17 Essential REST API Interview Questions

Hello, fellow developers, based on the response I got from my previous posts I have compiled another list of essential RestAPI interview questions that I felt every developer should know.

Do drop your thoughts in the comments section below. Also, feel free to comment in case you find any content to be incorrect.

1. What are RESTful web services? Also mention their features.

Services that allow REST architecture is called RESTful web services. REST or Representational State Transfer uses the HTTP web protocol.

Some major features of REST architecture are:

  • Services are lightweight and hence can be easily maintained
  • Supports communication across applications developed in other languages
  • Testing RESTful web services is quite easy

2. What is the concept of statelessness in REST?

The REST architecture is called stateless as it does not store any state related to the client session on the server. Essentially session states are entirely kept on the client side. This is effectively called Statelessness.

It ensures that the server cannot take undue advantage of any stored data. However, since no data is stored, each request from the client to the server must contain all the necessary information about the request.

3. What are the advantages and disadvantages of Statelessness in REST APIs?

Advantages of statelessness:

  • Statelessness allows scaling of the APIs to millions of concurrent users as it does not have any session-related dependencies and can be deployed on any server
  • The server knows "where" each client is in the application as all the necessary information is sent with each request
  • Statelessness makes REST APIs simpler as it removes all complexity involving server-side synchronization

Disadvantages of Statelessness:

  • A lot of additional information must be sent along with each request for the client
  • This repeated data transfer may decrease network performance Being stateless also reduces the server-side control over the application’s behavior

4. Explain ‘Addressing’ in RESTful WEB service.

The process of locating resources on a server is called addressing. In RESTful web services, these resources are addressed using a URL. These addresses could either refer to a single or even multiple resources.

<protocol>://<application-name>/<type-of-resource>/<id-of-resource>

5. What are "Options" in REST APIs?

Options is an HTTP method that fetches all the various HTTPS options/operations that are supported. This helps the client decide which operations can be used.

REST Option methods are also used for Cross-origin Resource Sharing (CORS).

6. What are HTTP status codes?

HTTP status codes are a common REST API interview question. These Status codes are divided into five categories with multiple codes under them. The most commonly used codes under each category are listed below.

  • Format - "1XX" - Used to represent transfer protocol level informational responses
  • Format - "2XX" - Used to represent successful responses
    • "200" (OK) - Represents that the request was successfully carried out
    • "201" (CREATED) - Represents the successful creation of a resource
  • Format - "3XX" - Used to represent redirects
  • Format - "4XX" - Used to represent client-side errors
    • "400" (BAD REQUEST) - Represents errors or missing data
    • "401" (FORBIDDEN) - Represents that the user does not have necessary access
    • "404" (NOT FOUND) - Represents that the resource method is not available
  • Format - "5XX" - Used to represent server-side errors
    • "500" (INTERNAL SERVER ERROR) - Represents that the server threw some exceptions
    • "502" (BAD GATEWAY) - Represents that the server could not get a response from another server

7. List the various HTTP methods supported by REST

The various HTTP methods supported by REST are:

  • GET - This method fetches the resource at the requested URL
  • POST - This method submits a new resource to the server
  • PUT - This method updates an existing resource that's already on the server
  • DELETE - This method deletes a resource from the server
  • OPTION - This method fetches the list of supported HTTP methods

8. What is messaging in RESTful web services?

In REST web services, the client sends messages to the server and the server responds using HTTP requests. The process or technique in which any form of communication takes place is called Messaging.

These messages contain message data, metadata, and all the other relevant data about the message.

9. What are Idempotent methods?

Idempotent methods are methods that return the same outcome irrespective of how many times the same request has been made.

These methods are important as there are common instances where the client-side might send out duplicate requests. Hence it is important to use Idempotent methods to avoid such errors.

10. What are payloads in RESTFul web services?

Payload refers to the request data present in the body part of every HTTP request message. However, the payload is not the same as request parameters and can only be passed through the POST method.

Payloads do not have size restrictions, however, more data would consume more bandwidth and take more time to transfer.

11. What do you mean by caching?

The process of storing server response so that it can be used whenever required is called caching. This reduces the need to generate the same response again, increasing performance and server load time.

12. Can you give examples of tools that can be used to develop or test RESTful web services?

Some example of tools used to develop and test RESTful APIs are:

Spring REST web service using MVC

  • Jersey API
  • CXF
  • Axis
  • Restlet

13. What are cache-control headers?

Cache-control headers help attain caching ability and are also used to control caching.

The most commonly used cache-control headers are:

  • Public - Resources marked as public can be cached by any component between the client and the server.
  • Private - These resources are marked private and can only be cached by the client.
  • No-Store - In this third type, browsers aren’t allowed to cache a response and the data must be always pulled from the client. This type of cache control is used for sensitive data like bank details or passwords.

14. What is Postman? Why is it used?

Postman is a popular tool that is used to develop and test API workflows. It has been adopted widely as it helps manage each step of the API lifecycle facilitating development.

Postman provides a one-stop to help design, test, document, and publish your API.

15. What are the major security issues faced by web services?

Since web services often deal with a lot of confidential information, the security of the application becomes a major concern. Below are a few issues to keep in mind.

  • Encryption - A web service may consist of multiple applications and could potentially contain a weak node. Hence a safe practice is to encrypt data so that they remain confidential at any cost.
  • Authentication - This issue arises when dealing with a large user base. Authentication prevents other people from accessing user data and it also helps you keep track of user activity.

16. What is the difference between AJAX and REST?

AJAX

  • Requests are sent to the server using the XMLHttpRequest object. Javascript later interprets the response and changes the page dynamically
  • AJAX supports asynchronous requests and thereby does not require constant client-server interactions
  • AJAX dynamically updates the UI without reloading the page

REST

  • REST uses a URL and a request/response pattern to access resources
  • REST requires a constant client-server interaction
  • REST requests data or information from the server and then updates it

17. What is JAX-RS?

JAX-RS stands for Java API for RESTful web services. It is a Java-based specification, developed for the implementation of Java in RESTful services.

JAX-RS helps REST applications communicate well with Java. It is also used for SOAP communication in Java.

Some of the common implementations of JAX-RS are:

  • Jersey
  • RESTEasy
  • Apache CXF
  • Play