1. What is REST and what is a RESTful API?
Answer:
REST (Representational State Transfer) is an architectural style for building web services that are stateless, scalable, and use standard HTTP protocols. A RESTful API adheres to REST principles, using HTTP methods like GET, POST, PUT, and DELETE to perform operations on resources.
2. Explain common HTTP methods used in REST APIs.
Answer:
- GET – Retrieve data from the server.
- POST – Create a new resource.
- PUT – Update an existing resource or create it if not present.
- DELETE – Remove a resource.
- OPTIONS – Describe allowed operations on a resource.
3. What are HTTP status codes and why are they important?
Answer:
HTTP status codes indicate the result of a request:
200 OK – Successful request.201 Created – New resource created.400 Bad Request – Invalid input from client.404 Not Found – Resource not found.500 Internal Server Error – Server-side error.
4. What is the difference between PUT and POST?
Answer:
- POST – Used to create a new resource. It is not idempotent.
- PUT – Used to update an existing resource or create one if it doesn't exist. It is idempotent.
5. What is idempotence in REST APIs?
Answer:
An operation is idempotent if calling it multiple times has the same effect as calling it once.
- Examples: GET, PUT, DELETE (usually).
- POST is not idempotent.
6. What is the OPTIONS HTTP method used for?
Answer:
The OPTIONS method provides information about the HTTP methods and operations supported by a specific resource, often used in CORS preflight requests.
7. What is Content-Type in HTTP headers?
Answer:
The Content-Type header tells the server/client about the format of the data being sent.
- Common values:
application/jsonapplication/xmltext/plain
8. What is HATEOAS in REST?
Answer:
HATEOAS (Hypermedia As The Engine Of Application State) is a REST constraint where the API response includes hyperlinks to related resources, guiding the client on what to do next without out-of-band information.
9. How do you secure a RESTful API in Java?
Answer:
- Use HTTPS for encrypted communication.
- Implement authentication (e.g., Basic Auth, OAuth2, JWT).
- Apply authorization with roles/permissions.
- Add input validation and rate limiting.
- Use Spring Security or filters/interceptors in Java.
10. What is CORS and how is it handled in REST APIs?
Answer:
CORS (Cross-Origin Resource Sharing) allows browsers to make requests to a server from a different domain.
To handle CORS:
- Set headers like
Access-Control-Allow-Origin on the server. - In Spring Boot, use
@CrossOrigin annotation or configure a CorsFilter.
Bonus: Tools and Frameworks Commonly Used
- Spring Boot (most popular for Java REST APIs)
- JAX-RS (Java API for RESTful web services)
- Swagger/OpenAPI (for API documentation)
- Postman (for API testing)