Top 30 REST API Interview Questions - you must know in 2020
REST API is extensively considered as the standard protocol for the web APIs. Learn the most advanced REST API Interview Q&A you may face in your next interview.
Q1: What is REST Web Services?
REST is the acronym for REpresentational State Transfer.
REST is a stateless client-server architecture where web services are resources and can be identified by their URIs. Client applications can use HTTP GET/POST methods to invoke Restful web services. REST doesn’t specify any specific protocol to use, but in almost all cases it’s used over HTTP/HTTPS.
When compared to SOAP web services, these are lightweight and doesn’t follow any standard. We can use XML, JSON, text or any other type of data for request and response.
Q2: What are advantages of REST web services?
Some of the advantages of REST web services are:
- Learning curve is easy since it works on HTTP protocol
- Supports multiple technologies for data transfer such as text, xml, json, image etc.
- No contract defined between server and client, so loosely coupled implementation.
- REST is a lightweight protocol
- REST methods can be tested easily over browser.
Q3: Which protocol is used by RESTful webservices?
RESTful web services make use of HTTP protocol as a medium of communication between client and server.
Q4: What is a Resource in Restful web services?
Resource is the fundamental concept of Restful architecture.
A resource is an object with:
- a type,
- relationship with other resources and
- methods that operate on it.
Resources are identified with:
- their URI,
- HTTP methods they support and
- request/response data type and format of data.
REST Server simply provides access to resources and REST client accesses and modifies the resources.
Q5: Mention some key characteristics of REST?
Some key characteristics of REST includes:
REST is stateless, therefore the SERVER has no state (or session data)
With a well-applied REST API, the server could be restarted between two calls as every data is passed to the server
Web service mostly uses POST method to make operations, whereas REST uses GET to access resources
Q6: What is purpose of a URI in REST based webservices?
URI stands for Uniform Resource Identifier. Each resource in REST architecture is identified by its URI. Purpose of an URI is to locate a resource(s) on the server hosting the web service.
A URI is of following format:
Q7: What is the difference between Monolithic, SOA and Microservices Architecture?
Monolithic Architecture is similar to a big container wherein all the software components of an application are assembled together and tightly packaged.
A Service-Oriented Architecture is a collection of services which communicate with each other. The communication can involve either simple data passing or it could involve two or more services coordinating some activity.
Microservice Architecture is an architectural style that structures an application as a collection of small autonomous services, modeled around a business domain.
Q8: What is the use of Accept and Content-Type Headers in HTTP Request?
Accept headers tells web service what kind of response client is accepting, so if a web service is capable of sending response in XML and JSON format and client sends Accept header as application/xml then XML response will be sent. For Accept header application/json, server will send the JSON response.
Content-Type header is used to tell server what is the format of data being sent in the request. If Content-Type header is application/xml then server will try to parse it as XML data. This header is useful in HTTP Post and Put requests.
Q9: Mention what are the HTTP methods supported by REST?
HTTP methods supported by REST are:
GET: It requests a resource at the request URL. It should not contain a request body as it will be discarded. Maybe it can be cached locally or on the server.
POST: It submits information to the service for processing; it should typically return the modified or new resource
PUT: At the request URL it update the resource
DELETE: At the request URL it removes the resource
OPTIONS: It indicates which techniques are supported
HEAD: About the request URL it returns meta information
Q10: Mention what is the difference between PUT and POST?
PUT puts a file or resource at a particular URI and exactly at that URI. If there is already a file or resource at that URI, PUT changes that file or resource. If there is no resource or file there, PUT makes one
POST sends data to a particular URI and expects the resource at that URI to deal with the request. The web server at this point can decide what to do with the data in the context of specified resource
PUT is idempotent meaning, invoking it any number of times will not have an impact on resources.
However, POST is not idempotent, meaning if you invoke POST multiple times it keeps creating more resources.
Q11: What are the best practices to create a standard URI for a web service?
Following are important points to be considered while designing a URI:
- Use Plural Noun − Use plural noun to define resources. For example, we've used users to identify users as a resource.
- Avoid using spaces − Use underscore or hyphen when using a long resource name, for example, use authorized_users instead of authorized%20users.
- Use lowercase letters − Although URI is case-insensitive, it is good practice to keep url in lower case letters only.
- Maintain Backward Compatibility − As Web Service is a public service, a URI once made public should always be available. In case, URI gets updated, redirect the older URI to new URI using HTTP Status code, 300.
- Use HTTP Verb − Always use HTTP Verb like GET, PUT, and DELETE to do the operations on the resource. It is not good to use operations names in URI.
Q12: What is statelessness in RESTful Webservices?
As per REST architecture, a RESTful web service should not keep a client state on server. This restriction is called statelessness. It is responsibility of the client to pass its context to server and then server can store this context to process client's further request. For example, session maintained by server is identified by session identifier passed by the client.
Q13: What are the advantages of statelessness in RESTful Webservices?
Following are the benefits of statelessness in RESTful web services −
Web services can treat each method request independently.
Web services need not to maintain client's previous interactions. It simplifies application design.
As HTTP is itself a statelessness protocol, RESTful Web services work seamlessly with HTTP protocol.
Q14: What is the purpose of HTTP Status Code?
HTTP Status code are standard codes and refers to predefined status of task done at server. For example, HTTP Status 404 states that requested resource is not present on server.
Consider following status codes:
200 - OK, shows success.
201 - CREATED, when a resource is successful created using POST or PUT request. Return link to newly created resource using location header.
304 - NOT MODIFIED, used to reduce network bandwidth usage in case of conditional GET requests. Response body should be empty. Headers should have date, location etc.
400 - BAD REQUEST, states that invalid input is provided e.g. validation error, missing data.
401 - FORBIDDEN, states that user is not having access to method being used for example, delete access without admin rights.
404 - NOT FOUND, states that method is not available.
409 - CONFLICT, states conflict situation while executing the method for example, adding duplicate entry.
500 - INTERNAL SERVER ERROR, states that server has thrown some exception while executing the method.
Q15: Mention what is JAX-WS and JAX-RS?
Both JAX-WS and JAX-RS are libraries (APIs) for doing communication in various ways in Java. JAX-WS is a library that can be used to do SOAP communication in JAVA, and JAX-RS lets you do the REST communication in JAVA.
Q16: What do you mean by idempotent operation?
Idempotent operations means their result will always same no matter how many times these operations are invoked.
Q17: Which type of Webservices methods are to be idempotent?
PUT and DELETE operations are idempotent.
Q18: Which type of Webservices methods are to be read only?
GET operations are read only and are safe.
Q19: What is the difference between PUT and POST operations?
PUT and POST operation are nearly same with the difference lying only in the result where PUT operation is idempotent and POST operation can cause different result.
Q20: What should be the purpose of OPTIONS method of RESTful web services?
It should list down the supported operations in a web service and should be read only.
Q21: What should be the purpose of HEAD method of RESTful web services?
It should return only HTTP Header, no Body and should be read only.
Q22: Which header of HTTP response, provides the date and time of the resource when it was last modified?
Last Modified header provides the date and time of the resource when it was last modified.
Q23: Which header of HTTP response provides control over caching?
Cache-Control is the primary header to control caching.
Q24: Explain Cache-control header.
A standard Cache-control header can help in attaining cache ability. Enlisted below is the brief description of the various cache-control header:
Public: Resources that are marked as the public can be cached by any intermediate components between the client and the server.
Private: Resources that are marked as private can only be cached by the client.
No cache: means that a particular resource cannot be cached and thus the whole process is stopped.
Q25: Which header of HTTP response sets expiration date and time of caching?
Expires header sets expiration date and time of caching.
Q26: Which directive of Cache Control Header of HTTP response indicates that resource is not cachable?
no-cache/no-store directive indicates that resource is not cachable.
Q27: Which directive of Cache Control Header of HTTP response can set the time limit of caching?
max-age directive indicates that the caching is valid up to max-age in seconds. After this, client has to make another request.
Q28: What are the best practices for caching?
Dynamic contents should be cached for few hours only.
Q29: What are the best practices to be followed while designing a secure RESTful web service?
As RESTful web services work with HTTP URLs Paths so it is very important to safeguard a RESTful web service in the same manner as a website is be secured. Following are the best practices to be followed while designing a RESTful web service:
- Validation − Validate all inputs on the server. Protect your server against SQL or NoSQL injection attacks.
- Session based authentication − Use session based authentication to authenticate a user whenever a request is made to a Web Service method.
- No sensitive data in URL − Never use username, password or session token in URL , these values should be passed to Web Service via POST method.
- Restriction on Method execution − Allow restricted use of methods like GET, POST, DELETE. GET method should not be able to delete data.
- Validate Malformed XML/JSON − Check for well formed input passed to a web service method.
- Throw generic Error Messages − A web service method should use HTTP error messages like 403 to show access forbidden etc.
Q30: What is your understanding about JAX-RS?
JAX-RS is defined as the Java API for RESTful web service. Among multiple libraries and framework, this is considered as the most suitable Java programming language based API which supports RESTful web service.
Some of the implementations of JAX-RS are:
- Apache CFX
Among these, Jersey is the most popular framework.