API Design Essentials Quiz: Resources, Validation, Versioning, and Idempotency — Questions & Answers

Test your knowledge of API design best practices, including resource modeling, request validation, versioning strategies, and idempotency. This quiz covers fundamental API concepts to help you build robust, user-friendly web services.

This quiz contains 16 questions. Below is a complete reference of all questions, answer choices, and correct answers. You can use this section to review after taking the interactive quiz above.

1. Question 1: Resource Identification

   Which URL format best represents a RESTful resource for an individual user with an ID of 42?

   • /users/42
   • /users?id=42
   • /getUser?id=42
   • /user/42/details
   Show correct answer

   Correct answer: /users/42

   Explanation: The correct answer is /users/42, which clearly and concisely identifies a resource in RESTful API design. /getUser?id=42 and /users?id=42 use query parameters or action words, which are less RESTful. /user/42/details adds unnecessary detail to the path, making it less standard for retrieving a single user resource.

2. Question 2: HTTP Methods and Idempotency

   Which HTTP method is designed to be idempotent, meaning making the same request multiple times will have the same effect as once?

   • POST
   • PUT
   • CONNECT
   • TRACE
   Show correct answer

   Correct answer: PUT

   Explanation: PUT is idempotent, as sending the same data to a resource multiple times does not change its state beyond the first request. POST is not idempotent because it typically creates new resources; repeated POSTs may generate duplicates. CONNECT and TRACE are unrelated to resource modification and are rarely used in standard API design.

3. Question 3: Input Validation Purpose

   Why is input validation important when designing an API that accepts user data?

   • It guarantees faster API responses regardless of data.
   • It makes the API impossible to hack.
   • It automatically translates input into all languages.
   • It prevents invalid or harmful data from entering the system.
   Show correct answer

   Correct answer: It prevents invalid or harmful data from entering the system.

   Explanation: Input validation ensures only expected and correct data is processed, reducing the risk of errors or security flaws. Validation does not guarantee faster responses, cannot make the API entirely hack-proof, and does not perform language translation. Some options suggest unrealistic or incorrect outcomes.

4. Question 4: Resource Naming Pluralization

   According to API resource naming best practices, how should a collection of products be represented in the URI?

   • /product
   • /listproducts
   • /productsList
   • /products
   Show correct answer

   Correct answer: /products

   Explanation: The plural noun '/products' correctly designates a collection of resources, which matches widely-accepted conventions. Using '/product' is typically for a single item. '/listproducts' and '/productsList' introduce verbs or unnecessary descriptors not standard in resource naming.

5. Question 5: HTTP Status Codes for Validation

   If an API request contains invalid input data, which HTTP status code should be returned?

   • 400 Bad Request
   • 201 Created
   • 204 No Content
   • 301 Moved Permanently
   Show correct answer

   Correct answer: 400 Bad Request

   Explanation: 400 Bad Request indicates the server cannot or will not process the request due to user error, such as invalid input. 201 Created is for successful creation of resources, not failed requests. 301 Moved Permanently suggests a redirect, while 204 No Content implies a successful operation with no data returned.

6. Question 6: API Versioning in URIs

   Which of the following is a common and clear way to indicate API versioning within the URI?

   • /v1/orders
   • /orders?versioning=1
   • /orders/version:1
   • /orders/vOne
   Show correct answer

   Correct answer: /v1/orders

   Explanation: Including the version as a prefix, such as '/v1/orders', is a widely-used and well-understood API versioning strategy. '/orders/vOne' uses a non-standard format, '/orders/version:1' is less conventional, and query parameters like '/orders?versioning=1' are usually not dedicated for major versioning.

7. Question 7: Idempotency Key Use Case

   When should an API client include an idempotency key in a request?

   • When requesting static resources
   • For all HEAD requests
   • For simple GET queries with no change
   • When retrying a POST request to avoid duplicate operations
   Show correct answer

   Correct answer: When retrying a POST request to avoid duplicate operations

   Explanation: Idempotency keys are most important for POST requests that create or change resources, especially in scenarios like retries, to ensure no duplicate actions occur. Static resources don't modify data, so idempotency isn’t needed. GET and HEAD requests are already idempotent by definition.

8. Question 8: Self-Descriptive Messages

   In well-designed APIs, why should requests and responses be self-descriptive?

   • To reduce backend code complexity and help clients understand data without extra documentation
   • To increase server memory requirements
   • To limit the number of supported HTTP methods
   • To make APIs less secure
   Show correct answer

   Correct answer: To reduce backend code complexity and help clients understand data without extra documentation

   Explanation: Self-descriptive operations allow clients to understand what an API expects and returns, improving usability and reducing developer reliance on external references. Increasing server memory and limiting HTTP methods are unrelated, while security is not weakened by self-description.

9. Question 9: Consistent Data Validation Errors

   What should an API do when a client sends a request with multiple invalid fields?

   • Only report the very first error
   • Ignore invalid fields and process the rest
   • Return a single response listing all validation errors with helpful messages
   • Restart the request automatically
   Show correct answer

   Correct answer: Return a single response listing all validation errors with helpful messages

   Explanation: Good APIs report all detected validation errors in one response to help clients fix issues efficiently. Reporting only the first error is less user-friendly, ignoring errors can compromise data, and restarting the request is outside standard API behavior.

10. Question 10: Resource Filtering

    How should an API allow clients to filter a list of resources, such as filtering books by author?

    • By adding a filter action word to the URL, like /books/filter/Alice
    • By using query parameters, like /books?author=Alice
    • By putting the filter value in the HTTP body of GET requests
    • By requiring a new endpoint for each author
    Show correct answer

    Correct answer: By using query parameters, like /books?author=Alice

    Explanation: Query parameters are the standard way to filter or search resource collections in APIs. Attaching filter actions to the path or requiring new endpoints is inefficient and against REST principles. GET requests should not use an HTTP body, so that option is invalid.

11. Question 11: Statelessness Principle

    Why is the principle of statelessness important in API design?

    • It requires every API to use authentication.
    • It limits the number of supported endpoints.
    • It ensures that each request contains all information needed for processing without relying on server context.
    • It allows the server to save previous requests in memory indefinitely.
    Show correct answer

    Correct answer: It ensures that each request contains all information needed for processing without relying on server context.

    Explanation: Statelessness mandates that requests are self-contained, making APIs scalable and easier to maintain. Saving previous requests in memory contradicts this principle, while the number of endpoints and authentication are unrelated to statelessness.

12. Question 12: Error Response Structure

    Which is a good practice for error response structure in modern APIs?

    • Hiding all error details from the client
    • Responding with a plain 'Error' string and no HTTP status code
    • Returning a JSON body with an error code and message
    • Using binary data as the error response
    Show correct answer

    Correct answer: Returning a JSON body with an error code and message

    Explanation: A structured JSON error with code and message is clear for clients to parse and act upon. Plain strings without proper status codes lack context, hiding all error details hinders debugging, and binary data is unreadable in most client contexts.

13. Question 13: URI Versioning Alternatives

    Which is NOT a recommended alternative to URI versioning for APIs?

    • Using custom request headers to specify the version
    • Including the version in the 'Accept' header (content negotiation)
    • Using query parameters for versioning
    • Randomly changing endpoints with every version
    Show correct answer

    Correct answer: Randomly changing endpoints with every version

    Explanation: Randomizing endpoints breaks predictability and maintainability, making it unsuitable. Headers and query parameters are valid versioning alternatives; content negotiation via 'Accept' header is also widely used.

14. Question 14: Resource Sub-Collection Example

    Which URI path correctly represents a sub-resource collection, such as all comments for a specific post with ID 7?

    • /posts/7/comments
    • /comments?post=7
    • /comments/7/posts
    • /posts/comments/7
    Show correct answer

    Correct answer: /posts/7/comments

    Explanation: The format /posts/7/comments shows a sub-collection owned by a parent resource, following REST conventions. Using query parameters is more appropriate for filtering but not sub-resource collections, while the other options do not represent proper parent-child relationships.

15. Question 15: Safe HTTP Methods

    Which HTTP method is considered safe as it should not modify resources?

    • POST
    • PATCH
    • DELETE
    • GET
    Show correct answer

    Correct answer: GET

    Explanation: GET is defined as safe because it is intended only to retrieve data, not to alter any server resources. PATCH, DELETE, and POST may alter server data, so they are considered unsafe methods in terms of modification potential.

16. Question 16: Idempotency Illustrated

    Which scenario best illustrates an idempotent API operation?

    • Setting a user's email to 'a@example.com' using a PUT request multiple times
    • Deleting multiple unrelated resources in one DELETE call
    • Updating a comment using PATCH with different messages every time
    • Creating a new order with the same POST request twice and getting two orders
    Show correct answer

    Correct answer: Setting a user's email to 'a@example.com' using a PUT request multiple times

    Explanation: Sending the same PUT request repeatedly with identical data results in the same resource state, demonstrating idempotency. Using POST to create resources can lead to duplication, which is not idempotent. PATCH with different data changes the resource each time, and deleting multiple items may have varying results depending on the resources' state.