Which type of Webservices methods are
to be idempotent?
PUT and
DELETE operations are idempotent.
Which type of Webservices methods are
to be read only?
GET
operations are read only and are safe.
What is the difference between PUT
and POST operations?
PUT and POST
operation are nearly same with the difference lying only in the result where
PUT operation is idempotent and POST operation can cause different result.
What should be the purpose of OPTIONS
method of RESTful web services?
It should
list down the supported operations in a web service and should be read only.
What should be the purpose of HEAD
method of RESTful web services?
It should
return only HTTP Header, no Body and should be read only.
What is caching?
Caching
refers to storing server response in client itself so that a client needs not
to make server request for same resource again and again. A server response
should have information about how a caching is to be done so that a client
caches response for a period of time or never caches the server response.
Which header of HTTP response,
provides the date and time of the resource when it was created?
Date header
provides the date and time of the resource when it was created.
Which header of HTTP response,
provides the date and time of the resource when it was last modified?
Last
Modified header provides the date and time of the resource when it was last
modified.
Which header of HTTP response
provides control over caching?
Cache-Control
is the primary header to control caching.
Which header of HTTP response sets
expiration date and time of caching?
Expires
header sets expiration date and time of caching.
Which directive of Cache Control
Header of HTTP response indicates that resource is cachable by any component ?
Public
directive indicates that resource is cachable by any component.
Which directive of Cache Control
Header of HTTP response indicates that resource is cachable by only client and
server, no intermediary can cache the resource?
Private
directive indicates that resource is cachable by only client and server, no
intermediary can cache the resource.
Which directive of Cache Control
Header of HTTP response indicates that resource is not cachable ?
no-cache/no-store
directive indicates that resource is not cachable.
Which directive of Cache Control
Header of HTTP response can set the time limit of caching ?
max-age
directive indicates that the caching is valid up to max-age in seconds. After
this, client has to make another request.
Which directive of Cache Control
Header of HTTP response provides indication to server to revalidate resource if
max-age has passed ?
must-revalidate
directive provides indication to server to revalidate resource if max-age has
passed.
What are the best practices for
caching ?
Always keep
static contents like images, css, JavaScript cacheable, with expiration date of
2 to 3 days. Never keep expiry date too high.
Dynamic
contents should be cached for few hours only.
What are the best practices to be
followed while designing a secure RESTful web service ?
As RESTful
web services work with HTTP URLs Paths so it is very important to safeguard a
RESTful web service in the same manner as a website is be secured. Following
are the best practices to be followed while designing a RESTful web service −
Validation − Validate all inputs on the server.
Protect your server against SQL or NoSQL injection attacks.
Session based authentication − Use session based authentication
to authenticate a user whenever a request is made to a Web Service method.
No sensitive data in URL − Never use username, password or
session token in URL , these values should be passed to Web Service via POST
method.
Restriction on Method execution − Allow restricted use of methods
like GET, POST, DELETE. GET method should not be able to delete data.
Validate Malformed XML/JSON − Check for well formed input passed
to a web service method.
Throw generic Error Messages − A web service method should use
HTTP error messages like 403 to show access forbidden etc.
What is the purpose of HTTP Status
Code ?
HTTP Status
code are standard codes and refers to predefined status of task done at server.
For example, HTTP Status 404 states that requested resource is not present on
server.
What is JAX-RS ?
JAX-RS
stands for JAVA API for RESTful Web Services. JAX-RS is a JAVA based
programming language API and specification to provide support for created
RESTful Webservices. Its 2.0 version was released in 24 May 2013. JAX-RS makes
heavy use of annotations available from Java SE 5 to simplify development of JAVA
based web services creation and deployment. It also provides supports for
creating clients for RESTful web services.
What are the core components of a
HTTP Request?
A HTTP
Request has five major parts −
Verb − Indicate HTTP methods such as GET,
POST, DELETE, PUT etc.
URI − Uniform Resource Identifier (URI) to identify the
resource on server.
HTTP Version − Indicate HTTP version, for example
HTTP v1.1 .
Request Header − Contains metadata for the HTTP
Request message as key-value pairs. For example, client ( or browser) type,
format supported by client, format of message body, cache settings etc.
Request Body − Message content or Resource
representation.
What are the core components of a
HTTP response?
A HTTP
Response has four major parts −
Status/Response Code − Indicate Server status for the
requested resource. For example 404 means resource not found and 200 means
response is ok.
HTTP Version − Indicate HTTP version, for example
HTTP v1.1 .
Response Header − Contains metadata for the HTTP
Response message as key-value pairs. For example, content length, content type,
response date, server type etc.
Response Body − Response message content or
Resource representation.
Refer to Part 1 of this post at below URL :
http://osb-dheeraj.blogspot.in/2017/03/rest-restful-web-service-interview_7.html
