Sharpen your REST API skills with this quiz focused on real-world scenarios and commonly misunderstood concepts. Assess your understanding of HTTP methods, status codes, authentication, versioning, and best practices relevant to RESTful API development and interviews.
Which HTTP method should you use to update only specific fields of a user profile in a REST API scenario?
Explanation: PATCH is designed for partial updates to a resource, making it ideal for updating specific fields such as a user profile's email or phone number. GET is used for retrieving data and should not modify resources. DELETE removes a resource entirely. TRACE is rarely used and is meant for diagnostic purposes, making it unsuitable for updates.
A REST API responds with status code 404 when you request a resource. What does this indicate?
Explanation: A 404 status code means the requested resource does not exist on the server, indicating the client may have used the wrong URL or the resource has been deleted. 'Method not allowed' is represented by 405. 'Successful operation' would be 200-level codes, while 'bad request' is indicated by 400.
What is a common and effective way to implement versioning in a REST API URL?
Explanation: Including the version number as a path segment, like '/api/v1/resource', is a widely accepted practice that makes API versioning explicit and manageable. '/resource/version1', '/ver-api/resource', and '/resource/v-one' do not follow standard conventions and may lead to confusion or inconsistency.
Which HTTP method is designed to be idempotent, so multiple identical requests have the same effect as one?
Explanation: PUT is idempotent, which means that performing the same operation multiple times does not change the result beyond the initial application. POST is generally not idempotent and may create multiple resources. CONNECT is for tunneling, typically not used in RESTful APIs. OPTIONS is used to describe communication options, not to perform idempotent changes.
Which authentication method is commonly used in REST APIs to send credentials with every request as a base64 encoded string?
Explanation: Basic Authentication requires sending a username and password encoded in base64 with each request in the Authorization header. Bearer Authentication uses tokens instead of credentials. Digest Authentication involves hashing user credentials, while OAuth is a more complex delegated authentication framework.
When a REST API endpoint returns too much data at once, which technique helps clients receive it in smaller, manageable pieces?
Explanation: Pagination breaks down large responses into smaller, consumable pieces, usually by specifying the page number and size. Replication is about copying data, not splitting responses. Compilation refers to converting code, and encryption secures data rather than managing its size or delivery.
For a REST API managing a library’s books, which URL path follows the best naming convention for accessing a list of books?
Explanation: '/books' uses a plural noun and is the standard way to represent a collection of resources in RESTful design. '/booklist' is less conventional, '/getBooks' includes a verb which REST principles avoid, and '/books/all' is unnecessary since '/books' already implies all books.
Which HTTP method should you use to securely retrieve information about a resource without making any changes to it?
Explanation: GET is designed for retrieving information and must not alter the server state, making it safe for data retrieval. PUT, POST, and PATCH are intended for creating or updating resources, and may cause side effects, which violates the safety of retrieval operations.
If you want to filter users by age using a REST API, how should this typically be included in the request?
Explanation: Query parameters in the form '/users?age=25' are the standard way to filter resources in a REST API. '/users/age/25' is usually interpreted as a subresource path, not a filter. '/users.age=25' and '/users#age=25' do not conform to URL or REST conventions for filtering.
When a client successfully creates a new resource using a POST request, what is the most appropriate HTTP status code to return?
Explanation: 201 Created indicates that a new resource has been successfully created, making it the most appropriate status for a successful POST operation that results in resource creation. 200 OK is for generic successful responses, 204 No Content means success with no content to return, and 302 Found is for redirects, not resource creation.