Rest API
What does API stand for?
Application Programming Interface
403
FORBIDDEN - sent when the user does not have access (or is forbidden) to the resource.
What does JSON stand for?
JavaScript Object Notation
MVC
Model View Controller
What is CRUD?
Most common http methods. Create (POST) Read/Retrieve (GET) Update (PUT) Delete (DELETE)
404
NOT FOUND - Resource method is not available.
304
NOT MODIFIED - used in conditional GET requests to reduce the bandwidth use of the network. Here, the body of the response sent should be empty.
Is it possible to send payload in the GET and DELETE methods?
No, the payload is not the same as the request parameters. Hence, it is not possible to send payload data in these methods.
Why is the POST method not idempotent?
POST APIs are usually used for creating a new resource on the server. While calling POST methods N times, there will be N new resources. This does not result in the same outcome at a time.
What does Rest API stand for?
Representational State Transfer
D: Can SOAP use REST as its protocol & vice versa?
SOAP cannot use REST as it is a protocol. REST architecture can have SOAP protocol as part of the implementation.
D: Is SOAP or REST more tightly coupled to the server?
SOAP client is more tightly coupled to the server which is similar to desktop applications having strict contracts. The REST client is more flexible like a browser and does not depend on how the server is developed unless it follows the protocols required for establishing communication.
D: What do SOAP and REST stand for?
Simple Object Access Protocol Representational State Transfer
401
UNAUTHORIZED - This is returned when there is no valid authentication credentials sent along with the request.
3xx
redirects
5xx
server errors
200
success/OK
2xx
successful responses
Can you tell the disadvantages of RESTful web services?
-As the services follow the idea of statelessness, it is not possible to maintain sessions. (Session simulation responsibility lies on the client-side to pass the session id) -REST does not impose security restrictions inherently. It inherits the security measures of the protocols implementing it.
What are the features of RESTful Web Services?
-The service is based on the Client-Server model. -The service uses HTTP Protocol for fetching data/resources, query execution, or any other functions. -The medium of communication between the client and server is called "Messaging". -Resources are accessible to the service by means of URIs. -It follows the statelessness concept where the client request and response are not dependent on others and thereby provides total assurance of getting the required data. -These services also use the concept of caching to minimize the server calls for the same type of repeated requests. -These services can also use SOAP services as implementation protocol to REST architectural pattern.
While creating URI for web services, what are the best practices that needs to be followed?
-While defining resources, use plural nouns. Example: To identify user resource, use the name "users" for that resource. -While using the long name for resources, use underscore or hyphen. Avoid using spaces between words. -The URI is case-insensitive, but as part of best practice, it is recommended to use lower case only. -While developing URI, the backward compatibility must be maintained once it gets published. When the URI is updated, the older URI must be redirected to the new one using the HTTP status code 300. -Use appropriate HTTP methods like GET, PUT, DELETE, PATCH, etc. It is not needed or recommended to use these method names in the URI. Example: To get user details of a particular ID, use /users/{id} instead of /getUser -Use the technique of forward slashing to indicate the hierarchy between the resources and the collections. Example: To get the address of the user of a particular id, we can use: /users/{id}/address
Define Addressing in terms of RESTful Web Services.
Addressing is the process of locating a single/multiple resources that are present on the server. This task is accomplished by making use of URI. The general format of URI is <protocol>://<application-name>/<type-of-resource>/<id-of-resource>
502
BAD GATEWAY - Server was not able to get the response from another upstream server.
400
BAD REQUEST - This can be due to validation errors or missing input data.
201
CREATED - used in POST or PUT methods.
How are Idempotent methods relevant in RESTful web services domain?
Ensure that the responses to a request if called once or ten times or more than that remain the same.
What are Idempotent methods?
Even after calling a single request multiple times, the outcome of the request should be the same. While designing REST APIs, we need to keep in mind to develop idempotent APIs. -because the consumers can write client-side code which can result in duplicate requests intentionally or not.
What is a REST Resource?
Every content in the REST architecture is considered a resource. The resource is analogous to the object in the object-oriented programming world. Represented as: -text files -HTML pages -images -any other dynamic data. The REST Server provides access to these resources whereas the REST client consumes these resources. Every resource is identified globally by means of a URI.
Which HTTP methods are idempotent?
GET, PUT, DELETE, HEAD, OPTIONS, and TRACE
Model
Gets data from Controller. Handles data logic and interacts with database. Sends response back to Controller
View
Gets presentation from Controller. Handles data presentation and dynamically renders it. Sends presentation of data back to Controller.
What is a URL?
Has the information regarding fetching of a resource from its location. Starts with a protocol (like ftp, http etc) and they have the information of the network hostname and the path to the document. It can also have query parameters.
500
INTERNAL SERVER ERROR - server threw some exceptions while running the method.
What is a URN?
Identifies the resource by means of a name that is both unique and persistent. Doesn't always specify where to locate the resource on the internet. They are used as templates that are used by other parsers to identify the resource. Whenever a URN identifies a document, they are easily translated into a URL by using "resolver" after which the document can be downloaded.
S/R: Does your service require AJAX call support?
If yes, REST can be used as it provides the XMLHttpRequest.
S/R: Does your service require statelessness?
If yes, REST is suitable. If no, SOAP is preferred.
S/R: Does your service require support for multiple formats of data?
If yes, REST supports multiple data formats which is why it is preferred in this case.
S/R: Does your service require support for transactions?
If yes, SOAP is preferred as it is good in providing advanced support for transaction management.
S/R: Does your service require a high-security level?
If yes, SOAP is preferred. REST inherits the security property based on the underlying implementation of the protocol. Hence, it can't be preferred at all times.
S/R: Does the client require a formal strict contract?
If yes, SOAP provides strict contracts by using WSDL. Hence, SOAP is preferred here.
HTTP Version
Indicates the HTTP protocol version.
Controller
Is a middle man and handles request flow from user. Sends data to the Model and View. Receives data back from Model and View.
What are the HTTP Methods?
Major portion of uniform interface restriction followed by the REST that specifies what action has to be followed to get the requested resources. GET POST PUT DELETE PATCH OPTIONS
How does a Rest API work?
Make a call from a client to a server and you get data back from a http protocol
Can you tell what constitutes the 5 core components of HTTP Request?
Method/Verb URI HTTP Version Request Header Request Body
What is Payload in terms of RESTful web services?
Payload refers to the data passes in the request body. It is not the same as the request parameters. The payload can be sent only in POST methods as part of the request body.
S/R: Do you want services that are easy to develop, test, and maintain frequently?
REST is known for simplicity, hence it is preferred.
What makes REST services to be easily scalable?
REST services follow the concept of statelessness which essentially means no storing of any data across the requests on the server. This makes it easier to scale horizontally because the servers need not communicate much with each other while serving requests.
How can you test RESTful Web Services?
RESTful web services can be tested using various tools like Postman, Swagger, etc. Postman provides a lot of features like sending requests to endpoints and show the response which can be converted to JSON or XML and also provides features to inspect request parameters like headers, query parameters, and also the response headers. Swagger also provides similar features like Postman and it provides the facility of documentation of the endpoints too. We can also use tools like Jmeter for performance and load testing of APIs.
What constitutes the core components of HTTP Response?
Response Status Code HTTP Version Response Header Response Body
S/R: Does your service require both synchronous and asynchronous requests?
SOAP has support for both sync/async operations.REST only supports synchronous calls.
S/R: What is the bandwidth/resource required?
SOAP involves a lot of overhead while sending and receiving XML data, hence it consumes a lot of bandwidth. REST makes use of less bandwidth for data transmission.
D: What do SOAP and REST do?
SOAP is a protocol used to implement web services. REST is an architectural design pattern for developing web services
S/R: Do you want to expose resource data or business logic?
SOAP is commonly used for exposing business logic and REST for exposing data.
D: Which is more commonly preferred? SOAP or REST?
SOAP is not commonly preferred, but they are used in cases which require stateful data transfer and more reliability. REST is commonly preferred by developers these days as it provides more scalability and maintainability.
D: Which is faster? SOAP or REST?
SOAP is slower. REST is faster.
D: Which requests can be cached? SOAP or REST?
SOAP reads are not cacheable. REST read requests can be cached.
D: Is SOAP or REST stricter?
SOAP specifies standards that are meant to be followed strictly. REST defines standards but they need not be strictly followed.
D: What type of formats do SOAP or REST support?
SOAP supports only XML transmission between the client and the server. REST supports data of multiple formats like XML, JSON, MIME, Text, etc.
D: How do SOAP or REST expose the resource logic?
SOAP uses service interfaces for exposing the resource logic. REST uses URI to expose the resource logic.
What is the difference between idempotent and safe HTTP methods?
Safe methods are those that do not change any resources internally. These methods can be cached and can be retrieved without any effects on the resource. Idempotent methods are those methods that do not change the responses to the resources externally. They can be called multiple times without any change in the responses.
D: How do SOAP or REST define security measures?
Since SOAP is a protocol, it defines its own security measures. REST only inherits the security measures based on what protocol it uses for the implementation.
What is the concept of statelessness in REST?
The REST architecture is designed in such a way that the client state is not maintained on the server. The context is provided by the client to the server using which the server processes the client's request. The session on the server is identified by the session identifier sent by the client.
What is a RESTful API?
The RESTful web services follow REST architectural concept (a stateless client-server architecture) Architectural style for developing applications that can be accessed over the network.
Define Messaging in terms of RESTful web services.
The technique of sending a message from the REST client to the REST server in the form of an HTTP request and the server responding back with the response as HTTP Response. The messages contained constitute the data and the metadata about the message.
What is the maximum payload size that can be sent in POST methods?
Theoretically, there is no restriction on the size of the payload that can be sent. The greater the size of the payload, the larger would be the bandwidth consumption and time taken to process the request that can impact the server performance.
Should we make the resources thread safe explicitly if they are made to share across multiple clients?
There is no need to explicitly making the resources thread-safe because, upon every request, new resource instances are created which makes them thread-safe by default.
OPTIONS
This fetches the list of supported options of resources present on the server.
GET
This is used for fetching details from the server and is basically a read-only operation.
PATCH
This is used for modifying the resource on the server.
POST
This method is used for the creation of new resources on the server.
DELETE
This method is used to delete the resource on the server.
PUT
This method is used to update the old/existing resource on the server or to replace the resource.
Response Body
This part contains what is the actual resource/message returned from the server.
Request Header
This part has the details of the request metadata such as client type, the content format supported, message format, cache settings, etc.
Response Header
This part has the metadata of the response message. Data can describe what is the content length, content type, response date, what is server type, etc.
HTTP Version
This part indicates what version of HTTP protocol you are using. An example can be HTTP v1.1.
URI
This part is used for uniquely identifying the resources on the server.
Request Body
This part represents the actual message content to be sent to the server.
Method/Verb
This part tells what methods the request operation represents. Methods like GET, PUT, POST, DELETE, etc are some examples.
Response Status Code
This represents the server response status code for the requested resource. Example- 400 represents a client-side error, 200 represents a successful response.
What are the 2 types of URI's?
URL and URN
What does URI stand for?
Uniform Resource Identifier
What does URN stand for?
Uniform Resource Name
What does URL stand for? Give an example.
Universal Resource Locator
What is a URI?
Used for identifying each resource of the REST architecture. URI is of the format: <protocol>://<service-name>/<ResourceType>/<ResourceID>
What is the difference between an API and a REST API?
While API is basically a set of functions and procedures that allow one application to access the feature of other application, REST is an architectural style for networked applications on the web. It is limited to client-server based applications. REST is a set of rules or guidelines to build a web API.
How does HTTP Basic Authentication work?
While implementing Basic Authentication as part of APIs, the user must provide the username and password which is then concatenated by the browser in the form of "username: password" and then perform base64 encoding on it. The encoded value is then sent as the value for the "Authorization" header on every HTTP request from the browser. Since the credentials are only encoded, it is advised to use this form when requests are sent over HTTPS as they are not secure and can be intercepted by anyone if secure protocols are not used.
Can we implement transport layer security (TLS) in REST?
Yes, we can. TLS does the task of encrypting the communication between the REST client and the server and provides the means to authenticate the server to the client. It is used for secure communication as it is the successor of the Secure Socket Layer (SSL). HTTPS works well with both TLS and SSL thereby making it effective while implementing RESTful web services. One point to mention here is, the REST inherits the property of the protocol it implements. So security measures are dependent on the protocol REST implements.
4xx
client errors
What are the best practices to develop RESTful web services?
develop REST APIs that accept JSON data format whenever possible. -majority of the client and server technologies have inbuilt support to read and parse JSON objects with ease, thereby making JSON the standard object notation. While naming the resource endpoints, ensure to use plural nouns and not verbs. The API endpoints should be clear, brief, easy to understand, and informative. To represent the hierarchy of resources, use the nesting in the naming convention of the endpoints. In case, you want to retrieve data of one object residing in another object, the endpoint should reflect this to communicate what is happening. Good security practices are a must while developing REST APIs. The client-server communication must be private due to the nature of data sensitivity.
1xx
informational responses
What do you understand by RESTful Web Services?
services that follow REST architecture. REST stands for Representational State Transfer and uses HTTP protocol (web protocol) for implementation. -lightweight -provide maintainability -scalability -support communication among multiple applications that are developed using different programming languages provide means of accessing resources present at server required for the client via the web browser by means of request headers, request body, response body, status codes, etc.