Top REST API Interview Questions & Answers

1. What is REST?

REST stands for REpresentational State Transfer. It is an architectural style for designing networked applications.

2. What is RESTful API?

An API is an application programming interface. A Web API (or Web Service) conforming to the REST architectural style is a REST API or RESTful API. A RESTful API is an interface that allows two systems to exchange information securely over the internet using an HTTP request.

3. Explain the main principles of REST API.

The 6 principles of REST which makes any web service, a RESTful API are -

• Uniform interface
• Client-server
• Stateless
• Cacheable
• Layered system
• Code on demand (optional)

4. Why are RESTful services stateless?

RESTful Services are stateless to ensure reliability and scalability, which means that it does not store any information about the client’s state. Instead, the session on the server is identified by the session identifier which is used to process the client’s request sent by the client.

5. What is the difference between REST and SOAP Web Services?

REST is an architectural style, while SOAP is a protocol. REST uses lightweight data formats like JSON, while SOAP uses XML exclusively. REST uses HTTP methods, while SOAP uses a request/response model.

6. What is the difference between an API and a Web Service?

• All Web services are APIs but not all APIs are Web services.
• A Web service always needs an internet connection to operate while APIs don’t need a network for operation.
• A web service is like advanced URLs and API is a Programmed Interface.
• Web services might not contain all the specifications and cannot perform all the tasks that APIs would perform.
• A Web service uses only three styles of use: SOAP, REST, and XML-RPC for communication whereas API is a programmed interface that can take several forms.

7. What are the main components of a RESTful API?

The three main components of REST API are Uniform Resource Identifiers, HTTP Methods, and HTTP Headers. The URL specifies the path to the resource. An HTTP method tells the server what it needs to do with the resource. Headers are the metadata exchanged between the client and server.

8. Which HTTP methods are supported by RESTful services?

HTTP methods are used to indicate the desired action for a resource. The common HTTP methods used in RESTful services are GET, POST, PUT, DELETE, PATCH, OPTIONS, and HEAD.

9. Describe the commonly used HTTP methods in RESTful services

• GET: This method is used to fetch details from the server which is a read-only operation.
• POST: This method is used to create new resources on the server.
• PUT: This method is used to update or replace existing resources on the server.
• DELETE: This method is used to delete resources from the server.
• PATCH: This method is used to modify resources on the server.

10. What is the difference between PUT and POST?

• POST creates a new resource on the server, while PUT updates an existing resource at a specific URI with another one.
• POST is not idempotent, while PUT is idempotent and it will only result in one resource even after calling it multiple times.
• POST responses are cacheable, while PUT responses are not.

11. What is the difference between PUT and PATCH requests in REST?

• PUT is used to update a resource on the server, while PATCH updates part of a resource.
• PUT requires the entire resource to be sent in the request body, while PATCH requires only the changes to be sent in the request body.
• PUT is used to update the entire message, whereas PATCH can be used to update specific attributes within a message.

12. What is CRUD?

CRUD stands for Create, Read, Update, and Delete which represents the fundamental operations performed on resources in a REST API.

13. What is a Resource?

In REST, the primary data representation is called resource. A resource can be a singleton or a collection. For example, “customers” is a collection resource, and “customer” is a singleton resource in an e-commerce domain.
These resources are addressable by URLs and HTTP methods can perform operations on resources.

14. What do you mean by URI and URL?

REST APIs use Uniform Resource Identifiers (URIs) to address resources. URI (Uniform Resource Identifier) is a string of characters that identifies a name or a resource on the Internet, while URL (Uniform Resource Locator) is a type of URI that specifies the network location of a resource and how to access it.
In other words, a URL is a type of URI that includes the protocol (HTTP, FTP, etc.), the domain name, and the path to the resource.

15. What are the core components of HTTP requests?

• HTTP Method
• URI
• HTTP version
• Request Header
• Request Body

16. What are the main components of an HTTP response?

The main parts of the HTTP response are the HTTP version, response status code, Response Header, and Response body.

17. What are the most common HTTP response status codes?

Some of the most common HTTP response status codes are 200 OK, 201 Created, 400 Bad Request, 401 Unauthorized, 403 Forbidden, 404 Not Found, 500 Internal Server Error, 502 Bad Gateway, 503 Service Unavailable, etc.

18. Why are REST services easily scalable?

REST services are scalable as it is stateless in that they do not store data on the server even though they are requested and do not require much communication.

19. Which markup language is used to represent the resources?

The resources in REST APIs are represented with the help of XML (extensible markup language) and JSON (JavaScript Object Notation).

20. What is Caching in REST?

It is the process of storing the responses sent by the server so that it can be used whenever required to reduce the server load time is called caching.

21. How to implement caching in RESTful APIs?

Caching stores responses to reduce server load and improve performance. It can be implemented using HTTP cache headers like Cache-Control and ETag to indicate whether a response can be cached and for how long.

22. How can you secure a REST API?

REST APIs can be kept secure with the help of safety measures such as Authentication and authorization mechanism, API Server Validation, and TSl/SSL Encryption, and sensitive information such as username, password, or tokens should not be visible in URIs.

23. How Do You Handle Authentication In A REST API?

Authentication can be handled using various methods, including API keys, OAuth2, JWT (JSON Web Tokens), and basic authentication. The selection of authentication methods depends on security requirements.

24. What is Basic Authentication in REST?

This is a simple authentication method that involves sending the client's username and password in the request header as base64-encoded values.

25. What do you mean by OAuth?

OAuth is a widely used authentication method that allows clients to access resources owned by a third-party API on behalf of the resource owner. It involves obtaining an access token from the API, which the client can then include in the request header to authenticate the request.

26. What are ‘Options’ in REST APIs?

Options in REST APIs are an HTTP method that fetches all the various operations that are supported. It returns data describing what other methods and operations the server supports at the given URL.

27. What do you mean by payloads?

Payload refers to the request data present in the request body of any HTTP request. Mostly it is used while using the POST method.

28. What is ‘Messaging’ in REST web services?

A client sends a message in the form of an HTTP Request and the server responds in the form of an HTTP Response called Messaging. In other words, the exchange of information or communication between the client and the server using HTTP messages.

29. What is ‘Addressing’ in REST web services?

Addressing in REST refers to the mechanism by which a resource or multiple resources are located lying on the server. URLs provide a unique and standardized way to locate and interact with resources in the system.
The URL format is:

<protocol>://<application_name>/ <resource_type>/ <resource_id> 

30. Give some real-world examples of REST APIs.

• Google Maps makes its data publicly in real-time via API that makes its mapping data available to developers.
• To show weather information, weather apps connect public APIs that share weather data.
• Airlines provide APIs to share their flight timings and prices.

31. What are the advantages of using REST APIs?

• REST is considerably the most common method for building web APIs because it's easy to scale, flexible, and portable and works independently from the client and server, which makes development easy.
• It has a lightweight architecture which makes it faster than those built with other types of APIs.
• REST uses simple web technologies like XML and JSON, making it easy to learn.
• REST is easy to test using API testing tools like Postman.

32. What are the disadvantages of REST APIs?

• As the RESTful web services follow statelessness, it is a beneficial yet drawback tool. It makes it almost impossible to maintain sessions.
• REST can only get the security restrictions prescribed by the protocols implemented. We cannot enforce security restrictions in REST.

33. What is AJAX?

AJAX stands for Asynchronous javascript and XML. AJAX supports asynchronous requests and thus does not require constant client-server interactions.

34. How AJAX is different from REST?

AJAX and REST are two different approaches to building web applications that involve client-server communication. As they are not alternatives, they are overlapping concepts. AJAX can be used to make RESTful web service calls, as it allows for asynchronous communication with the server, and can handle the HTTP methods used in RESTful web services.

AJAX is a web development method that enables data to be transmitted asynchronously between client and server without reloading the whole page again which improves user interaction with websites.

REST is a prototype for designing web services. It is built on HTTP and makes use of existing HTTP methods.

35. What do you mean by idempotent methods?

An Idempotent method means that if a single request is called multiple times, the response will always same no matter how many times it has been called.

36. How do you handle file uploads in a RESTful API?

To upload files, use multi-part form requests to specify destination and file information. Two files cannot have the same name in a given folder as file names are not case-sensitive.
You can make a file upload request like this using the curl command-line tool:

curl -X POST -H "Content-Type: multipart/form-data" -F "file=@/path/to/file.jpg"http://example.com/api/upload

This would send a POST request to the /api/upload endpoint with the contents of the file.jpg file included as a multipart/form-data part. The server could then process the request and handle the file upload.

37. What are rate limits, and why might an API impose them?

Rate limits restrict the number of requests a user can make within any given timeframe. API rate limiting helps to protect the API from malicious bot attacks and DDoS attacks.

38. What is versioning in a RESTful API?

When any changes and new features are implemented in new versions of the API instead of continually altering just one version, then it is called versioning of REST APIs.

39. How can you achieve versioning in a RESTful service?

Versioning can be done in many ways like through URI path, headers, request parameters, or content negotiation. URI path is the most common technique of versioning. This strategy involves putting the version number in the path of the URI, and is often done with the prefix "v".
For example-

http://www.example.com/api/v1/products
http://api.example.com/v1/products

40. What are webhooks?

Webhooks are user-defined HTTP callbacks – they notify changes, so they are called “event-based APIs.” When that event occurs is seen by the webhook, it will then initiate and carry out its programming, performing any number of tasks that are assigned according to the specific event. For example, when a user purchases an e-commerce site, the site can send a webhook to a payment service to process the payment, or to an email service to send a confirmation email.

41. What are the similarities and differences between Webhooks and REST APIs?

Similarities

APIs and webhooks are both designed to send data between an application and a server. The way they communicate is also very similar. They’re using the same protocols to establish connections and send data.

Differences

The main difference between them is that webhooks do not need to request a response, while APIs demand requests to get a response. Webhooks are great for downloading or uploading data updates to or from an external system when a trigger is met. Meanwhile, an API is designed specifically to maintain communication. Webhooks can’t handle complicated data streams in the same way that APIs can like intense two-way encryption is very hard for webhooks.

42. What do you understand about JAX-RS?

JAX-RS stands for Java API for RESTful web services. It is a Java-based specification implemented for RESTful services and defined by JEE. It provides recommendations and annotations for developing RESTful web services to make the creation of RESTful APIs in Java easier.

43. How can RESTful web services be tested?

The RESTful web services can be tested with the help of tools such as Swagger or Postman, which enable users to check query parameters, response headers, headers, etc.

44. What is the purpose of HTTP headers in REST API?

HTTP headers provide metadata about the request/response like content type, authorization, caching directives, and more. They provide additional context to the message.

45. How can you implement pagination in a RESTful API?

Pagination can be implemented by adding query parameters like (? page=2) to the API endpoint or response headers. The server then returns a subset of results per page.

46. How is JAXB related to RESTful web API?

JAXB is a Java Architecture used for XML binding in RESTful web API. XML documents can be mapped to Java objects and vice versa using JAXB, a Java technology. Although JAXB is not specifically REST, it can be used with RESTful web services to process XML data.

47. Explain cross-origin resource sharing (CORS).

CORS is a browser security feature to control which domains can access your API. Proper CORS configuration is essential as it is enforced by browsers to prevent unauthorized access.

48. What is content negotiation in RESTful web services?

Content negotiation is the process of selecting the specific representation for a response based on the client’s request. Clients can specify their chosen representation format (like JSON, XML, or HTML) using the Accept header in the HTTP request. The server can then return the response in the requested format if it’s available.

49. What are the different media types used in content negotiation?

Media types are identifiers used to indicate the format of a resource representation. Some common media types used in content negotiation using the HTTP request header Content-Type are application/JSON, application/xml, and text/html, etc.

50. What is HATEOAS and how is it used in RESTful web services?

HATEOAS stands for “Hypermedia as the Engine of Application State”. It’s a constraint of RESTful web services that suggests that the service should provide links to related resources along with the response data.

For example, the response returned by the server contains hypermedia links that can be navigated by the client.
This means that clients can determine the available actions they can take by following links in the response, rather than being hard-coded to a specific set of API endpoints. This makes the API more flexible and easier to change over time.