Restful API Questions

What is REST?
REST stands for Representational State Transfer. It is an architectural style of client-server application
What are the constraints for REST architectural style?
REST architectural style describes six contraints:
Uniform interface constraint defines the interface between clients and servers. It enables each part to develop independently because it simplifies and decouples the architecture. The uniform interface that any REST service must provide is fundamental to its design.
1. Resource Based – Individual resources are identified in requests using URIs as resource identifiers. The resources themselves are separate from the representations that are returned to the client.
2. Manipulation Of Resources Through Representations – When a client holds a representation of a resource including any metadata attached, it has enough information to modify or delete the resource on the server provided it has permission to do so.
3. Self-descriptive Messages – Each message includes enough information to describe how to process the message. For example,
4. Hypermedia as the Engine of Application State (HATEOAS) : A hypermedia driven site delivers the links contained in the returned body. Here is example of getting Mars planet from HATEOAS service. The service delivers the object and also delivers the link to the object.
{ "name": "Mars", "links": [ { "rel": "self", "href": "http://localhost:8080/planets/4" } ] }
The RESTful architecture defines that a server cannot store any of the client state. This constraint is called Statelessness. So the client has to pass the necessary context with each request. The session state is kept by the client.
Responses from servers must define whether a response can be cached or not. This prevents the clients from holding outofdate data or create unwanted requests for data that could be cached.
This constraint enforces that the client application and the server application must evolve independently of each other. The Client only should know about the capabilities offered by the a service.
Between a Client and a server a middleware component should be inserted transparently. It should be possible to add, modify or reorder the Layers in case a need arises.
This is an optional constraint. Optional constraint means that architectures that donot support this constraint are still considered as Restful. It allows the clients to download some logical applications like a javascript or flash applicationand execute it on client. Sometimes a client can do some server-side logic on client as they are more efficient in executing this code.
What us Connectedness?
Internet as we know it is connected because of the hyperlinks. Similiarly the REST representations are documents with links. As we saw with HATEOS each of the document delivered via rest contains the link to that document. With links the client gets the guidelines from the server about which states are near the current one.
What is Idempotence?
In REST idempotence of an operations means that if a same call is made mulitple times the result of that operation should be same. The number of calls shouldn’t matter. GET, PUT, OPTIONS, TRACE and HEAD are idempotent as multiple calls with result in same result. But with DELETE, the first time delete with return with 200 (OK) and will return 404(Not Found) on calls after the first call.
What is content-negotiation?
REST services support delivery of more than one version of a document. A representation of a document can be a json, xml, html based on the request. The Client can define the content type requested in the request and the server can respond with that representation of the document.
JAVA RESTful Web Services interview questions
What is JAX-RS?
JAX-RS API defines a set a APIs for the development of Web services built according to the REST architectural style.
What are some of the commonly used frameworks for Restful webservices in Java?
There are lots of frameworks out there. Here are some frameworks for
- Jersey – Reference implementation of JAX-RS
- RESTEasy – JAX-RS implementation
- Dropwizard
- Retrofit
- Spark
- Spring HATEOAS – can be used with other frameworks
How can a we secure a RESTful Web Service?
Authentication/Authorisation : It depends on what the aim of the Web service is. And who are the clients of the web service. In general these are some of the ways of securing a RESTful web service. Each of them have some advantages and disadvantages. It all depends on the context.
- Client certificates- Clients have the certificates that are trusted by the servers. The clients presents the trusted certificate on request.
- OAuth with HTTPS
- HTTP Basic with HTTPS
- API Key – API key is provided to client and that API key defines which client is accessing the service
Securing Aganist Other Threats
- Secure against SQL injection attacks
- Always POST the sensitive data like password
- Check for the validity of the request. Check for malformed JSON/XML
Tricky Rest API Questions
If REST applications are supposed to be stateless, how do you manage sessions?
The REST specification states that no client session state should be stored on server. But the client can manage its own session state and pass that state around so as to get the response from the server. So the server actually is not aware of a client but only for the time it is serving the request from that client.
Does HTML form support PUT and DELETE methods?
No, html 5 forms do not support PUT and DELETE methods. But they can be called via javascript using the XmlHttpRequest object.
You may also be interested in:
- Java OOPs concepts interview questions
- Check Palindrome String in Java
- Increasing subsequences – Leetcode
- Largest Palindrome Product – Leetcode
- calculate the Hamming distance for two given integers
- Binary Tree Paths – Given a binary tree, return all root-to-leaf paths
- Why is String immutable in Java
Thanks for sharing the questions. Great work!
Thanks for sharing the interview questions. It is of great help to brush the basics on REST
What about PUT method, it is also indempotence
PUT method is used to update a particular resource. So if you use PUT to update the same resource multiple times, the result would be same. Hence PUT method is also Idempotent.
You forget about PUT in article.
Thanks Michal, Have added PUT also.