etc are some examples.
- URI − This part is used for uniquely identifying the resources on the server.
- HTTP Version − This part indicates what version of HTTP protocol you are using. An example can be HTTP v1.1.
- Request Header − This part has the details of the request metadata such as client type, the content format supported, message format, cache settings, etc.
- Request Body − This part represents the actual message content to be sent to the server.
Ques 27. What constitutes the core components of HTTP Response?
HTTP Response has 4 components:
- Response Status Code − This represents the server response status code for the requested resource. Example- 400 represents a client-side error, 200 represents a successful response.
- HTTP Version − Indicates the HTTP protocol version.
- Response Header − This part has the metadata of the response message. Data can describe what is the content length, content type, response date, what is server type, etc.
- Response Body − This part contains what is the actual resource/message returned from the server.
Ques 28. Define Addressing in terms of RESTful Web Services.
Addressing is the process of locating a single/multiple resources that are present on the server. This task is accomplished by making use of URI (Uniform Resource Identifier). The general format of URI is:
<protocol>://<application-name>/<type-of-resource>/<id-of-resource>
Ques 29. What are the differences between PUT and POST in REST?
PUT POST PUT methods are used to request the server to store the enclosed entity in request. In case, the request does not exist, then new resource has to be created. If the resource exists, then the resource should get updated. POST method is used to request the server to store the enclosed entity in the request as a new resource. The URI should have a resource identifier. Example: PUT /users/{user-id} The POST URI should indicate the collection of the resource. Example: POST /users PUT methods are idempotent. POST methods are not idempotent. PUT is used when the client wants to modify a single resource that is part of the collection. If a part of the resource has to be updated, then PATCH needs to be used. POST methods are used to add a new resource to the collection. The responses are not cached here despite the idempotency. Responses are not cacheable unless the response explicitly specifies Cache-Control fields in the header. In general, PUT is used for UPDATE operations. POST is used for CREATE operations.
Intermediate / 1 to 5 years experienced level questions & answers
Ques 30. Why is it simple to scale REST services?
Due to their statelessness, which prevents them from storing data from the server even since they are requested, REST services are scalable.
Ques 31. How big of a payload can you send using POST methods?
There isn't, theoretically, a cap on the size of the payload that can be transmitted via POST methods. Larger payloads, however, may require more bandwidth. As a result, processing the request by the server can take longer.
Ques 32. What does the REST API's caching do?
In order to quickly obtain a server answer in the future, REST API maintains a copy of the response in a specific region of computer memory. Catching is the term for this brief technique.
Ques 33. What distinguishes REST and SOAP from one another?
REST(Representational State Transfer):
- It is a web service development architectural design pattern.
- It is more cacheable and speedier in speed.
- It just takes on the protocol-specific security measures that have been put in place.
SOAP (Simple Object Access Protocol):
- It is a stringent protocol that is used to provide safe APIs.\
- It is not cacheable and moves more slowly.
- It can specify its own security precautions.
For more differences please check here: REST vs SOAP
Ques 34. What are a few REST's flaws?
Statelessness is an advantage of REST, but it can also be a drawback.
State is not preserved through REST. In those other words, the server doesn't save a history of previous communications. If maintaining state is required, the client is responsible for doing so.
Developers must exercise caution and only use APIs from reliable, authentic providers as REST has less stringent security controls than SOAP. REST is therefore a bad choice for transmitting private data among servers and clients.
Ques 35. Mention a few of REST's most important attributes.
REST has a number of important features, including
- Because REST is stateless, the SERVER has had no state or session data
- The server might be resumed in between calls thanks to a well-implemented REST API because all data is sent to the server.
- While REST uses GET to access services, web services often employ POST to carry out tasks.
Ques 36. What do Web API Media type formatters do?
The Web API's Media type formatter includes:
- The foundation class used to handle serializing and deserializing solid objects is called MediaTypeFormatter.
- BufferedMediaTypeFormatter is an utility class that enables asynchronous formatters on top of the infrastructure for asynchronous formatters.
Ques 37. Please tell most commonly used HTTP status codes.
Ques 38. How does HTTP Basic Authentication work?
While implementing Basic Authentication as part of APIs, the user must provide the username and password which is then concatenated by the browser in the form of “username: password” and then perform base64 encoding on it. The encoded value is then sent as the value for the “Authorization” header on every HTTP request from the browser. Since the credentials are only encoded, it is advised to use this form when requests are sent over HTTPS as they are not secure and can be intercepted by anyone if secure protocols are not used.
Experienced / Expert level questions & answers
Ques 39. What are the RESTful web services drawbacks?
- Because the client side does not supply a specific session id for it, RESTful web services are transient and do not keep session simulation responsibility.
- Inherently, REST is unable to enforce the security limitation. However, by putting protocols in place, it inherits them. To improve the security of the REST APIs, SSL/TLS authentication integration must be done with great care.
Ques 40. How are REST APIs kept secure?
Sensitive information such as user id, password, or verification token should not be visible in URIs. REST APIs can be kept secure with the help of security initiatives including such authorization and authorization, API server affirmation, TLs/SSL encryption, rate-limiting for DDoS attacks, and more.
Ques 41. What do REST API "Options" mean?
It is an HTTP protocol used to retrieve the HTTP operations or options that are supported and assist clients in selecting choices in REST APIs. CORS, or Cross-Origin Resource Sharing, employs the REST option approach.
Ques 42. Explain the differences between RPC and document-style web services.
In contrast to RPC-style web services, document-style web services allow us to send an XML document as part of a SOAP request.
The application where a document-style web service is most suitable is one where an XML message behaves like a document, the content of which is subject to change, and the purpose of the web service is independent of the contents of XML messages.
Ques 43. What are JAX-WS and JAX-RS?
Both JAX-WS and JAX-RS are frameworks (APIs) that allow for different types of communication in Java. A library called JAX-WS can then be used to do SOAP communications in Java, whereas JAX-RS enables REST communication.
Ques 44. List the resources or APIs available for creating or testing web APIs.
There are various web service testing tools for REST APIs.
- MVC Jersey API
- Spring REST web service
- CXF Axis
- Restlet
Ques 45. How does the architecture for microservices operate?
- Clients: Requests are sent by numerous users using various devices.
- Identity providers: They verify the identities of users or customers and provide security tokens.
- API Gateway: Client requests are handled via API Gateway.
- Static: All of the system's material is contained in static content.
- Management: Determines failures and balances services across nodes.
- Service discovery: A tool for determining the path of communication among microservices is called service discovery.
- CDN: Network connection of proxy servers and associated data centers is called a content delivery network(CDN).
- Information: Information stored on a network of IT devices can be accessed remotely with the help of a remote service.
Ques 46. What design principles work best for resource representations?
The following are crucial considerations while creating a resource's representation format for a RESTful web service:
- Understanding and use of the resource's representation format should be possible for both the server and the client.
- Completeness A format ought to be able to accurately depict a resource. A resource could contain another resource, for instance. Format ought to be able to depict both straightforward and intricate resource structures.
- Linkability is a format that needs to be able to handle situations where one resource links to another.
Ques 47. What does RESTful Webservices statelessness entail?
A RESTful web service should not maintain a client state on the server in accordance with REST design. Statelessness is the term for this limitation. The client must transmit its context to the server, which can then store it and use it to perform the client's subsequent requests. For instance, the session identifier given by the client can be used to identify a server-maintained session.
Ques 48. What distinguishes monolithic, SOA, and microservices architectures from one another?
- With a monolithic architecture, all the software parts of a program are put together and neatly wrapped in one large container.
- A group of services that communicate with one another is referred to as a service-oriented architecture. Simple data exchange or the coordination of an action between two or even more services are both possible forms of communication.
- Microservices Architecture is a type of architectural design that organizes an application as a group of tiny, independent services based on a business domain.
Ques 49. Do you think GraphQL is the best choice for creating microservice architecture?
Because GraphQL hides your microservices architecture from the customers, it works perfectly with microservices. From the front end, you want all the data to come from a small API, while from the back end, you want to divide it into microservices. The best technique I'm aware of to do both is by using GraphQL. It enables you to divide the backend into microservices while still giving each application a single API and enabling joins across data from various services.
Ques 50. What is difference between REST and Web Socket?
REST | Web Socket |
---|---|
REST follows stateless architecture, meaning it won’t store any session-based data. | Web Socket APIs follow the stateful protocol as it necessitates session-based data storage. |
The mode of communication is uni-directional. At a time, only the server or the client will communicate. | The communication is bi-directional, communication can be done by both client or server at a time. |
REST is based on the Request-Response Model. | Web Socket follows the full-duplex model. |
Every request will have sections like header, title, body, URL, etc. | Web sockets do not have any overhead and hence suited for real-time communication. |
For every HTTP request, a new TCP connection is set up. | There will be only one TCP connection and then the client and server can start communicating. |
REST web services support both vertical and horizontal scaling. | Web socket-based services only support vertical scaling. |
REST depends on HTTP methods to get the response. | Web Sockets depend on the IP address and port number of the system to get a response. |
Communication is slower here. | Message transmission happens very faster than REST API. |
Memory/Buffers are not needed to store data here. | Memory is required to store data. |
Ques 51. Can we implement transport layer security (TLS) in REST?
Yes, we can. TLS does the task of encrypting the communication between the REST client and the server and provides the means to authenticate the server to the client. It is used for secure communication as it is the successor of the Secure Socket Layer (SSL). HTTPS works well with both TLS and SSL thereby making it effective while implementing RESTful web services. One point to mention here is, the REST inherits the property of the protocol it implements. So security measures are dependent on the protocol REST implements.
Ques 52. Should we make the resources thread safe explicitly if they are made to share across multiple clients?
Most helpful rated by users:
- What is the REST stands for?
- What is REST API (RESTful Web Services)?
- RESTful web services, what exactly do you mean?
- What characteristics distinguish RESTful web services?