The importance and use of web services in today’s software technologies is increasing. Many systems and applications now communicate with each other through web services and exchange data. The most widely used type of web service today is the REST API.
There are many issues to know about REST APIs, which are increasingly used in the technology world. In this article, we have prepared 13 possible questions and answers about REST APIs in software interviews.
Table of Contents
What is REST and RESTful web services?
REST (Representational State Transfer) was introduced and defined by Roy Fielding in his doctoral thesis in 2000. REST is an architectural style used to design distributed systems.
REST is an architecture that works over the HTTP protocol that provides communication between client and server. REST is a transfer method used in software built on service-oriented architecture. It carries XML and JSON data between the client and the server, allowing the application to communicate. Services using REST architecture are called RESTful services.
What are the main advantages of REST API
- Not revealing methods
- Can use both XML and JSON
- Using HTTP methods
- AJAX friendly
What is stateless in REST API
The fact that REST is stateless means that the server does not keep information about the client, such as session. Only the client holds such information. Therefore, the server does not keep information such as how many requests the requesting client has made before or which requests. The client, on the other hand, gives all the information the server needs in its request.
Since REST is stateless, if you are using the monitoring tool, all the information you need will be in the relevant request. You do not need to do a historical scan (visibility). Resource consumption is less and the architecture is easier to implement (scalability) as there is no requirement to keep a log between each request.
But at the same time, since the server does not keep data about the client, the client sends some information on each request, which increases the cost. This can be considered as a disadvantage of being stateless.
What are the HTTP methods that REST supports
Get: It is used to access a resource already on the server.
Post: Used to create a new resource on the server. Post requests usually also contain information about the newly created resource.
Put: Used to update a resource on the server. These requests usually carry the information that is wanted to be changed on them.
Patch: This method is also used to modify a resource on the server. The difference with Put is that while Put is used to replace the resource on the server with a new resource, Patch is used to change a part of this resource.
Delete: It is used to delete a resource on the server.
What does an HTTP Request consist of
In its simplest form, an HTTP request carries the following information;
Request-Line: Type of HTTP request, to which url it will be made and http/https protocol information.
Header: It carries parameters that describe the request and contain basic information about the request. It is not required to be sent, we can send one or more header parameters.
Body: If we want some records and operations to be done via API such as POST, PUT, PATCH, we send this information in the Body field of our request. Sending this information as JSON in a Restful API is preferable.
What is JSON
JSON was created today to communicate between servers and also because it can be transported in a small size. It was created as an alternative to the XML standard. In order to store regular data, files in JSON format can be created and meaningful models can be created here.
It contains a key and the value of that key in JSON.
What does HTTP Response consist of
Just as every HTTP Request has a structure, the response we return has a specific structure. When the requesting users receive the response from the server, they can take their own actions from the parameters on this response. In simple terms, an HTTP Response consists of the following structure;
status line; It contains HTTP protocol, http status code and status message. For example; “HTTP/1.1 404 Not Found”
header; The header information of the HTTP Request we send can also be the header of the response that is returned to us.
body; Although not in all requests, when we want to get a model or wait for a response from the server, we get the data we requested from here. Here we read the JSON model returned in the API.
What is Header
We may also need to transmit basic information about the request we make to the server. The server we make this request processes the information in the Header before opening this request and continues its internal flow accordingly. For example, we carry the language(culture) information on the header and let the server know which language to act according to our request. As another example, we want to prevent unauthorized people from making an API that only registered users can access. For this, we send the key information (token) to the server together with the Authentication parameter in our requests, and ensure that it checks this information first and that only authorized people can access the API.
There are standard parameters used for the header. Culture, Content-Type, Authentication are some of them. It’s not mandatory for us to post them, but you will need them for a good API.
What are the differences between SOAP and REST
Security: While it can be easier and faster to provide security on SOAP, this can be complicated for REST. When it comes to security for REST, it is a bit weak compared to SOAP.
Data Structure: While we can work with REST with JSON, XML and even TEXT, we should use XML with SOAP. REST can be more useful in this way. With JSON, you can perform operations with smaller data. If data sizes are important for your application, using REST will be suitable for you.
Application Speed: If you want your application to run faster, it will be beneficial to use REST.
Support: Developer tools for SOAP are better. We can find more resources to help us use it. REST has less documentation than SOAP.
What is Cacheable
A REST API design must be able to store cacheable data, as a stateless API can increase request load by handling large numbers of inbound and outbound calls. According to this API design principle, data in a response should be classified as cacheable or uncacheable, either implicitly or explicitly.
If a response is cacheable, the client cache is given the right to recycle that response data for similar requests in the future.
How do you test REST API
API (Application Programming Interface) is the connecting fabric between different systems or layers of an application. With the use of API, it becomes very easy to exchange data between different systems and applications. However, it is necessary to test the processes performed in this process and to control the efficiency of the processes. Unlike UI tests, API testing is performed at the message layer without a GUI. Tools such as SoapUI, Tricentis, Katalon, Postman can be used for these processes. Recently, interest in tools and techniques with API Testing has increased exponentially.
How is API security ensured
From the beginning to the end of the API design and development phase, the principle of seamless integration with the Web Application Firewall (WAF), bot protection, API management solution, API gateway and other tools will be required to keep the API secure.
What are the most common HTTP status codes to use for HTTP requests
There are a few common codes developers should get started with. Them:
200 – OK
404 – Not Found
500 – Internal Server Error
It can then be expanded to a more detailed set of states if needed:
201 – Created
204 – No Content
304 – Changed
400 – Bad Request
401 – Unauthorized
403 – Forbidden
501 – Not implemented