REST API - Interview Questions
REST APIs (Representational State Transfer Application Programming Interfaces) are a fundamental technology in modern software development, widely adopted for their simplicity, scalability, and interoperability.
According to a 2023 survey by Postman, over 89% of developers reported using REST APIs in their projects, making it the most popular API architecture. This widespread usage stems from the reliance on standard HTTP protocols, which are universally supported and easy to implement. Major platforms like GitHub, Twitter, and Stripe rely on REST APIs to handle billions of requests daily. Their ability to support high-performance, maintainable, and interoperable systems has solidified their position as a critical tool in the development of modern software systems.
Let’s explore some key questions and answers about REST APIs that every developer should know, with a particular emphasis on REST API best practices.
1. What is a REST API?
A REST API is a web service that follows REST architectural principles for communication between client and server. JSON is often used as the format for sending and receiving data in REST APIs because of its lightweight and human-readable nature.
Consider an example where a client may request user information from a REST API and receive a response in JSON format:
Request:
GET /api/users/1
Response:
{
"id": 1,
"name": "John Doe",
"email": "john.doe@example.com"
}
XML, YAML and Text based formats are less popular. Check out Data Serialization Formats for more details.
2. How do you secure your REST API?
Ensuring the security of a REST API involves several strategies:
- Use HTTPS to encrypt data in transit.
- Authentication and Authorization: Implement strong authentication mechanisms and ensure that each API request is authorized to access the requested resources.
- Validate Inputs to protect against SQL injection and other types of attacks.
- Rate Limiting to prevent abuse and denial-of-service attacks.
- Regularly update and patch the API and its environment to protect against known vulnerabilities.
3. What are the HTTP methods in REST APIs?
In REST APIs, HTTP methods (also known as HTTP verbs) are used to perform specific actions on resources identified by URIs (Uniform Resource Identifiers). These methods define the type of operation the client wants to perform on the server. Below is a detailed explanation of the primary HTTP methods used in REST APIs:
The main HTTP methods used in REST APIs are:
- GET: Retrieve data from a server.
- POST: Submit data to a server to create or update a resource.
- PUT: Update a resource on the server.
- DELETE: Remove a resource from the server.
- PATCH: Apply partial modifications to a resource.
Refer to CRUD Operations for more details.
4. How do you handle versioning in a REST API?
Rest API versioning is not hard. it can be done in several ways:
- URI Versioning: Including the version number in the URI (e.g.,
/api/v1/resource
). This is quite popular among public APIs. - Header Versioning: Specifying the version in a custom request header. This is less popular and used in some closed sourced, internal B2B integrations.
- Parameter Versioning: Using a request parameter to specify the version (e.g.,
/api/resource?version=1
). This is extremely less popular.
Each method has its pros and cons, and the choice depends on the specific requirements of your application.
5. What is idempotency in REST APIs?
Idempotency in REST APIs refers to the ability of an operation to be applied multiple times without changing the result beyond the initial application.
PUT
,DELETE
, andGET
HTTP methods are idempotent.POST
is not idempotent because it is designed to create a new resource on each call.
For example, no matter how many times you call the DELETE /api/posts/1
request, the post with id 1
will be deleted only once.
6. How can you handle pagination in REST APIs?
Handling pagination involves breaking the response data into manageable chunks or pages. This can be achieved by using query parameters such as limit
(to control the number of items returned) and offset
or page
(to specify which chunk of data to return).
Approach 1: Using page
index and limit
parameter. The following retrieves the records from 11 to 20 using page number
GET /api/posts?page=2&limit=10
Approach 2: Using offset
and limit
parameters. The following example retrieves the records from 11 to 20 using offset.
GET /api/posts?offset=10&limit=10
7. What are HTTP status codes, and why are they important in REST APIs?
HTTP status codes are standardized codes returned by the server to indicate the result of a client's request. REST API rely directly on these status codes to provide immediate feedback to the client about the success or failure of the action, and the nature of any errors encountered. For example,
- 200 OK: The request has succeeded.
- 201 Created: A new resource has been created.
- 400 Bad Request: The server could not understand the request due to invalid syntax, or wrong parameter.
- 404 Not Found: The requested resource or entity could not be found.
- 500 Internal Server Error: The server encountered an unexpected condition.
8. How do you manage state in a RESTful architecture?
RESTful architectures are stateless, meaning that each request from a client to a server must contain all the information needed to understand and complete the request. State is managed on the client-side and, if necessary, passed to the server via query parameters, request headers, or in the request body.
For example, if a user's session is authenticated, the session token must be sent with each request, often in the Authorization
or Cookie
headers.
9. What is the difference between PUT and PATCH requests?
This is most confused among developers. PUT
and PATCH
are both used for updating resources, but they differ in how they handle the update.
- A
PUT
request replaces the entire resource with the new version. - A
PATCH
request only applies partial updates to the resource, making PATCH more efficient for small or inline changes.
10. How should a REST API handle errors?
A REST API should handle errors by returning standard HTTP status codes along with a message in the body that provides more details about the error. It's good practice to structure the error response in a consistent format, including fields for an error code, message, and possibly a detailed description or link to more information. This approach helps clients understand and properly handle errors.
An example error response for a request to a nonexistent resource might look like one of these. The choice of format depends on your application.
{
"error": {
"code": "not_found",
"message": "The requested resource was not found."
}
}
or
{
"status": 404,
"error": "NotFound",
"message": "The requested resource was not found."
}
Get a comprehensive knowledge about REST API Errors and how to make them developer friendly.
11. What is a Resource in REST APIs?
In REST, a resource is any content or information that can be named or addressed via a URI. For example, in GET /api/users/123
, the resource is a user with ID 123
.
12. What are query parameters and path parameters in REST APIs?
-
The path parameters are part of the URL path, indicating a specific resource.
Example:
GET /api/users/123
-
The query parameters are appended to the URL , often used for filtering, searching, or pagination. Query parameters are always come after
?
symbol.Example:
GET /api/posts?author=JohnDoe
13. What is the purpose of the OPTIONS
HTTP method in REST APIs?
The OPTIONS
method is used to retrieve information about the communication options available for a resource. It typically returns the allowed HTTP methods (e.g., GET, POST) in the Allow header. Get more details in the CORS Headers section here.
14. What are the best practices for naming REST API endpoints?
- Use nouns to represent resources (e.g.,
/users
,/posts
). - Use plural nouns for consistency.
- Avoid verbs in endpoint names (e.g., use GET
/users
instead of GET/getUsers
). - Use hyphens (-) for readability in multi-word resource names (e.g.,
/user-profiles
).
15. How do you handle file uploads in REST APIs?
File uploads can be handled using the multipart/form-data content type. The client sends the file as part of the request body, and the server processes it. Example:
POST /api/upload
Content-Type: multipart/form-data
Body: (file data)
16. What is the role of the Content-Type header in REST APIs?
The Content-Type
header specifies the media type of the request or response body (e.g., application/json
, application/xml
). It ensures that the client and server understand the format of the data being exchanged. Checkout a detailed page on Content-Type.
17. How do you handle rate limiting in REST APIs?
Rate limiting can be implemented using headers like X-RateLimit-Limit
(total allowed requests) and X-RateLimit-Remaining
(remaining requests). When the limit is exceeded, the server can return a 429 Too Many Requests
status code. Read more about API Rate Limits in a dedicated article.