Tuesday, March 07, 2017

REST / RESTful Web Service Interview Questions - Part 2


Which type of Webservices methods are to be idempotent?
PUT and DELETE operations are idempotent.

Which type of Webservices methods are to be read only?
GET operations are read only and are safe.

What is the difference between PUT and POST operations?
PUT and POST operation are nearly same with the difference lying only in the result where PUT operation is idempotent and POST operation can cause different result.

What should be the purpose of OPTIONS method of RESTful web services?
It should list down the supported operations in a web service and should be read only.

What should be the purpose of HEAD method of RESTful web services?
It should return only HTTP Header, no Body and should be read only.

What is caching?
Caching refers to storing server response in client itself so that a client needs not to make server request for same resource again and again. A server response should have information about how a caching is to be done so that a client caches response for a period of time or never caches the server response.

Which header of HTTP response, provides the date and time of the resource when it was created?
Date header provides the date and time of the resource when it was created.

Which header of HTTP response, provides the date and time of the resource when it was last modified?
Last Modified header provides the date and time of the resource when it was last modified.

Which header of HTTP response provides control over caching?
Cache-Control is the primary header to control caching.

Which header of HTTP response sets expiration date and time of caching?
Expires header sets expiration date and time of caching.

Which directive of Cache Control Header of HTTP response indicates that resource is cachable by any component ?
Public directive indicates that resource is cachable by any component.

Which directive of Cache Control Header of HTTP response indicates that resource is cachable by only client and server, no intermediary can cache the resource?
Private directive indicates that resource is cachable by only client and server, no intermediary can cache the resource.

Which directive of Cache Control Header of HTTP response indicates that resource is not cachable ?
no-cache/no-store directive indicates that resource is not cachable.

Which directive of Cache Control Header of HTTP response can set the time limit of caching ?
max-age directive indicates that the caching is valid up to max-age in seconds. After this, client has to make another request.

Which directive of Cache Control Header of HTTP response provides indication to server to revalidate resource if max-age has passed ?
must-revalidate directive provides indication to server to revalidate resource if max-age has passed.

What are the best practices for caching ?
Always keep static contents like images, css, JavaScript cacheable, with expiration date of 2 to 3 days. Never keep expiry date too high.
Dynamic contents should be cached for few hours only.

What are the best practices to be followed while designing a secure RESTful web service ?
As RESTful web services work with HTTP URLs Paths so it is very important to safeguard a RESTful web service in the same manner as a website is be secured. Following are the best practices to be followed while designing a RESTful web service −
Validation − Validate all inputs on the server. Protect your server against SQL or NoSQL injection attacks.
Session based authentication − Use session based authentication to authenticate a user whenever a request is made to a Web Service method.
No sensitive data in URL − Never use username, password or session token in URL , these values should be passed to Web Service via POST method.
Restriction on Method execution − Allow restricted use of methods like GET, POST, DELETE. GET method should not be able to delete data.
Validate Malformed XML/JSON − Check for well formed input passed to a web service method.
Throw generic Error Messages − A web service method should use HTTP error messages like 403 to show access forbidden etc.

What is the purpose of HTTP Status Code ?
HTTP Status code are standard codes and refers to predefined status of task done at server. For example, HTTP Status 404 states that requested resource is not present on server.

What is JAX-RS ?
JAX-RS stands for JAVA API for RESTful Web Services. JAX-RS is a JAVA based programming language API and specification to provide support for created RESTful Webservices. Its 2.0 version was released in 24 May 2013. JAX-RS makes heavy use of annotations available from Java SE 5 to simplify development of JAVA based web services creation and deployment. It also provides supports for creating clients for RESTful web services.

What are the core components of a HTTP Request?
A HTTP Request has five major parts −
Verb − Indicate HTTP methods such as GET, POST, DELETE, PUT etc.
URI − Uniform Resource Identifier (URI) to identify the resource on server.
HTTP Version − Indicate HTTP version, for example HTTP v1.1 .
Request Header − Contains metadata for the HTTP Request message as key-value pairs. For example, client ( or browser) type, format supported by client, format of message body, cache settings etc.
Request Body − Message content or Resource representation.




What are the core components of a HTTP response?
A HTTP Response has four major parts −
Status/Response Code − Indicate Server status for the requested resource. For example 404 means resource not found and 200 means response is ok.
HTTP Version − Indicate HTTP version, for example HTTP v1.1 .
Response Header − Contains metadata for the HTTP Response message as key-value pairs. For example, content length, content type, response date, server type etc.
Response Body − Response message content or Resource representation.