REST: Base interview questions or shortly about main topics
REST API is a very interesting topic and probably most frequently requested on the interview. No matter which programing language do you use you always have to answer on at least a few related questions.
Today I want to share my cheatsheet. Hope it will be helpful for you.
1. What stands for?
REST — REpresentational State Transfer.
2. What are REST and RESTful Web services?
In short, REST is a software architectural style defined to help create and organize distributed systems. It also defines a set of constraints to be used for creating Web Services. Web Services that conform to the REST architectural style, called RESTful Web services (RWS).
3. Which HTTP methods/verbs do you know?
GET — Used for retrieving data from the server. It should only be used for getting some information but not for modifications. Usually, we get status 200 with representation and in the case, if no data is registered by current URL then should be returned 404.
/api/users — should return the list of users
/api/users/2 — should retrieve user with id 2
/api/users/2/folders/3 — should return folder with id 3 for the user with id 2
POST — Is used for creating/adding new data to the server. If the resource was successfully created then the server should respond with 201 Created.
/api/users — should create a new user
/api/users/2/folders — should create a new folder for the user with id 2
PUT — Is used for resource updates.
/api/users — bulk update
/api/users/2 — will update the user with id 2
/api/users/2/folders/3 — will update folder with id 3
NOTE: All information/data should be placed into the body of the POST and PUT request.
PATCH — Partial modification. If you want to know more about PATCH verb then this article could be interesting for you.
DELETE — Deletes resource. If the resource was deleted 204 No Content status should be sent.
/api/users — deletes all users
/api/users/2 — deletes user with id 2
OPTIONS — Determines the options or/and requirements associated with a resource or the capabilities of a server, without implying a resource action or initiating a resource retrieval.
HEAD — Is used to ask if a given resource exists without returning any of its representations.
4. Explain URL parts from the following example:
http://www.domain.com:3000/users/1/books?a=b&x=y
Here:
http — protocol
www.domain.com — domain
3000 — port
/users/1/books — path to the resource
?a=b&x=y — query string/parameters
5. What is the query string?
A query string is the portion of a URL presented by the key-value pairs. Usually is present in GET requests. For instance, if we are looking for the last registered user then we could use the query string in the following way:
?limit=1&sort=created_at
and here is the full URL:
/api/users?limit=1&sort=created_at
So the query string starts with the question mark(?) and the key is followed by equal(=) sign and value. If there is more then one value then key-value pairs could be joined by & sign.
6. How to associate multiple values with one field in the query string?
It’s easy, use the same key name for multiple values. For example:
?field1=value1&field1=value2&field1=value3
7. What is matrix parameters and what is the difference between the query string and matrix parameters?
Matrix parameter is more flexible because it can accept parameter anywhere in the path and not limited to the end.
/api/users;username=John;age=30/folders;created_at=monday
So no question mark in the beginning as in query string and key-value pairs are joined with a semicolon(;)
8. Did you hear about status code groups?
- 1xx: Informational and only defined under HTTP 1.1.
- 2xx: The request went OK, here’s your content.
- 3xx: The resource was moved somehow to somewhere.
- 4xx: The source of the request did something wrong.
- 5xx: The server crashed due to some error on its code.
9. What is content negotiation:
Content negotiation is the mechanism that is used for serving different representations of a resource at the same URI, so that the user agent can specify which is best suited for the user (for example, which language of a document, which image format, or which content encoding).
10. Which REST Architectural Constraints do you know?
- Uniform interface:
- Resource identification in requests — The resources themselves are conceptually separate from the representations that are returned to the client. For example, the server could send data from its database as HTML, XML or as JSON — none of which are the server’s internal representation.
- Resource manipulation through representations — When a client holds a representation of a resource, including any metadata attached, it has enough information to modify or delete the resource.
- Self-descriptive messages — Each message includes enough information to describe how to process the message. For example, which parser to invoke can be specified by a media type.
- Hypermedia as the engine of application state (HATEOAS) — Having accessed an initial URI for the REST application — analogous to a human Web user accessing the home page of a website — a REST client should then be able to use server-provided links dynamically to discover all the available actions and resources it needs. As access proceeds, the server responds with text that includes hyperlinks to other actions that are currently available. There is no need for the client to be hard-coded with information regarding the structure or dynamics of the application - Client-Server —The client application and server application must be able to evolve separately without any dependency on each other.
- Stateless — The client-server communication is constrained by no client context being stored on the server between requests. Each request from any client contains all the information necessary to service the request, and the session state is held in the client.
- Cacheable — caching should be applied to your API resources and then these resources must declare themselves cacheable.
- Layered system — A client cannot ordinarily tell whether it is connected directly to the end server, or to an intermediary along the way. Because API could be deployed on server A, data could be stored on server B, and request authentication could be on Server C.
- Code on demand (optional) — clients may call your REST API to get some UI widgets/parts rendering code.
11. What does “If-Modified-Since” header?
This header makes the request conditional. The server will send back 200 with resource only if it has been last modified after the given date. If the request has not been modified since, then the client will get 304 without any body/resource. The “Last-Modified” response header of a previous request will contain the date of last modification. The current header could be applied only to GET or HEAD requests.
12. What is CORS or did you hear about Acces-Control-Allow-Origin header?
CORS — Stands for Cross-Origin Resource Sharing.
It defines a mechanism to enable client-side cross-origin requests.
Suppose user visit client application hosted on http//www.a.com and the page attempts a cross-origin request to fetch the data from http//www.z.com. Firstly, the browser will send OPTIONS request with “Origin” header to the http//www.z.com containing the domain that served the page. Then the domain http://www.z.com responds with “Acces-Control-Allow-Origin” HTTP header which contains the list of allowed domains and if our client application domain is in that list then the browser will try to fetch data from our cross-origin domain which is http://www.z.com.
NOTE: Cross-Origin Resource Sharing could be configured for allowing any domain to retrieve data. Just set Access-Control-Allow-Origin header a wildcard (*). But you should be aware that it’s not a good practice to open your API to everyone.
