Skip to main content

REST API - Interview Questions

REST APIs (Representational State Transfer Application Programming Interfaces) are a fundamental technology in modern software development, widely adopted for their simplicity, scalability, and interoperability.

According to a 2023 survey by Postman, over 89% of developers reported using REST APIs in their projects, making it the most popular API architecture. This widespread usage stems from the reliance on standard HTTP protocols, which are universally supported and easy to implement. Major platforms like GitHub, Twitter, and Stripe rely on REST APIs to handle billions of requests daily. Their ability to support high-performance, maintainable, and interoperable systems has solidified their position as a critical tool in the development of modern software systems.

Let’s explore some key questions and answers about REST APIs that every developer should know, with a particular emphasis on REST API best practices.

Build REST APIs without a Server

Create and deploy REST APIs for learning, tutorials, interviews and demos.
No code, no servers required.

Create mock APIs in seconds Test all HTTP methods
Practice API versioning Learn best practices

No codeNo downloadsNo credit card required

1. What is a REST API?

A REST API is a web service that follows REST architectural principles for communication between client and server. JSON is often used as the format for sending and receiving data in REST APIs because of its lightweight and human-readable nature.

Consider an example where a client may request user information from a REST API and receive a response in JSON format:

Request:

GET /api/users/1

Response:

{
  "id": 1,
  "name": "John Doe",
  "email": "john.doe@example.com"
}

XML, YAML and Text based formats are less popular. Check out Data Serialization Formats for more details.

2. How do you secure your REST API?

Ensuring the security of a REST API involves several strategies:

  • Use HTTPS to encrypt data in transit.
  • Authentication and Authorization: Implement strong authentication mechanisms and ensure that each API request is authorized to access the requested resources.
  • Validate Inputs to protect against SQL injection and other types of attacks.
  • Rate Limiting to prevent abuse and denial-of-service attacks.
  • Regularly update and patch the API and its environment to protect against known vulnerabilities.

3. What are the HTTP methods in REST APIs?

In REST APIs, HTTP methods (also known as HTTP verbs) are used to perform specific actions on resources identified by URIs (Uniform Resource Identifiers). These methods define the type of operation the client wants to perform on the server. Below is a detailed explanation of the primary HTTP methods used in REST APIs:

The main HTTP methods used in REST APIs are:

  • GET: Retrieve data from a server.
  • POST: Submit data to a server to create or update a resource.
  • PUT: Update a resource on the server.
  • DELETE: Remove a resource from the server.
  • PATCH: Apply partial modifications to a resource.

Refer to CRUD Operations for more details.

4. How do you handle versioning in a REST API?

Rest API versioning is not hard. it can be done in several ways:

  • URI Versioning: Including the version number in the URI (e.g., /api/v1/resource). This is quite popular among public APIs.
  • Header Versioning: Specifying the version in a custom request header. This is less popular and used in some closed sourced, internal B2B integrations.
  • Parameter Versioning: Using a request parameter to specify the version (e.g., /api/resource?version=1). This is extremely less popular.

Each method has its pros and cons, and the choice depends on the specific requirements of your application.

5. What is idempotency in REST APIs?

Idempotency in REST APIs refers to the ability of an operation to be applied multiple times without changing the result beyond the initial application.

  • PUT, DELETE, and GET HTTP methods are idempotent.
  • POST is not idempotent because it is designed to create a new resource on each call.

For example, no matter how many times you call the DELETE /api/posts/1 request, the post with id 1 will be deleted only once.

6. How can you handle pagination in REST APIs?

Handling pagination involves breaking the response data into manageable chunks or pages. This can be achieved by using query parameters such as limit (to control the number of items returned) and offset or page (to specify which chunk of data to return).

Approach 1: Using page index and limit parameter. The following retrieves the records from 11 to 20 using page number

GET /api/posts?page=2&limit=10

Approach 2: Using offset and limit parameters. The following example retrieves the records from 11 to 20 using offset.

GET /api/posts?offset=10&limit=10