REST has become a de facto standard as a communication protocol between applications and services. It has many advantages. Mainly it is easily testable and has a light structure make it very simple to implement and consume.
REST is built on top of the HTTP protocol making it language agnostic. Allowing communication with any service written in any language without creating any dependency. That’s why every developer should know about REST and should be prepared to learn the basics before attending an interview.
What is REST ?
REST (Representational State Transfer) is a service structure that enables easy and fast communication between client and Server. It has been developed as an alternative to SOAP and WSDL based Web services.
REST works on HTTP. Compared to alternative communication protocols it is faster and more efficient in sending and receiving data with more basic and minimum content. It enables applications to communicate with each other by carrying JSON or XML type data between client-server.
One of the essential points in REST architecture is to express the desired operation in each HTTP request with HTTP Methods (Verbs). Like POST, PUT, DELETE, GET. Thus, the need for proxy is eliminated and it becomes easier to set up a platform-independent infrastructure. Although it is not mandatory to use these methods to the letter in current modern applications, it is essential to comply with the standards in terms of transaction consistency and security.
What is a resource in REST?
At the center of the REST architecture is the concept of a resource. Resources can be any entity, item, or anything you want to export. We find the same concept of an object in Object Orientated Programming and an Entity in Databases. It represents the core element on which we perform actions.
E.g.;
/cities/cityname/25
/regions/regionname/45
and either
/users/GetUser
/users/DeleteUser
Which protocol used by RESTful web services?
Rest is a web-based approach and uses the HTTP protocol. Restful services provide the opportunity to service and manipulate resources by using HTTP methods.
What are the advantages of statelessness in REST ?
The fact that REST is stateless means that the Server does not keep information about the client, such as session. The Server does not keep information such as how many requests the requesting client has made before or which requests.
The client, on the other hand, gives all the information the server needs in its request.
Since REST is stateless, if you are using the monitoring tool, all the information you need will be in the relevant request. You do not need to do a historical scan (visibility). Resource consumption is less, and the architecture is easier to implement as there is no requirement to keep a log between each request.
But at the same time, since the Server does not keep data about the client, the client sends information on each request, which increases the cost. This can be considered as a disadvantage of being stateless.
What is an idempotent operation ?
If you expect the same result every time you do one or more operations with a method, this method is idempotent.
The PUT, DELETE methods are idempotent while POST is not. For example, when we want to update a user’s e-mail address with the PUT method, we expect the same result every time. When creating a new resource on the Server with a POST request, a new resource is created each time if we send the request more than once. POST is used to represent ADD operations while PUT is used to represent update operations
What is the main difference between PUT and POST ?
POST and PUT are both HTTP methods used to send data to the Server.
POST is typically used to add a resource on the Server.
In PUT, the content passed in the resource is used to replace the content on the Server. PUT is used to represent an update operation.
What is the purpose of OPTIONS method ?
The OPTIONS method allows the client to query which HTTP methods are allowed on a specific resource.
Example of options request’s response;
Server: Apache/2.4.1 (Unix) OpenSSL/1.0.0g
Allow: GET,HEAD,POST,OPTIONS,TRACE
Content-Type: httpd/unix-directory
What tools are required to test REST ?
There are many tools to test the rest services. One of the most popular of these is Postman. Apart from this, you can also perform your tests with the following tools;
– Testerum
– Katalon Studio
– Rest-Assured
What is the difference between SOAP and REST?
- While it is necessary to define with WSDL for SOAP, there is no such requirement for REST. (WADL is a similar structure to WSDL used for REST, but there is no obligation to use it.) REST is easier to use because it can be designed with HTTP methods without the need for a language.
- Many development tools are available for SOAP, no development tools are needed for REST, it is easy to design.
- SOAP; REST when using XML-Scheme; It uses URI-scheme, that is, URIs are defined for methods.
- Both use the HTTP protocol. But while there is HTTP requirement for REST, SOAP; It can also work with other protocols such as TCP, SMTP.
- Testing and debugging phase is easier for REST. Because it returns HTTP errors, and these can be seen without the need for a tool. SOAP may require debugging tools.
- REST is easier to cache because it uses the simple HTTP GET method. Complex XML requests must be made to cache with SOAP.
- Both support HTTPS; there is a security plugin for SOAP called WS-SECURITY.
- SOAP is more advanced in terms of security because there are ready-made structures.
- In terms of documentation, SOAP is more advanced and has more resources.
What is the purpose of a URI in REST based webservices?
The purpose of the URI is to point to a resource in a restful service. The resource to be processed with the URI is clear. Below is a URI for product #5. All requests sent through this URI affect the resource it represents.(product with id #5)
https://xxx.yy.com/products/5 with HTTP DELETE method will delete product with id #5
https://xxx.yy.com/products/5 with HTTP GET method will retrive product detail with id #5
Cover the HTTP methods supported by REST ?
Rest is based on the following common HTTP methods;
- Get
- Post
- Patch
- Delete
- Options
- Head
- Delete
What are the new alternatives to REST ?
There are technologies such as gRPC, GraphQL as an alternative to Rest.
gRPC (Remote Procedure Call), developed by Google, is a framework that enables us to use a method on another service or a remote server as if it were our own service, and provides easy and fast communication in the client-server relationship.
GraphQL is developed by Facebook; It is a new API standard that offers an efficient, effective and flexible alternative. Many companies actively use GraphQL, which is developed as open source.
GraphQL provides a way to design and use APIs. It aims to make it easier for you to access data from multiple sources by ensuring that the data the client needs is specified exactly.
What are disadvantages of REST web services?
- Rest is stateless, so the client has to add the necessary information in every request, which increases network traffic. This also makes it difficult for the Server to control the consistency of the application’s behavior, because requests with different content may come from many different clients, putting more load on the Server in terms of validation.
- HTTP responses can be “cached” by the client, so the Server has to specify whether the responses it sends are cacheable, this is important for performance.
How do you version a rest API ?
Rest supports two different types of versioning
- URL Path Versioning: It is defined as a path variable on the URL. In this method, the version difference is determined by making /v1 and /v2 on the URL.
- Versioning with URL Parameter: The URL parameter is also known as the QueryString parameter. In this method, the version difference is determined by making ?version=1 and ?version=2 on the URL.
Mention the best practices when creating the URL structure
- It should be clear what the resource is doing.
- Source names should be plural. (users/1/posts)
- Space characters should not be used in resource names. If you have long resource names the, hyphen(-) should be used.
- Always use lowercase letters. According to RFC 3986 6.2.2.1, parts other than host and scheme are case-sensitive in the URI. So the following two URIs mean two different things.
https://xxx.yyy.com/users/123/docs/456
https://xxx.yyy.com/users/123/Docs/456
- Filtering, pagination, sorting information should be sent via querystring. (users?page=1&per_page=10)
What is addressing in REST?
Addressing represents the relationship between resources and the meaningfulness of those resources when they are being acted upon. The following two URIs below can represent the same things according to the authentication approach.
https://xxx.yy.com/users/1/photos/5/types
https://xxx.yy.com/photos/5/types
What are microservices?
Microservices are loosely coupled services that are easy to test, deploy and maintain. These services can be developed in any language such as Java, c#, ruby, phyton, etc.
Benefits of microservices:
- The architecture does not try to be built from scratch.
- They allow easy evolution of the architecture as the product evolves.
- It allows the application to be more flexible, reusable, and scalable.
REST has become the preferred communication protocol to build microservices.
What is the purpose of status codes and cover them in detail
Status codes express the status of the sent request to the client in a standard way. It reports the error if there is an error, and the status of it if the sent request was processed successfully.
The most common codes to use for any HTTP request are:
200 – OK (Indicates that the sent request has successfully fulfilled its task. The things to be returned in the body change according to demand.
400 – Bad Request. Indicates that the information send by the client is not valid
403- Unauthorised. Indicates that the client has no authentication to access the resource.
401-Forbidden. Indicates that the client has no permission to perform the operation even if it passed authentication.
404 – Not Found (Indicates that the resource requested by the client is not present on the Server.)
405 – Method Not Allowed (Indicates that the requested URI does not support the method. For example, if a read-only resource POST request is sent, it will return 405.)
500 – Internal Server Error (It is used to indicate that if the request cannot be fulfilled due to a Server’s error.)
It is considered a bad practice to use the 200 OK status code and include errors or other forms of validation information in the response body.
What is the API Gateway Pattern?
API Gateway Pattern is the approach of calling one or more services offered over a single layer. The main function of API Gateway is to receive the request from the client and forward it to the appropriate service.
With API Gateway you can do;
- Authentication and Authorization
- Logging
- Response Caching
- Routing
Why are Accept and Content-Type Headers in HTTP Request?
The Accept parameter is located under the name of content negotiation headers. Specifies which data type the client will accept in the body of the response. It is specified when sending a request to the endpoint. For example;
Accept: application/json
The Content-Type parameter can be found in request and response. While it contains information about the type of data in the request body in the request, the value in the response indicates the type of data in the response body.
What is the purpose of the Head Method?
The HEAD method and the GET are identical from a request perspective. The main difference is that the HEAD method does not send a body in the response.
It can be used to check if a resource is in the specified URI exists or check when the resource was last modified (Last-Modified).
