Wednesday, 28 July 2021

 Web Services

https://www.javatpoint.com/web-services-interview-questions


Rest Services

https://www.interviewbit.com/rest-api-interview-questions/

Rest

Rest is an architectural style that enables developers to build lightweight secure transactional web services which are used to modify the web resources accessed through URI.

Rest Principles:

REST defines 6 architectural constraints which make any web service – a true RESTful API.

·       Uniform interface

·       Client–server

·       Stateless

·       Cacheable

·       Layered system

·       Code on demand (optional)

Rest Features:

Rest uses appropriate HTTP Verbs

·       PUT

·       POST

·       GET

·       DELETE

·       PATCH

Rest uses hypermedia to handle the heterogenous client server communication.

Hypermedia: HATEOAS – Hypermedia as the engine of Application state

In the response, we can embed the link to the next resource.

1.     SOAP Vs REST

SOAP 

REST

SOAP - Simple Object Access Protocol 

REST - Representational State Transfer

SOAP is a protocol used to implement web services.

REST is an architectural design pattern for developing web services

SOAP cannot use REST as it is a protocol.

REST architecture can have SOAP protocol as part of the implementation.

SOAP specifies standards that are meant to be followed strictly.

REST defines standards but they need not be strictly followed.

SOAP client is more tightly coupled to the server which is similar to desktop applications having strict contracts.

The REST client is more flexible like a browser and does not depend on how the server is developed unless it follows the protocols required for establishing communication.

SOAP supports only XML transmission between the client and the server.

REST supports data of multiple formats like XML, JSON, MIME, Text, etc.

SOAP reads are not cacheable.

REST read requests can be cached.

SOAP uses service interfaces for exposing the resource logic.

REST uses URI to expose the resource logic.

SOAP is slower.

REST is faster.

Since SOAP is a protocol, it defines its own security measures.

REST only inherits the security measures based on what protocol it uses for the implementation.

SOAP is not commonly preferred, but they are used in cases which require stateful data transfer and more reliability.

REST is commonly preferred by developers these days as it provides more scalability and maintainability.

 

2.     While creating URI for web services, what are the best practices that needs to be followed?

Below is the list of best practices that need to be considered with designing URI for web services:

 

·       While defining resources, use plural nouns. Example: To identify user resource, use the name “users” for that resource.

·       While using the long name for resources, use underscore or hyphen. Avoid using spaces between words. For example, to define authorized users resource, the name can be “authorized_users” or “authorized-users”.

·       The URI is case-insensitive, but as part of best practice, it is recommended to use lower case only.

·       While developing URI, the backward compatibility must be maintained once it gets published. When the URI is updated, the older URI must be redirected to the new one using the HTTP status code 300.

·       Use appropriate HTTP methods like GET, PUT, DELETE, PATCH, etc. It is not needed or recommended to use these method names in the URI. Example: To get user details of a particular ID, use /users/{id} instead of /getUser

·       Use the technique of forward slashing to indicate the hierarchy between the resources and the collections. Example: To get the address of the user of a particular id, we can use: /users/{id}/address

 

3.     What are the best practices to develop RESTful web services?

 

·       Since REST supports multiple data formats, it is however good practice to develop REST APIs that accept and responds with JSON data format whenever possible. This is because a majority of the client and server technologies have inbuilt support to read and parse JSON objects with ease, thereby making JSON the standard object notation.

 

·       While naming the resource endpoints, ensure to use plural nouns and not verbs.

·       To represent the hierarchy of resources, use the nesting in the naming convention of the endpoints.

/authors/:id/address'

·       Error Handling should be done gracefully by returning appropriate error codes the application has encountered. HTTP Status codes that can be sent along with the response based on the scenario.

o   400 - Bad Request – client-side error - failed input validation.

o   401 - Unauthorized – The user is not authenticated and hence does not have authority to access the resource.

o   403 - Forbidden – User is authenticated but is not authorized to access the resource.

o   404 - Not Found – The resource is not found.

o   500 - Internal server error – This is a very generic server-side error that is thrown when the server goes down. This shouldn’t be returned by the programmer explicitly.

o   502 - Bad Gateway – Server did not receive a valid response from the upstream server.

o   503 - Service Unavailable – Some unexpected things happened

 

·       While retrieving huge resource data, it is advisable to include filtering and pagination of the resources. This is because returning huge data all at once can slow down the system and reduce the application performance

·       Good security practices are a must while developing REST APIs. The client-server communication must be private due to the nature of data sensitivity.

·       Since REST supports the feature of caching, we can use this feature to cache the data in order to improve the application performance.

·       Versioning needs to be done in case we are planning to make any changes with the existing endpoints. We do not want to break communication between our application and the apps that consume our application while we are working on the API release.

 

4.      What are Idempotent methods? How is it relevant in RESTful web services domain?

 

The meaning of idempotent is that even after calling a single request multiple times, the outcome of the request should be the same. While designing REST APIs, we need to keep in mind to develop idempotent APIs. This is because the consumers can write client-side code which can result in duplicate requests intentionally or not. Hence, fault-tolerant APIs need to be designed so that they do not result in erroneous responses.

 

5.     Can you tell what constitutes the core components of HTTP Request?

 

In REST, any HTTP Request has 5 main components, they are:

 

·       Method/Verb − This part tells what methods the request operation represents. Methods like GET, PUT, POST, DELETE, etc are some examples.

·       URI − This part is used for uniquely identifying the resources on the server.

·       HTTP Version − This part indicates what version of HTTP protocol you are using. An example can be HTTP v1.1.

·       Request Header − This part has the details of the request metadata such as client type, the content format supported, message format, cache settings, etc.

·       Request Body − This part represents the actual message content to be sent to the server.

 

6.     What constitutes the core components of HTTP Response?

 

·       Response Status Code − This represents the server response status code for the requested resource. Example- 400 represents a client-side error, 200 represents a successful response.

·       HTTP Version − Indicates the HTTP protocol version.

·       Response Header − This part has the metadata of the response message. Data can describe what is the content length, content type, response date, what is server type, etc.

·       Response Body − This part contains what is the actual resource/message returned from the server.

 

7.     PUT Vs POST

PUT

POST

PUT methods are used to request the server to store the enclosed entity in request. In case, the request does not exist, then new resource has to be created. If the resource exists, then the resource should get updated.

POST method is used to request the server to store the enclosed entity in the request as a new resource.

The URI should have a resource identifier. Example: PUT /users/{user-id}

The POST URI should indicate the collection of the resource. Example: POST /users

PUT methods are idempotent.

POST methods are not idempotent.

PUT is used when the client wants to modify a single resource that is part of the collection. If a part of the resource has to be updated, then PATCH needs to be used.

POST methods are used to add a new resource to the collection.

The responses are not cached here despite the idempotency.

Responses are not cacheable unless the response explicitly specifies Cache-Control fields in the header.

In general, PUT is used for UPDATE operations.

POST is used for CREATE operations.

 

8.     What makes REST services to be easily scalable?

 

REST services follow the concept of statelessness which essentially means no storing of any data across the requests on the server. This makes it easier to scale horizontally because the servers need not communicate much with each other while serving requests.

 

9.     Web Socket Vs Rest

REST

Web Socket

REST follows stateless architecture, meaning it won’t store any session-based data.

Web Socket APIs follow the stateful protocol as it necessitates session-based data storage.

The mode of communication is uni-directional. At a time, only the server or the client will communicate.

The communication is bi-directional, communication can be done by both client or server at a time.

REST is based on the Request-Response Model.

Web Socket follows the full-duplex model.

Every request will have sections like header, title, body, URL, etc.

Web sockets do not have any overhead and hence suited for real-time communication.

For every HTTP request, a new TCP connection is set up.

There will be only one TCP connection and then the client and server can start communicating.

REST web services support both vertical and horizontal scaling.

Web socket-based services only support vertical scaling.

REST depends on HTTP methods to get the response.

Web Sockets depend on the IP address and port number of the system to get a response.

Communication is slower here.

Message transmission happens very faster than REST API.

Memory/Buffers are not needed to store data here.

Memory is required to store data.

 



 

10.  What is a Resource in REST?

 

Any single item on the web can be considered as a resource like files, web pages and databases etc

 

11.  What is statelessness in RESTful Webservices?

 

The communication between client and server must be stateless. This means that each request from a service consumer should contain all the necessary information for the service to understand the meaning of the request, and all session state data should then be returned to the service consumer at the end of each request

12.  What are the advantages and disadvantages of statelessness in RESTful Webservices?

 

Advantages:

·       Web services can treat each method request independently.

·       Web services need not to maintain client’s previous interactions. It simplifies application design.

·       As HTTP is itself a statelessness protocol, RESTful Web services work seamlessly with HTTP protocol

Disadvantages:

·       Web services need to get extra information in each request and then interpret to get the client’s state in case client interactions are to be taken care of.

 

13.  What should be the purpose of OPTIONS and HEAD method of RESTful web services?

 

OPTIONS : list down the supported operations in a web service and should be read only.

HEAD : return only HTTP Header, no Body and should be read only.

 

14.  Can we implement transport layer security (TLS) in REST?

 

Yes, we can. TLS does the task of encrypting the communication between the REST client and the server and provides the means to authenticate the server to the client. It is used for secure communication as it is the successor of the Secure Socket Layer (SSL). HTTPS works well with both TLS and SSL thereby making it effective while implementing RESTful web services. One point to mention here is, the REST inherits the property of the protocol it implements. So security measures are dependent on the protocol REST implements.

 

15.  What is Payload in terms of RESTful web services?

 

Payload refers to the data passes in the request body. It is not the same as the request parameters. The payload can be sent only in POST methods as part of the request body.

 

16.  Is it possible to send payload in the GET and DELETE methods?

 

No, the payload is not the same as the request parameters. Hence, it is not possible to send payload data in these methods.

 

17.  How can you test RESTful Web Services?

 

RESTful web services can be tested using various tools like Postman, Swagger, etc

 

18.  What is the maximum payload size that can be sent in POST methods?

Theoretically, there is no restriction on the size of the payload that can be sent. But one must remember that the greater the size of the payload, the larger would be the bandwidth consumption and time taken to process the request that can impact the server performance.

 

 

 

 

 


Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)