Hello, fellow developers, based on the response I got from my previous posts I have compiled another list of essential RestAPI interview questions that I felt every developer should know.
Do drop your thoughts in the comments section below. Also, feel free to comment in case you find any content to be incorrect.
Services that allow REST architecture are called RESTful web services. REST or Representational State Transfer uses the HTTP web protocol.
Some major features of REST architecture are:
- Services are lightweight and hence can be easily maintained
- Supports communication across applications developed in other languages
- Testing RESTful web services is quite easy
The REST architecture is called stateless as it does not store any state related to the client session on the server. Essentially session states are entirely kept on the client side. This is effectively called Statelessness.
It ensures that the server cannot take undue advantage of any stored data. However, since no data is stored, each request from the client to the server must contain all the necessary information about the request.
Advantages of statelessness:
- Statelessness allows scaling of the APIs to millions of concurrent users as it does not have any session-related dependencies and can be deployed on any server
- The server knows "where" each client is in the application as all the necessary information is sent with each request
- Statelessness makes REST APIs simpler as it removes all complexity involving server-side synchronization
Disadvantages of Statelessness:
- A lot of additional information must be sent along with each request for the client
- This repeated data transfer may decrease network performance Being stateless also reduces the server-side control over the application’s behavior
The process of locating resources on a server is called addressing. In RESTful web services, these resources are addressed using a URL. These addresses could either refer to a single or even multiple resources.
Options is an HTTP method that fetches all the various HTTPS options/operations that are supported. This helps the client decide which operations can be used.
REST Option methods are also used for Cross-origin Resource Sharing (CORS).
HTTP status codes are a common REST API interview question. These Status codes are divided into five categories with multiple codes under them. The most commonly used codes under each category are listed below.
- Format - "1XX" - Used to represent transfer protocol level informational responses
- Format - "2XX" - Used to represent successful responses
- "200" (OK) - Represents that the request was successfully carried out
- "201" (CREATED) - Represents the successful creation of a resource
- Format - "3XX" - Used to represent redirects
- Format - "4XX" - Used to represent client-side errors
- "400" (BAD REQUEST) - Represents errors or missing data
- "401" (FORBIDDEN) - Represents that the user does not have necessary access
- "404" (NOT FOUND) - Represents that the resource method is not available
- Format - "5XX" - Used to represent server-side errors
- "500" (INTERNAL SERVER ERROR) - Represents that the server threw some exceptions
- "502" (BAD GATEWAY) - Represents that the server could not get a response from another server
The various HTTP methods supported by REST are:
- GET - This method fetches the resource at the requested URL
- POST - This method submits a new resource to the server
- PUT - This method updates an existing resource that's already on the server
- DELETE - This method deletes a resource from the server
- OPTION - This method fetches the list of supported HTTP methods
In REST web services, the client sends messages to the server and the server responds using HTTP requests. The process or technique in which any form of communication takes place is called Messaging.
These messages contain message data, metadata, and all the other relevant data about the message.
Idempotent methods are methods that return the same outcome irrespective of how many times the same request has been made.
These methods are important as there are common instances where the client-side might send out duplicate requests. Hence it is important to use Idempotent methods to avoid such errors.
Payload refers to the request data present in the body part of every HTTP request message. However, the payload is not the same as request parameters and can only be passed through the POST method.
Payloads do not have size restrictions, however, more data would consume more bandwidth and take more time to transfer.
The process of storing server response so that it can be used whenever required is called caching. This reduces the need to generate the same response again, increasing performance and server load time.
Some example of tools used to develop and test RESTful APIs are:
Spring REST web service using MVC
- Jersey API
Cache-control headers help attain caching ability and are also used to control caching.
The most commonly used cache-control headers are:
- Public - Resources marked as public can be cached by any component between the client and the server.
- Private - These resources are marked private and can only be cached by the client.
- No-Store - In this third type, browsers aren’t allowed to cache a response and the data must be always pulled from the client. This type of cache control is used for sensitive data like bank details or passwords.
Postman is a popular tool that is used to develop and test API workflows. It has been adopted widely as it helps manage each step of the API lifecycle facilitating development.
Postman provides a one-stop to help design, test, document, and publish your API.
Since web services often deal with a lot of confidential information, the security of the application becomes a major concern. Below are a few issues to keep in mind.
- Encryption - A web service may consist of multiple applications and could potentially contain a weak node. Hence a safe practice is to encrypt data so that they remain confidential at any cost.
- Authentication - This issue arises when dealing with a large user base. Authentication prevents other people from accessing user data and it also helps you keep track of user activity.
- AJAX supports asynchronous requests and thereby does not require constant client-server interactions
- AJAX dynamically updates the UI without reloading the page
- REST uses a URL and a request/response pattern to access resources
- REST requires a constant client-server interaction
- REST requests data or information from the server and then updates it
JAX-RS stands for Java API for RESTful web services. It is a Java-based specification, developed for the implementation of Java in RESTful services.
JAX-RS helps REST applications communicate well with Java. It is also used for SOAP communication in Java.
Some of the common implementations of JAX-RS are:
- Apache CXF