Building a RESTful API with ASP.NET Core 3

Question 1

Is rest a standard? is it protocol agnostic?

Answer 1

NO. an arch style… it is protocol agnostico

Question 2

What are the 6 contraintaints (design decisions) that REST has?

Answer 2

1 - Uniform Interfaces: API and consumers share one single technical interface: API;
2 - Client-Server: They are completelly separated;
3 - Statelessness: state is contained within the request;
4 - Layered system: layers can be added or removed in a transparent way to other layers;
5 - Cacheable: each RESPONSE message must explicitly state if it can be cached or not (ETag, lat-modified and etc)
6 - Code on demand (optional): server can extend client functionality (usually applicable for webapps).

Question 3

What is the payload?

Answer 3

Is the data that is sent and/or retrieved along with the request/response.

Question 4

What is the Richardson Maturity Model (RMM) and how it relates to REST?

Answer 4

It is a set of maturity levels that dictates how much you actually use from the REST standards, or how mature it is.

Question 5

What is the level 0 - (swamp of POX - plain old XML) of RMM?

Answer 5

You use a single endpoint with a set of statefull calls to achieve a goal; usually using xml

Question 6

What is the level 1 - Resources of RMM?

Answer 6

Each resource is mapped to a URI; using post verb only

Question 7

What is the level 2 - Verbs of RMM?

Answer 7

Correct HTTP verbs and status codes are used;

Question 8

What is the level 3 - Hypermedia of RMM? Which benefit does it bring?

Answer 8

The API supports Hypermedia as the engine of the application state (HATEOAS). It brings links to other actions/resources (discoverability).

Question 9

Which API level can be considered a precondition to a RESTful api?

Answer 9

Level 3.

Question 10

Can the URI api/authors be followed by another noun?

Answer 10

NO. should be followed with an ID.

Question 11

Where to add filters, sorting orders?

Answer 11

As a query string.. api/customer?orderby=name

Question 12

What a simple controller must have to behave like an endpoint?

Answer 12

data anotaded as [APIController], extending ControllerBase, defining the Route[(“api/authors”)] data anotation to the controller and defining the data anotation verb to the action [HTTPGet]

Question 13

What is a convention-based routing? When is it used the most?

Answer 13

endpoints are added to actions on a controller following a convention (explicitly defined). usually used for web applications.

Question 14

What is attribute-based routing?When is it used the most?

Answer 14

The routing is defined via the combinations of the controller name and data anotations in the action methods inside the controllers. used the most for APIs

Question 15

How to interact with resources via HTTP methods?

Answer 15

https://pasteboard.co/JstVwBx.png

Question 16

How to create two http gets to the same source with disambiguation?

Answer 16

[HTTPGet(“{authorId:guid}”)]

[HTTPGet(“{authorId:int}”)]

Question 17

What are the 3 most important 200 status codes which verb uses it?

Answer 17

200 - Ok - Get, Success
201 - Ok - Post, Created
204 - Ok - Delete, No content

Question 18

What are the 9 most important 400 status codes?

Answer 18

400 - Bad request - Generic
401 - Unauthorized (authentication issues)
403 - Forbidden (authorization issues)
404 - not found
405 - method not allow (e.g send a post to the authors endpoint)
406 - not acceptable (the payload response format asked is not supported)
409 - Conflict (used to handle concurrency issues: the data has been changed by someone else)
415 - same as 406, but the issue is with the REQUEST payload
422 - unprocessable entity - semantic mistakes (validation)…

Question 19

What is the most comon 500 hundred status code?what does it mean?

Answer 19

internal error - something bad happened to the server - try again

Question 20

What is the difference between errors and faults?

Answer 20

errors are correctly thrown when something is wrong with the request. and faults means that the API failed to process a correct request.

Question 21

What is the benefits of using Ok() instead of new JasonResult()?

Answer 21

Ok is more readable and deals with other formats of data other than the jason

Question 22

What formatters and content negotiation mean?

Answer 22

the client can demand the response in a specific format, and the server can deman the request in a specific format

Question 23

How to proper handle unsupported formats in a way that the api returns a 406 error?

Answer 23

via services.addcontroller(s => s.ReturnHttpNotAcceptable = true);

Question 24

how to add xml as a supported fortmat in asp?

Answer 24

s.addcontroller().addxmldatacontractserializerformatters();

Question 25

What outer facing (DTO) vs entity model means?

Answer 25

means that our internal entity model should NOT be directly exposed to the external world. instead we should use outer facing models and translate into them via automapper

Question 26

Should I always return IActionResult? What's better for things like swagger?

Answer 26

return ActionResult>

Question 27

What to use to map entity properties to dto object?

Answer 27

AutoMapper

Question 28

Should i simply install automapper? why not?

Answer 28

not... install automapper.extensions.microsoft.dependencyinjection because it plays better with aspnet DI system

Question 29

Where mappings are stored? How to add custom mappings (aka projections)?

Answer 29

in the profiles folder, create one for each dto object... inheriting the dto object from map and doing a forMember (if custom)

Question 30

How to handle exceptions in the API in a customized way othen than just return a status code 500?

Answer 30

by doing an app.UseExceptionHandler(appbuilder => {... appbuilder.run...})

Question 31

What is HEAD verb used for? when is it particularly useful?

Answer 31

HEAD is used to check if a resource exists, equal to get but without body. Very useful when ETags and other similar multi-use validations are used

Question 32

Can I verb/route the same method twice on aspnet? how?

Answer 32

yes... just add extra verbs [httpget] [head]

Question 33

Where the data from the request can come from?

Answer 33

body, form, header, query, route and service

Question 34

Can data from the request be found by inferring types? What is the default source when we work with primitive types?

Answer 34

yes. query string (FromQuery)

Question 35

What is the difference between filtering and searching?

Answer 35

Filtering means the consumer define what are the filters to apply via query string. Search is simply a term that the api defines on how to search it.

Question 36

Are only the fields part of the request filterable?

Answer 36

yes

Question 37

What to do when you need to receive many inputs via query string? What happens to the inferred query string? How to overcome this?

Answer 37

It's best to create a complex type (class) to handle this. The inferred query string will no longer work. Solved by add a [FromQuery] data annotation.

Question 38

Will the same DTO always be used for all verbs?

Answer 38

No. it's common to have different dtos for get and post, for example.

Question 39

Will the BaseController deal automatically with wrong conversions from the request body to the complex types?

Answer 39

Yes. will return 400's return code

Question 40

During a post, how to express the location where the resource is created? Where the location appears? How to refer to existing endpoints without concatenating manually URIs?

Answer 40

by returning a CreatedAtRoute(location, bodypayload). by naming the endpoints [httpget("{asd}", name = "asd123")

Question 41

What is the first check that needs to be done in the API when a consumer wants to add a resource that is child of another one?

Answer 41

check if the parent resource (defined in the url) exists, otherwise 404

Question 42

What to do when you want to post authors along with its courses in one go?

Answer 42

The authorDTO must contain in its definition an ICollection of courseDTO (initialized) and the repository needs to also be also to handle that (needs to be able to create guid for the author and for the courses when added... entity framework takes care of the rest.

Question 43

What to do if aspnet doesn't handle my binding mechanism (array of guid, for example)?

Answer 43

You need to create a custom model binder and assign to the action method in the API.

Question 44

How to support multiple additions of authors in one go?

Answer 44

it is suggested to create a new endppoint that support posts and read of collection, but I found it pretty shitty. i'd used the same endpoint.

Question 45

is posting to a specific object uri allowed on asp 3? how was that on asp?

Answer 45

No... it returns a 405 method not allowed. on asp 2 manual implementation was required

Question 46

What does the option method do? how to implement?

Answer 46

return a key value of allow and the comma separated supported verbs. implement manually... response.header = return ok

Question 47

how to add validation of the input data? can i use the same as i use in my entity?

Answer 47

works out of the box as long as the dto has the data annotations.

Question 48

How to implement my own custom validations?

Answer 48

by implementing the IValidatableObject by the DTO (once this is the final input) and implementing the method. usually the classname is returned along

Question 49

Will my custom validator be called when data annotation validation fails? Does that apply to custom data annotation attributes?

Answer 49

No. Yes.

Question 50

Instead of using IValidatableObject, how to implement my own data annotanion attribute?

Answer 50

By creating a new class with the name of the validation and extending from ValidationAttribute.

Question 51

Is the API response from aspnet 3 fully compliant with the RFC? What to do then?

Answer 51

No. You can return the proper return code 422 by implementing you own InvalidModelStateResponseFactory which is accessible in the services class.

Question 52

What is the problem behind data annotation validations and IValidatableObjects? What is the other approach to overcome this?

Answer 52

they are hard to test and bound to the entities. using FluentValidation library.

Question 53

When executing a full update (PUT) what happens to the missing fields available in the entity itself (e.g: id)? What about the missing fields that are in the dto?

Answer 53

They are all kept once these fields are NOT available in the dto. the missing fields available in the DTO will get their default value, which is null

Question 54

Do the update method in the repo need to do anything? what is necessary to do then? Why keep this method and call it afterall?

Answer 54

no... because the mapper already changed the entity. just call save... because different technologies might need to use the update method... remember: we're coding agains a repository interface which is technology agnostic.

Question 55

What code to return after a success put operation? should it have content? could it be the same return we do with a post?

Answer 55

204 - no content. yes... seems to be better to also return helper field like lastmodified and stuff with this.

Question 56

How to minimize code duplication for update and create dtos? Does data anotation also work in this case?

Answer 56

create a base class with virtual properties that can be overriden. Yes, works and can be overriden.

Question 57

Why executing a put request in a collection of items can be destructive? (e.g courses) What to do then?

Answer 57

because the "by the book" put replaces the existing content with the request body... that means the existing items should be deleted and re-inserted. might be a good idea not implementing this funcionality.

Question 58

What is upserting?

Answer 58

Is when the consumer is also able to create guids and therefore won't post (otherwise guid will get replaced). Therefore, this consumer will call the put method, which will insert the value in the database.

Question 59

What is a JSON patch document?

Answer 59

is a list of operations that will be applied to an existing resource in order to change its content.

Question 60

jsonpatchdocument is part of default aspnet core projects?

Answer 60

no... need to be added via nuget.

Question 61

is it necessary to use newtonsoft.json package to overcome default json package limitations?

Answer 61

yes... then needed to be applied to the services.

Question 62

The order of the serializers impact the default serialization process?

Answer 62

yes... json first and then XML

Question 63

Are json patch documents validated automatically?

Answer 63

NO. need to add manual validations: patchdoc.applyTo(courseToPatch, modelstate); if !tryvalidatemodel(courseToPatch, ModelState) return ValidationProblem(ModelState)

Question 64

How to make a controller to use our custom model validator?

Answer 64

needs to override ValidationProblem( | )

Question 65

does upserting with patch need custom logics? what about the validations?

Answer 65

yes for both.

Question 66

what does a delete request returns?

Answer 66

204 nocontent

Question 67

What is cascade delete on entity framework core, is it the default behavior?

Answer 67

delete will cascade to all child objects. enabled by default.

Question 68

is deleting collections recommended?

Answer 68

NO.

Question 69

What are the advanced conecepts that were not covered here that makes our api NOT fully restful?

Answer 69

HATEOAS, advanced content negotiation, caching and concurrency, paging, sorting and data shapping.

Question 70

What benefit the IQueryable brings? Why?

Answer 70

Enables LINQ. Because it allows creating an expression tree via LINQ.

Question 71

How to allow pagination? Where is it defined?

Answer 71

by doing a skip and take in the linq query. defined as query string

Question 72

should the pagination metadata returned in the response body? where then?

Answer 72

NO. as header information.

Question 73

What is a good way of implementing a paged list on aspnet core? what is the gotcha? Should we do paging by default?

Answer 73

by extending a list and implementin the properties accordingly. The gotcha is around receiving a IQueriable so that improving performance? Yes, paging by default.

Question 74

What are the properties that define a pagination endpoint? Where these properties are assigned?

Answer 74

totalCount, pageSize, currentPage, totalPages, previousPageLink and nextPageLink. In the X-Pagination header

Question 75

what is used to implement a good generic order by clause in the api?

Answer 75

system.linq.dynamic.core

Question 76

What is the lifetime of a lightweight stateless dependency recommended by .net core team?

Answer 76

transient

Question 77

How to implement the sort without switches (taking into consideration we're using DTOs)? Will sometimes the order be inverter or one to many mappings?

Answer 77

by creating a map between the entity and the dto. yes, sometimes it's necessary to invert (age vs dob, name vs first and last name)

Question 78

What is data shapping and why is it useful?

Answer 78

data shapping is the act of allowing the consumer to decide which fields will be returned. useful to reduce network traffic.

Question 79

How to implement data shapping, how to avoid overheads?

Answer 79

by using expandObject... we can avoid overheads by doing the reflection once and the populate the newly dynamic class.

Question 80

what is HATEOAS in simple terms?

Answer 80

means that the resource will have links to other resources

Question 81

what happens when HATEOAS is not implemented?

Answer 81

the client needs to know too much and it is hard to evolve the API.

Question 82

What does HATEOAS means about client controls?

Answer 82

they are learned on the fly (links will vary based on the current API state and version).

Question 83

Are there new rest api standards being developed? which one is backed by MS?

Answer 83

yes... there are several under development... microsoft backs up odata.org

Question 84

What is advanced content negotiation and what custom media type vendor means? Where is this custom media type defined?

Answer 84

Means that the client might request the response in json including links (HATEOAS). custom media type vendors define their own contract definition. in the header, field Accept

Question 85

What is a semantic media type?

Answer 85

is a media type that defines how the "shape" of the data that is being retrived... might be a simple one and a full (more verbose)

Question 86

how to avoid api versioning?

Answer 86

via code on demand principle... but this is difficult, versioning is pragmatically acceptable.

Question 87

what are the three types of cache?

Answer 87

client cache, gateway cache and proxy cache

Question 88

What is the gateway cache? how is it also know?

Answer 88

The gateway cache lives in the server and is aka reverse proxy cache and http accelerators

Question 89

Whats ithe proxy cache?

Answer 89

usually used in big networks such as ISP providers.

Question 90

What is the response cache attribute? what is the default unit of measure used for the cache?

Answer 90

Is a header property "cache-control: max-age:120". measured in seconds.

Question 91

How to enable http cache in our rest api?

Answer 91

by adding a cache middleware and by adding a [ResponseCache (duration = 120)] attribute to the endpoint's methods

Question 92

Where the app.UseResponseCaching needs to be added?

Answer 92

before useRouting and useEndpoints, otherwise our cache will never be hit.

Question 93

What is a cache profile? Where is it applied?

Answer 93

Allow setting caching rules to dfferent endpoints. Applied to the controller level [ResponseCache (CacheProfileName = "myProfileKey")]

Question 94

How does the expiration model cache works?

Answer 94

it has a property containing a datetime defining the "due" date of the data.

Question 95

What is the difference between private and public caching?

Answer 95

private means each application has its own cached data and controls. public means the cache is shared to everyone.

Question 96

What is the difference between private and public caching from the network and api hits perspective?

Answer 96

private uses less bandwidht (not stored in the server) and public doesn't save bandiwith however drastically reduces requests directly to the api.

Question 97

How does the validation model cache works? What is strong and weak validators?

Answer 97

Based on etags and/or last-modified dates. Strong changes etag if anything within the body or header is changed. Weak depends on how much is changed (server decides - equivalence not equity). more at: https://pasteboard.co/JvmcGIv.png

Question 98

What is the holy grail of caching?

Answer 98

Is when the expiration and validation chaching models are used for both private and public caches.

Question 99

What are the cache-control directives?

Answer 99

https://pasteboard.co/JvmgD98.png"

Question 100

How to implement the validation cache to our aspnet projects? is there a lib available for that? Where place that in the middleware?

Answer 100

Can be implemented via the use of marvin.cache.headers package. put before routing and before endpoints.

Question 101

How to keep all instances of my api in sync with the cache data?

Answer 101

you can use redis.

Question 102

Will CDNs (akamai, cloudflare etc) comply with our cache tags? What about common proxies?

Answer 102

Yes... that should suffice for the backend engineer. Yes for common proxies such as squid.

Question 103

Is cache invalidation implemented by expiration and validation approaches? What to do for complex scenarios (such as indirect resource changes)?

Answer 103

yes. manual cache invalidation needs to be written or use cdn-provided SDKs.

Question 104

What are the two concurrency strategies?

Answer 104

pessimistic (resource is locked, not possible for APIs) and optimistic (resource can be update as long as the token is valid - such as etag). details at: https://pasteboard.co/JvmtZns.png

Question 105

What is the status code that is returned when the etags does not match? What is the property that needs tp be defined in the header to trigger this?

Answer 105

412 - precondition failed. Needs to have a if-Match: