Rest API Interview Questions

Top 45 Q/A || All in One|| Grab It || :white_check_mark:

1. What is an API

An API is an interface that allows users to interact with a program through a client. A client can be a browser that an end-user uses to access a website. For example, when you use your browser to access any website, you’re interacting with that specific website’s API through the browser.

A client can also be another application. If you’re a software developer, you might write a program that accesses the website API to pull in information about different things through the client application. Either way, the client provides access to the API and its resources which are the objects that the application stores information about.

2. Explain what is REST and RESTFUL

REST (Representational State Transfer) is web standards based architectural style or approach for communications purpose that is often used in various web services development.It uses HTTP Protocol for data communication and a relatively new aspect of writing web API.

RESTFUL is referred for web services written by applying REST architectural concept are called RESTFUL services. It focuses on system resources and how state of resource should be transported over HTTP protocol to different clients written in different language.

REST suggests to create an object of the data requested by the client and send the values of the object in response to the user. For example, if the user is requesting for a movie in any country at a certain place and time then we can create an object on the server-side.

So, over here, we have an object and we are sending the state of an object. This is why REST is known as Representational State Transfer.

REST was first introduced by Roy Fielding in 2000.

3. When we will call a web service a RESTFUL service

REST architecture presents a set of constraints/guiding principles to be used in the creation of web services. The services that use REST constraints are called as RESTful Web Services. To be referred to as RESTful, it should satisfy the six-guiding constraints. These constraints are names as the client-server, stateless, cacheable, uniform interface, layered system, and code on demand.

4. Explain the architectural style for creating web API in REST

The architectural style for creating web api are:

HTTP for client server communication
XML/JSON as formatting language
Simple URI as the address for the services
Stateless communication

5. What are Resources in a REST architecture

In the REST architecture, every content is a resource. It can be a text file, HTML pages, images, videos, or business data. A resource is an object with:

a type,
relationship with other resources and
methods that operate on it.

Resources are identified with:

their URI(Uniform Resource Identifiers),
HTTP methods they support and
request/response data type and format of data.

6. What is options in REST

The options allows the client of the REST API to determine what HTTP methods (GET, HEAD, POST, PUT, DELETE) can be used for the resource identified by the requested URI. The client determines without initiating a resource request.

The REST OPTIONS method is also used for the CORS (Cross-Origin Resource Sharing) request.

7. What is an URI in REST

URI (Uniform Resource Identifiers) is used to identify each resource in the REST. An HTTP operation is called by the client application to access the resource.

//FORMAT for creating a URI
<protocol>://<service-name>/<ResourceType>/<ResourceID>

8. What are the HTTP methods supported by REST

HTTP methods supported by REST are:

GET: It requests a resource at the request URL. It should not contain a request body as it will be discarded. Maybe it can be cached locally or on the server.
POST: It submits information to the service for processing; it should typically return the modified or new resource
PUT: At the request URL it update the resource
DELETE: At the request URL it removes the resource
OPTIONS: It indicates which techniques are supported
HEAD: About the request URL it returns meta information

9. What is the most popular way to represent a resource in REST

REST uses different representations to define a resource like text, JSON, and XML. XML and JSON are the most popular representations of resources.

10. What do you understand by payload in RESTFul web service

Request body of every HTTP message includes request data called as Payload. This part of the message is of interest to the recipient.

We can say that we send the payload in the POST method but not in <GET> and <DELETE> methods.

11. What is the upper limit for a payload to pass in the POST method

<GET> appends data to the service URL. But, its size shouldn’t exceed the maximum URL length. However, <POST> doesn’t have any such limit.

So, a user can pass unlimited data as the payload to the POST method. But, if we consider a real use case, then sending a POST with large payload will consume more bandwidth. It’ll take more time and present performance challenges to your server. Hence, a user should take action accordingly.

12. Explain the caching mechanism

Caching is a process of storing server response at the client end. It makes the server save significant time from serving the same resource again and again.

The server response holds information which leads a client to perform the caching. It helps the client to decide how long to archive the response or not to store it at all.

13. Mention whether you can use GET request instead of PUT to create a resource

No, you are not supposed to use PUT for GET. GET operations should only have view rights, while PUT resource is used for updating a data.

14. What is the difference between PUT and POST

PUT puts a file or resource at a particular URI and exactly at that URI. If there is already a file or resource at that URI, PUT changes that file or resource. If there is no resource or file there, PUT makes one.

POST sends data to a particular URI and expects the resource at that URI to deal with the request. The web server at this point can decide what to do with the data in the context of specified resource.

PUT is idempotent meaning, invoking it any number of times will not have an impact on resources.

However, POST is not idempotent, meaning if you invoke POST multiple times it keeps creating more resources.

15. Mention some key characteristics of REST

Some key characteristics of REST includes

1. REST is stateless, therefore the SERVER has no state (or session data)
2. With a well-applied REST API, the server could be restarted between two calls as every data is passed to the server
3. Web service mostly uses POST method to make operations, whereas REST uses GET to access resources

16. Mention what is the difference between AJAX and REST

AJAX

1. In  Ajax, the request are sent to the server by using XMLHttpRequest  objects. The response is used by the JavaScript code to dynamically  alter the current page
2. Ajax is a set of technology.It is a technique of dynamically updating parts of UI without having to reload the page
3. Ajax eliminates the interaction between the customer and server asynchronously

REST

1. REST have a URL structure and a request/response pattern the revolve around the use of resources
2. REST is a type of software architecture and a method for users to request data or information from servers
3. REST requires the interaction between the customer and server

17. What are the advantages of Web Services

Some of the advantages of web services are:

1. Interoperability: Web services are accessible over network and runs on HTTP/SOAP protocol and uses XML/JSON to transport data, hence it can be developed in any programming language. Web service can be written in java programming and client can be PHP and vice versa.
2. Reusability: One web service can be used by many client applications at the same time.
3. Loose Coupling: Web services client code is totally independent with server code, so we have achieved loose coupling in our application.
4. Easy to deploy and integrate, just like web applications.
5. Multiple service versions can be running at same time.

18. What are advantages of REST web services

Some of the advantages of REST web services are:

1. Learning curve is easy since it works on HTTP protocol
2. Supports multiple technologies for data transfer such as text, xml, json, image etc.
3. No contract defined between server and client, so loosely coupled implementation.
4. REST is a lightweight protocol
5. REST methods can be tested easily over browser.

19. What are different types of Web Services

There are two types of web services:

SOAP Web Services
Restful Web Services:

20. What is SOAP

SOAP stands for Simple Object Access Protocol. SOAP is an XML based industry standard protocol for designing and developing web services.

21. What is WSDL

WSDL stands for Web Service Description Language. WSDL is an XML based document that provides technical details about the web service. Some of the useful information in WSDL document are:

method name,
port types,
service end point,
binding,
method parameters etc.

22. List the main differences between SOAP and REST

1. SOAP is a protocol through which two computer communicates by sharing the XML document while  Rest is a service architecture and design for network-based software architecture.
2. SOAP supports the only XML format while REST supports many different data formats.
3. SOAP does not support caching while REST supports caching.
4. SOAP is like a custom desktop application, closely connected to the server while A REST client is just like a browser and uses standard methods. An application has to fit inside it.
5. SOAP is slower than the REST while REST is faster than SOAP.
6. SOAP runs on HTTP but envelopes the message while REST uses the HTTP headers to hold meta information.

23. State the core components of an HTTP Request

Each HTTP request includes five key elements.

1. The Verb which indicates HTTP methods such as GET, PUT, POST, DELETE.
2. URI stands for Uniform Resource Identifier.It is the identifier for the resource on the server.
3. HTTP Version which indicates HTTP version, for example-HTTP v1.1.
4. Request Header carries metadata (as key-value pairs) for the HTTP Request message. Metadata could be a client (or browser) type, the format that the client supports, message body format, and cache settings.
5. Request Body indicates the message content or resource representation.

24. State the core components of an HTTP response

Every HTTP response includes four key elements.

1. Status/Response Code — Indicates Server status for the resource present in the HTTP request. For example, 404 means resource not found, and 200 means response is ok.
2. HTTP Version — Indicates HTTP version, for example-HTTP v1.1.
3. Response Header — Contains metadata for the HTTP response message stored in the form of key-value pairs. For example, content length, content type, response date, and server type.
4. Response Body — Indicates response message content or resource representation.

25. What are the tools available for testing web services

Following tools can help in testing the SOAP and RESTful web services.

1. SOAP UI tool.
2. Poster for Firefox browser.
3. The Postman extension for Chrome.

26. What is Postman

Postman is a popular test and development tool to simplify the API workflow. It provides the tool to manage every stage of the API lifecycle and makes the development of the API simple.

With postman, you can design, debug, test, document, monitor, and publish the API from one place. It also provides version control and tagging to maintain multiple versions of the API. It also provides a testing tool to automate the testing process.

27. List major HTTP response codes returned by REST API

The status code in the REST API is divided into five categories. They are,

1xx — It is used to communicate the transfer protocol-level information.
2xx — It is used to indicate the request was accepted successfully. Some codes are,
200 (OK) — It indicates the request is successfully carried out.
201 (Created) — It is returned when a resource is created inside the collection.
202 (Accepted) — It indicates the request has been accepted for processing.
204 (No Content) — It indicates when a request is declined.
3xx — It indicates the client must take additional action to complete the request.
4xx — It is the client error status code.
5xx — It is the server error status code.

28. What is a stateless server

A stateless server is a server that keeps no state information. Stateless file servers do not store any session state. Therefore, every client request is treated independently and not as a part of a new or existing session. A stateless server does not need a client to first establish a connection to the server. So, it views a client request as an independent transaction and responds to it.

29. Explain the factors that help to decide about the style of web service to use? SOAP or REST?

In general, using REST-based web service is preferred due to its simplicity, performance, scalability, and support for multiple data formats.

However, SOAP is favorable to use where service requires an advanced level of security and transactional reliability.

But you can read the following facts before opting for any of the styles.

1. Does the service expose data or business logic? To expose data REST will be a better choice and SOAP for logic.
2. If the consumer or the service providers require a formal contract, then SOAP can provide such a contract via WSDL.
3. Need to support multiple data formats. REST supports this.
4. Support for AJAX calls. REST can use the XMLHttpRequest.
5. Synchronous and asynchronous calls — SOAP enables both synchronous/asynchronous operations whereas REST has built-in support for synchronous.
6. Stateless or Stateful calls -REST is suited for stateless operations.

Here are some of the advanced-level facts that you can consider as well.

1. Security requirement — SOAP provides a high level of security.
2. Transaction support — SOAP has good support for transaction management.
3. Limited bandwidth — SOAP has a lot of overhead when sending/receiving packets since it’s XML based, requires a SOAP header. However, the REST requires less bandwidth to send requests to the server. Its messages are mostly built using JSON.
4. Ease of use — It is easy to implement, test, and maintain REST-based application.

30. What are the best practices to be followed while designing a secure RESTful web service

Following are the best practices to be followed while designing a RESTful web service −

Validation − Validate all inputs on the server. Protect your server against SQL or NoSQL injection attacks.
Session based authentication − Use session based authentication to authenticate a user whenever a request is made to a Web Service method.
No sensitive data in URL − Never use username, password or session token in URL , these values should be passed to Web Service via POST method.
Restriction on Method execution − Allow restricted use of methods like GET, POST, DELETE. GET method should not be able to delete data.
Validate Malformed XML/JSON − Check for well formed input passed to a web service method.
Throw generic Error Messages − A web service method should use HTTP error messages like 403 to show access forbidden etc.

31. What should be the purpose of HEAD method of RESTful web services

It should return only HTTP Header, no Body and should be read only.

32. Which header of HTTP response, provides the date and time of the resource when it was created

Date header provides the date and time of the resource when it was created.

33. Which header of HTTP response, provides the date and time of the resource when it was last modified

Last Modified header provides the date and time of the resource when it was last modified.

34. Which header of HTTP response provides control over caching

Cache-Control is the primary header to control caching.

35. Which header of HTTP response sets expiration date and time of caching

Expires header sets expiration date and time of caching.

36. Which directive of Cache Control Header of HTTP response indicates that resource is cachable by any component

Public directive indicates that resource is cachable by any component.

37. Which directive of Cache Control Header of HTTP response indicates that resource is cachable by only client and server, no intermediary can cache the resource

Private directive indicates that resource is cachable by only client and server, no intermediary can cache the resource.

38. Which directive of Cache Control Header of HTTP response indicates that resource is not cachable

no-cache/no-store directive indicates that resource is not cachable.

39. Which directive of Cache Control Header of HTTP response can set the time limit of caching

max-age directive indicates that the caching is valid up to max-age in seconds. After this, client has to make another request.

40. Which directive of Cache Control Header of HTTP response provides indication to server to revalidate resource if max-age has passed

must-revalidate directive provides indication to server to revalidate resource if max-age has passed.

41. What are the best practices for caching

Always keep static contents like images, css, JavaScript cacheable, with expiration date of 2 to 3 days. Never keep expiry date too high.

Dynamic contents should be cached for few hours only.

42. What is the purpose of HTTP Status Code

HTTP Status code are standard codes and refers to predefined status of task done at server.

43. What is messaging in RESTFUL web services

A client sends a message in form of a HTTP Request and server responds in form of a HTTP Response. This technique is termed as Messaging. These messages contain message data and metadata i.e. information about message itself.

44. What is the purpose of HTTP Verb in REST based web services

VERB identifies the operation to be performed on the resource.

45. What are the best practices to create a standard URI for a web service

Following are important points to be considered while designing a URI −

Use Plural Noun − Use plural noun to define resources. For example, we’ve used users to identify users as a resource.
Avoid using spaces − Use underscore(_) or hyphen(-) when using a long resource name, for example, use authorized_users instead of authorized%20users.
Use lowercase letters − Although URI is case-insensitive, it is good practice to keep url in lower case letters only.
Maintain Backward Compatibility − As Web Service is a public service, a URI once made public should always be available. In case, URI gets updated, redirect the older URI to new URI using HTTP Status code, 300.
Use HTTP Verb − Always use HTTP Verb like GET, PUT, and DELETE to do the operations on the resource. It is not good to use operations names in URI.

Be Ready To Get Your Next Six-Figure Job Offer!!!