Table of Contents
Open Table of Contents
- What is a REST API?
- Explain the main principles of REST.
- What are the main HTTP methods used in RESTful services, and what are their purposes?
- Differentiate between PUT and POST.
- Explain the meaning of status codes in HTTP responses.
- What is the purpose of the OPTIONS HTTP method?
- What is the significance of the “Content-Type” header in an HTTP request?
- How do you handle authentication in a RESTful API?
- What is Cross-Origin Resource Sharing (CORS), and how do you handle it in a REST API?
- How do you version a RESTful API?
- Explain the concept of pagination in REST APIs.
- How would you secure a REST API?
What is a REST API?
Provide a definition of REST (Representational State Transfer) and explain its architectural principles. Mention concepts like statelessness, client-server architecture, and the use of standard HTTP methods.
Explain the main principles of REST.
REST, which stands for Representational State Transfer, is an architectural style that defines a set of constraints to be used when creating web services. Here are the main principles of REST:
-
Statelessness: One of the key principles of REST is statelessness. Each request from a client to a server must contain all the information needed to understand and process the request. The server should not store any information about the client’s state between requests. This makes systems built with REST scalable and easy to maintain. -
Client-Server Architecture: REST follows a client-server architecture where the client and server are separate entities that communicate over a network. The client is responsible for the user interface and user experience, while the server is responsible for processing requests and managing resources. -
Uniform Interface: The uniform interface is a central principle of REST and includes the following constraints:Resource Identification: Resources are identified by unique URIs (Uniform Resource Identifiers).Resource Manipulation through Representations: Resources can be manipulated using representations. A representation is the format in which a resource is presented (e.g., JSON or XML).Self-Descriptive Messages: Each message from the server to the client must contain enough information to describe how to process the message.Hypermedia as the Engine of Application State(HATEOAS): Clients interact with the application entirely through hypermedia provided dynamically by the server. HATEOAS allows the server to guide the client through available actions.
-
Stateless Communication: Each request from a client to a server must contain all the information needed to understand and process the request. The server should not rely on any information stored on the client, and each request should be independent. -
Cacheability: Responses from the server can be explicitly marked as cacheable or non-cacheable. Caching improves performance and reduces the load on the server. -
Layered System: REST allows for a layered system architecture, where each component (e.g., client, server, database) is separate and communicates only with the immediate layer. This separation enables scalability, flexibility, and ease of maintenance.
What are the main HTTP methods used in RESTful services, and what are their purposes?
GET(retrieve data)POST(create data)PUT(update data)PATCH(partially update data)DELETE(remove data).
Differentiate between PUT and POST.
PUT is for updating or creating if not exists POST is for creating new resources.
Explain the meaning of status codes in HTTP responses.
Some common status codes are:
200 OK: indicates that the information requested are provided. Most commonly used when requesting resources usingGET201 Created: indicates that the the resource is successfully created204 No Content: indicates that that the resource is no more existing. Most commly used when aDELETErequest is successful400 Bad Request: indicates that the request of the client is malformed.404 Not Found: indicates that the requested resource or URL does not exist500 Internal Server Error: indicates that something went wrong on the server side and the issue is irrelevant to the client
What is the purpose of the OPTIONS HTTP method?
OPTIONS is used to describe the communication options for the target resource.
What is the significance of the “Content-Type” header in an HTTP request?
The Content-Type header in an HTTP request is significant because it indicates the type of data or media that is
being sent in the body of the request. It informs the server about how to interpret and handle the data it is receiving.
The Content-Type header is crucial for proper communication between the client and the server when exchanging
information, especially in HTTP methods like POST or PUT where data is sent in the request body.
application/json: JSON dataapplication/xml: XML dataapplication/x-www-form-urlencoded: Form datamultipart/form-data: Used for file uploads in formstext/plain: Plain text data
How do you handle authentication in a RESTful API?
There are various ways to handle authentication in a RESTful API. Some common ones are:
API keys: API keys are generated by the API in order to authorize an application to make requests. The keys are generated application, not per userJWT token: One of the most common ways to authenticate a user is by using a JWT token. The token is encrypted and is stored on the client side when a user successfully authenticates. The API decrypts and validates the token every time the user makes a request.OAuth: constitutes a protocol for authorization and authentication in web and mobile apps. The authorization is done by a centralized server.
What is Cross-Origin Resource Sharing (CORS), and how do you handle it in a REST API?
Cross-Origin Resource Sharing (CORS)is a security feature implemented by web browsers to control how web pages in one
domain can request and interact with resources in another domain. It is a mechanism that allows servers to specify
which origins are permitted to access their resources and which HTTP methods and headers can be used in cross-origin
requests.
The server can include CORS-specific HTTP headers in its responses to inform the browser about the permissions granted for cross-origin requests. The key headers include:
Access-Control-Allow-Origin: Specifies which origins are allowed to access the resource. It can be a specific origin, a comma-separated list of origins, or the wildcard ”*” to allow any origin.Access-Control-Allow-Methods: Specifies the HTTP methods (e.g., GET, POST, PUT) allowed for cross-origin requests.Access-Control-Allow-Headers: Specifies the HTTP headers allowed in the actual request.
How do you version a RESTful API?
The are different ways to version a RESTfil API such as using a version number in the URL or using custom request headers.
Explain the concept of pagination in REST APIs.
Pagination can be implemented by using URL parameters to request a certain amount of resources and from which resource to start. The API will calculate which resources respond to the given parameters and return them
How would you secure a REST API?
The are different ways to secure a REST API. Some common ones are:
- Using
HTTPSprotocol - Using authentication (eg. JWT, API Keys)
- Add token expiration and refresh
- Add API rate limiting to control the number of requests a client can make within a time frame. It helps prothe the infrastructure from being overloaded by excessive requests
- Add Cross-Origin Resource Sharing (CORS) protection
- Input Validation and Sanitization