REST API - Interview Questions
Let's delve into some essential questions and answers about JSON REST API that every programmer should be familiar with, especially focusing on REST API best practices.
1. What is a REST API and how does JSON fit into it?
A REST API is a web service that follows REST architectural principles for communication between client and server. JSON is often used as the format for sending and receiving data in REST APIs because of its lightweight and human-readable nature.
Consider an example where a client may request user information from a REST API and receive a response in JSON format:
Request:
GET /api/users/1
Response:
{
"id": 1,
"name": "John Doe",
"email": "john.doe@example.com"
}
XML, YAML and Text based formats are less popular. Check out Data Serialization Formats for more details.
2. How do you ensure your REST API is secure?
Ensuring the security of a REST API involves several strategies:
- Use HTTPS to encrypt data in transit.
- Authentication and Authorization: Implement strong authentication mechanisms and ensure that each API request is authorized to access the requested resources.
- Validate Inputs to protect against SQL injection and other types of attacks.
- Rate Limiting to prevent abuse and denial-of-service attacks.
- Regularly update and patch the API and its environment to protect against known vulnerabilities.
3. What are the main HTTP methods used in REST APIs, and what do they mean?
The main HTTP methods used in REST APIs are:
- GET: Retrieve data from a server.
- POST: Submit data to a server to create or update a resource.
- PUT: Update a resource on the server.
- DELETE: Remove a resource from the server.
- PATCH: Apply partial modifications to a resource.
Refer to CRUD Operations for more details.
4. How do you handle versioning in a REST API?
Rest API versioning is not hard. it can be done in several ways:
- URI Versioning: Including the version number in the URI (e.g.,
/api/v1/resource
). This is quite popular among public APIs. - Header Versioning: Specifying the version in a custom request header. This is less popular and used in some closed sourced, internal B2B integrations.
- Parameter Versioning: Using a request parameter to specify the version (e.g.,
/api/resource?version=1
). This is extremely less popular.
Each method has its pros and cons, and the choice depends on the specific requirements of your application.
5. What is idempotency in REST APIs, and which HTTP methods are considered idempotent?
Idempotency in REST APIs refers to the ability of an operation to be applied multiple times without changing the result beyond the initial application.
PUT
,DELETE
, andGET
are considered idempotent HTTP methods.POST
is not idempotent because it is designed to create a new resource on each call.
For example, no matter how many times you call the DELETE /api/posts/1
request, the post with id 1
will be deleted only once.
6. How can you handle pagination in REST APIs?
Handling pagination involves breaking the response data into manageable chunks or pages. This can be achieved by using query parameters such as limit
(to control the number of items returned) and offset
or page
(to specify which chunk of data to return).
Approach 1: The following retrieves the records from 11 to 20 using page number
GET /api/posts?page=2&limit=10
Approach 2: The following retrieves the records from 11 to 20 using offset.
GET /api/posts?offset=10&limit=10
7. What are REST API status codes, and why are they important?
REST API status codes are standardized codes returned by the server to indicate the result of a client's request. They are important because they provide immediate feedback to the client about the success or failure of the request, and the nature of any errors encountered. For example,
- 200 OK: The request has succeeded.
- 201 Created: A new resource has been created.
- 400 Bad Request: The server could not understand the request due to invalid syntax, or wrong parameter.
- 404 Not Found: The requested resource or entity could not be found.
- 500 Internal Server Error: The server encountered an unexpected condition.
8. How do you manage state in a RESTful architecture?
RESTful architectures are stateless, meaning that each request from a client to a server must contain all the information needed to understand and complete the request. State is managed on the client-side and, if necessary, passed to the server via query parameters, request headers, or in the request body.
For example, if a user's session is authenticated, the session token must be sent with each request, often in the Authorization
or Cookie
headers.
9. What is the difference between PUT and PATCH requests?
This is most confused among developers. PUT
and PATCH
are both used for updating resources, but they differ in how they handle the update.
- A
PUT
request replaces the entire resource with the new version. - A
PATCH
request only applies partial updates to the resource, making PATCH more efficient for small or inline changes.
10. How should a REST API handle errors?
A REST API should handle errors by returning standard HTTP status codes along with a message in the body that provides more details about the error. It's good practice to structure the error response in a consistent format, including fields for an error code, message, and possibly a detailed description or link to more information. This approach helps clients understand and properly handle errors.
An example error response for a request to a nonexistent resource might look like one of these. The choice of format depends on your application.
{
"error": {
"code": "not_found",
"message": "The requested resource was not found."
}
}
or
{
"status": 404,
"error": "NotFound",
"message": "The requested resource was not found."
}
11. What is a Resource in REST APIs?
In REST, a resource is any content or information that can be named or addressed via a URI. For example, in GET /api/users/123
, the resource is a user with ID 123
.
12. What are query parameters and path parameters in REST APIs?
-
The path parameters are part of the URL path, indicating a specific resource.
Example:
GET /api/users/123
-
The query parameters are appended to the URL , often used for filtering, searching, or pagination. Query parameters are always come after
?
symbol.Example:
GET /api/posts?author=JohnDoe