RESTful Web Service interview questions

Restful API Questions

RESTful API
RESTful API

What is REST?

REST stands for Representational State Transfer. It is an architectural style of client-server application

What are the constraints for REST architectural style?

REST architectural style describes six contraints:

  1. Uniform Interface
  2. Stateless
  3. Cacheable
  4. Client-Server
  5. Layered System
  6. Code on Demand – Optional
What is Uniform Interface?

Uniform interface constraint defines the interface between clients and servers. It enables each part to develop independently because it simplifies and decouples the architecture. The uniform interface that any REST service must provide is fundamental to its design.

 What are the guiding principles of Uniform Interface?
 Uniform interface has four guiding principles

1. Resource Based – Individual resources are identified in requests using URIs as resource identifiers.  The resources themselves are  separate from the representations that are returned to the client.

2. Manipulation Of Resources Through Representations –  When a client holds a representation of a resource including any metadata attached, it has enough information to modify or delete the resource on the server provided it has permission to do so.

3. Self-descriptive Messages – Each message includes enough information to describe how to process the message. For example,

4. Hypermedia as the Engine of Application State (HATEOAS) : A hypermedia driven site delivers the links contained in the returned body. Here is example of getting Mars planet from HATEOAS service. The service delivers the object and also delivers the link to the object.

{
    "name": "Mars",
    "links": [ {
        "rel": "self",
        "href": "http://localhost:8080/planets/4"
    } ]
}
What is Stateless?

The RESTful architecture defines that a server cannot store any of the client state. This  constraint is called Statelessness. So the client has to pass the necessary context with each request. The session state is kept by the client.

What is Cacheable?

Responses from servers must define whether a response can be cached or not. This prevents the clients from holding outofdate data or create unwanted requests for data that could be cached.

What is Client-Server?

This constraint enforces that the client application and the server application must evolve independently of each other. The Client only should know about the capabilities offered by the a service.

What is Layered System?

Between a Client and a server a middleware component should be inserted transparently.  It should be possible to add, modify or reorder the  Layers in case a need arises.

What is Code On Demand?

This is an optional constraint. Optional constraint means that architectures that donot support this constraint are still considered as Restful. It allows the clients to download some logical applications like a javascript or flash applicationand execute it on client. Sometimes a client can do some server-side logic on client as they are more efficient in executing this code.

What us Connectedness?

Internet as we know it is connected because of the hyperlinks. Similiarly the REST representations are documents with links. As we saw with HATEOS each of the document delivered via rest contains the link to that document.  With links the client gets the guidelines from the server about which states are near the current one.

 

What is Idempotence?

In REST idempotence of an operations means that if a same call is made mulitple times the result of that operation should be same. The number of calls shouldn’t matter. GET, PUT, OPTIONS, TRACE and HEAD are idempotent as multiple calls with result in same result. But with DELETE, the first time delete with return with 200 (OK) and will return 404(Not Found) on calls after the first call.

What is content-negotiation?

REST services support delivery of more than one version of a document. A representation of a document can be a json, xml, html based on the request. The Client can define the content type requested in the request and the server can respond with that representation of the document.

JAVA RESTful Web Services interview  questions

What is JAX-RS?

JAX-RS API defines a set a APIs for the development of Web services built according to the REST architectural style.

What are some of the commonly used frameworks for Restful webservices in Java?

There are lots of frameworks out there. Here are some frameworks for

  1. Jersey  – Reference implementation of JAX-RS
  2. RESTEasy – JAX-RS implementation
  3. Dropwizard
  4. Retrofit
  5. Spark
  6. Spring HATEOAS –  can be used with other frameworks

How can a we secure a RESTful Web Service?

Authentication/Authorisation : It depends on what the aim of the Web service is. And who are the clients of the web service. In general these are some of the ways of securing a RESTful web service. Each of them have some advantages and disadvantages. It all depends on the context.

  • Client certificates- Clients have the certificates that are trusted by the servers. The clients presents the trusted certificate on request.
  • OAuth with HTTPS
  • HTTP Basic with HTTPS
  • API Key – API key is provided to client and that API key defines which client is accessing the service

 Securing Aganist Other Threats

  • Secure against SQL injection attacks
  • Always POST the sensitive data like password
  • Check for the validity of the request. Check for malformed JSON/XML

Tricky Rest API Questions

If REST applications are supposed to be stateless, how do you manage sessions?

The REST specification states that no client session state should be stored on server. But the client can manage its own session state and pass that state around so as to get the response from the server. So the server actually is not aware of a client but only for the time it is serving the request from that client.

Does HTML form support PUT and DELETE methods?

No, html 5 forms do not support PUT and DELETE methods. But they can be called via javascript using the XmlHttpRequest object.

 

You may also be interested in:

6 thoughts on “RESTful Web Service interview questions”

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.