REST API Questions and Answers

 

1️⃣ What is REST?

REST (Representational State Transfer) is an architectural style for designing network-based applications using HTTP.

It is:

  • Stateless

  • Client-server based

  • Cacheable

  • Uses uniform interface

2️⃣ What makes an API RESTful?

A RESTful API must:

  • Use HTTP methods properly

  • Be stateless

  • Use resource-based URLs

  • Return proper HTTP status codes

  • Support JSON or XML representation

3️⃣ What is Statelessness in REST?

Each request must contain all necessary information.The server does not store client session state.

This improves:

  • Scalability

  • Reliability

  • Horizontal scaling

4️⃣ What are HTTP Methods?

Method                                        Purpose
GET                                    Retrieve data
POST                                    Create resource
PUT                                    Replace resource
PATCH                                    Partial update
DELETE                                    Remove resource

5️⃣ Difference Between PUT and PATCH?

PUT                    PATCH
Full update                             Partial update
Idempotent                             Usually idempotent
Replaces entire resource                             Updates specific fields

6️⃣ What are Idempotent Methods?

Methods that produce the same result when called multiple times.

Idempotent:

  • GET

  • PUT

  • DELETE

Not idempotent:

  • POST

7️⃣ What is HATEOAS?

Hypermedia As The Engine Of Application State.

It means API responses contain links to related actions.

Example:

{
  "user_id": 1,
  "links": {
    "orders": "/users/1/orders"
  }
}

8️⃣ What are HTTP Status Codes?
2xx – Success
  • 200 OK
  • 201 Created
  • 204 No Content
4xx – Client Errors
  • 400 Bad Request
  • 401 Unauthorized
  • 403 Forbidden
  • 404 Not Found
5xx – Server Errors
  • 500 Internal Server Error
  • 503 Service Unavailable
9️⃣ What is API Versioning?
Versioning prevents breaking changes.Common strategies:
  • URL versioning → /api/v1/users
  • Header versioning
  • Query parameter versioning
Best practice: URL versioning for public APIs.
🔟 What is Rate Limiting?
Rate limiting restricts the number of requests a client can make.
Used to:
  • Prevent abuse
  • Prevent DDoS
  • Protect backend services
Often implemented using:
  • Redis
1️⃣1️⃣ What is CORS?
CORS (Cross-Origin Resource Sharing) allows or restricts cross-domain API calls.
Important headers:
  • Access-Control-Allow-Origin
  • Access-Control-Allow-Methods
1️⃣2️⃣ How Do You Secure REST APIs?
  • Use HTTPS
  • Use JWT/OAuth2
  • Validate input
  • Use rate limiting
  • Use proper authorization checks

1️⃣3️⃣ What is the Difference Between Authentication and Authorization?


Authentication                    Authorization
Who are you?                    What can you do?
Login process                    Permission check


1️⃣4️⃣ What is JWT?
JSON Web Token is a compact token format for securely transmitting information.
Popular Django library:
  • Simple JWT
JWT Structure:
  • Header
  • Payload
  • Signature
1️⃣5️⃣ What is Idempotency Key?
Used in payment systems to prevent duplicate processing.
Used by:
  • Stripe
Client sends:
Idempotency-Key: unique-uuid
Server stores key and ensures request is processed once.
1️⃣6️⃣ How Do You Handle Concurrency in REST APIs?
Techniques:
  • Optimistic locking
  • Pessimistic locking
  • Database constraints
  • Transactions
1️⃣7️⃣ What is API Gateway?
API Gateway acts as a single entry point for microservices.
Functions:
  • Routing
  • Authentication
  • Rate limiting
  • Logging
Popular tools:
  • Kong
  • NGINX
1️⃣8️⃣ REST vs GraphQL?


REST            GraphQL
Multiple endpoints                    Single endpoint
Fixed data structure                    Client chooses fields
Over-fetching possible                    Avoids over-fetching


GraphQL was introduced by:
  • Meta
1️⃣9️⃣ How Would You Design a Payment API?
  • Use POST for payments
  • Implement idempotency key
  • Use transactions
  • Secure with HTTPS
  • Use rate limiting
  • Log every transaction
2️⃣0️⃣ How Would You Scale a REST API?
  • Add caching
  • Add DB indexing
  • Use load balancer
  • Use horizontal scaling
  • Add background workers
  • Use CDN
2️⃣1️⃣ How Do You Avoid N+1 Query Problem?
  • Use ORM prefetch/select_related
  • Optimize queries
  • Add indexing
2️⃣2️⃣ What Are Common REST API Mistakes?
  • Not using proper status codes
  • Exposing sensitive data
  • No pagination
  • No versioning
  • Not validating input
  • Poor error handling
2️⃣3️⃣ When Should You NOT Use REST?
  • Real-time apps → Use WebSockets
  • Complex querying → Use GraphQL
  • Internal high-performance services → Use gRPC

Comments

Post a Comment

Popular posts from this blog

Database Integration in FastAPI (SQLAlchemy CRUD)

  Introduction So far, we’ve built APIs without storing data.But real-world applications need a database to: Store user data. Manage products. Persist application state. In this blog, we’ll connect FastAPI with a database using SQLAlchemy and perform CRUD operations . What is SQLAlchemy? SQLAlchemy is a powerful Python ORM (Object Relational Mapper) that allows you to: Interact with databases using Python code. Avoid writing raw SQL queries. Work with models instead of tables. Step 1: Install Dependencies pip install sqlalchemy (For SQLite, no extra driver needed) Project Structure Update app/ ├── main.py ├── database/ │ ├── connection.py ├── models/ │ ├── item.py ├── schemas/ │ ├── item.py ├── routes/ │ ├── item.py Step 2: Database Connection app/database/connection.py from sqlalchemy import create_engine from sqlalchemy . orm import sessionmaker , declarative_base DATABASE_URL = "sqlite:///./test.db" engine = create_engine ( DAT...
Read more

Middleware & CORS in FastAPI

  Introduction As your API grows, you may need to: Log requests Modify responses Handle cross-origin requests This is where Middleware and CORS (Cross-Origin Resource Sharing) come into play.They help control how requests and responses flow through your application. What is Middleware? Middleware is a function that runs: Before a request reaches your route After a response is returned Think of it as a pipeline layer between client and server. Request Flow with Middleware Client → Middleware → Route → Middleware → Response Creating Custom Middleware from fastapi import FastAPI , Request import time app = FastAPI () @ app . middleware ( "http" ) async def log_requests ( request : Request , call_next ): start_time = time . time() response = await call_next ( request ) process_time = time . time() - start_time print ( f"Request: { request . url} | Time: { process_time } " ) return response What This Middle...
Read more

Python Data Handling

Python Data Handling for Beginners In Python, data handling means storing, changing, and using data in different ways. In this post, you will learn: Lists Tuples Dictionaries Sets String Methods Type Conversion 1. Python Lists :Lists store many values in one variable.                fruits = ["apple", "banana", "mango"]                                                                       Method                          Use                                            append()          ...
Read more