Test your knowledge of API design best practices, including resource modeling, request validation, versioning strategies, and idempotency. This quiz covers fundamental API concepts to help you build robust, user-friendly web services.
Which URL format best represents a RESTful resource for an individual user with an ID of 42?
Explanation: The correct answer is /users/42, which clearly and concisely identifies a resource in RESTful API design. /getUser?id=42 and /users?id=42 use query parameters or action words, which are less RESTful. /user/42/details adds unnecessary detail to the path, making it less standard for retrieving a single user resource.
Which HTTP method is designed to be idempotent, meaning making the same request multiple times will have the same effect as once?
Explanation: PUT is idempotent, as sending the same data to a resource multiple times does not change its state beyond the first request. POST is not idempotent because it typically creates new resources; repeated POSTs may generate duplicates. CONNECT and TRACE are unrelated to resource modification and are rarely used in standard API design.
Why is input validation important when designing an API that accepts user data?
Explanation: Input validation ensures only expected and correct data is processed, reducing the risk of errors or security flaws. Validation does not guarantee faster responses, cannot make the API entirely hack-proof, and does not perform language translation. Some options suggest unrealistic or incorrect outcomes.
According to API resource naming best practices, how should a collection of products be represented in the URI?
Explanation: The plural noun '/products' correctly designates a collection of resources, which matches widely-accepted conventions. Using '/product' is typically for a single item. '/listproducts' and '/productsList' introduce verbs or unnecessary descriptors not standard in resource naming.
If an API request contains invalid input data, which HTTP status code should be returned?
Explanation: 400 Bad Request indicates the server cannot or will not process the request due to user error, such as invalid input. 201 Created is for successful creation of resources, not failed requests. 301 Moved Permanently suggests a redirect, while 204 No Content implies a successful operation with no data returned.
Which of the following is a common and clear way to indicate API versioning within the URI?
Explanation: Including the version as a prefix, such as '/v1/orders', is a widely-used and well-understood API versioning strategy. '/orders/vOne' uses a non-standard format, '/orders/version:1' is less conventional, and query parameters like '/orders?versioning=1' are usually not dedicated for major versioning.
When should an API client include an idempotency key in a request?
Explanation: Idempotency keys are most important for POST requests that create or change resources, especially in scenarios like retries, to ensure no duplicate actions occur. Static resources don't modify data, so idempotency isn’t needed. GET and HEAD requests are already idempotent by definition.
In well-designed APIs, why should requests and responses be self-descriptive?
Explanation: Self-descriptive operations allow clients to understand what an API expects and returns, improving usability and reducing developer reliance on external references. Increasing server memory and limiting HTTP methods are unrelated, while security is not weakened by self-description.
What should an API do when a client sends a request with multiple invalid fields?
Explanation: Good APIs report all detected validation errors in one response to help clients fix issues efficiently. Reporting only the first error is less user-friendly, ignoring errors can compromise data, and restarting the request is outside standard API behavior.
How should an API allow clients to filter a list of resources, such as filtering books by author?
Explanation: Query parameters are the standard way to filter or search resource collections in APIs. Attaching filter actions to the path or requiring new endpoints is inefficient and against REST principles. GET requests should not use an HTTP body, so that option is invalid.
Why is the principle of statelessness important in API design?
Explanation: Statelessness mandates that requests are self-contained, making APIs scalable and easier to maintain. Saving previous requests in memory contradicts this principle, while the number of endpoints and authentication are unrelated to statelessness.
Which is a good practice for error response structure in modern APIs?
Explanation: A structured JSON error with code and message is clear for clients to parse and act upon. Plain strings without proper status codes lack context, hiding all error details hinders debugging, and binary data is unreadable in most client contexts.
Which is NOT a recommended alternative to URI versioning for APIs?
Explanation: Randomizing endpoints breaks predictability and maintainability, making it unsuitable. Headers and query parameters are valid versioning alternatives; content negotiation via 'Accept' header is also widely used.
Which URI path correctly represents a sub-resource collection, such as all comments for a specific post with ID 7?
Explanation: The format /posts/7/comments shows a sub-collection owned by a parent resource, following REST conventions. Using query parameters is more appropriate for filtering but not sub-resource collections, while the other options do not represent proper parent-child relationships.
Which HTTP method is considered safe as it should not modify resources?
Explanation: GET is defined as safe because it is intended only to retrieve data, not to alter any server resources. PATCH, DELETE, and POST may alter server data, so they are considered unsafe methods in terms of modification potential.
Which scenario best illustrates an idempotent API operation?
Explanation: Sending the same PUT request repeatedly with identical data results in the same resource state, demonstrating idempotency. Using POST to create resources can lead to duplication, which is not idempotent. PATCH with different data changes the resource each time, and deleting multiple items may have varying results depending on the resources' state.