Designing RESTful Web APIs Flashcards

(39 cards)

1
Q

What is the history of Distributed APIs? When REST came into play?

A

https://pasteboard.co/JsapZuZ.png

~ 2006

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What a simple http request is made of? How does the response look like?

A

a VERB, metadata and content. The response is status code, metadata and content.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

How long does a http request last? Is it correct to say that the http server is stateless?

A

As short as possible. Yes, stateless. A server will simply fullfil your request and forget about you.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What are the 5 common verbs ir rest, which one updates just the necessary fields?

A

Get, post, put, delete and PATCH.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What the request metadata consists of? Which are the most common keys? Which one is used to keep the state?

A

set of key, value pairs. content-type, content length, authorization, accept (what kind of data the client accept), cookies (passenger in the request, in order to keep some sort of state). Cookies keep the state

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What the request content consists of? What is the most common use of it?

A

HTML, CSS, JS, XML, JSON, BINARY/BLOBS and etc… it helps with information to fullfil the request.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What the response status code consists of, what are the ranges and their meaning?

A

100~199: Informational (rarely used);
200~299: Success;
300~399: Redirection (asking you to look somewhere else);
400~499: Something is wrong with the request (client’s fault);
500~599: Something is wrong with the server (server’s fault).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What the response headers consists of?

A

content-type, content-length, expires (cache: how long this data can be considered relevant), cookies (data sent previously in the request) and etc…

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What the response content consists of?

A

The response content can be anything as well: html, css, json, binary/blobs, apis can also have their own types.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is a good site to try rest?

A

arest.me

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is REST and its main concepts? Who created it?

A

REpresentational State Transfer. Main concepts:

  • Separation of client and server;
  • Server requests are stateless;
  • Cacheable requests;
  • Uniform Interface;

Roy Fieldings

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What are the common problems of REST?

A

Too be difficult to be qualified as REST.. usually people tend to make shortcuts to create a pragmatic REST server

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What is a similarity between a REST server and WIKIPEDIA?

A

Both has URLS that show another URLs to further explore content.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

The endpoint should contain nouns or verbs?

A

NOUNS: api/customers

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What is a URI?

A

It is a unique (SINGLE) resource identifier:
/sites/1
/sites/stone-henge

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What is a query string? How to represent it?

A

allow developers to define how they are going to get this data.
/sites?sort=name
/sites?page=1

17
Q

What are the main differences between the http verbs applied to a list of items and a specific item?

A

can’t delete the whole collection; can’t post to a specific item (405)

18
Q

What idempotency means in the REST context? what is the only verb that is never idempotent?

A

it means all the verbs should do the same thing over and over again without changing the result (except for post, post is never idempotent)

19
Q

Should I use .net specific stuff in the resturned JSON? What is the ultimate advice?

A

no… do platform agnostico.. e.g: json properties as camelCase. Be consistent… use the same rule everywhere.

20
Q

what to do when developing collections endpoints? should i return everything? what about adding extra information at root level of the object and the actual collection as a result object? What is the idea of the query string useWrapper?

A

should limit the amout of data returned and allow pagination. It is a good idea to add extra info to the root level of collection, such as count or next page url. The ideia is that the result will be put in the results collection

21
Q

How the desired format is defined? what is the anti-pattern way?

A

The desired format can be defined in the headers. Avoid using query strings for that.

22
Q

What is hypermedia? When to use?

A

Hypermedia add a new property called _links where it allows in an easier or even in an automated way the consumer to navigate the objects consistently. Use it when the complexity pays off.

23
Q

How to design associations? How to access all orders from a specific customers?

A

Means that the left side of the URL means some sort of relationship to objects.

e.g:
api/customer/123/orders

24
Q

How to avoid too many nested associations? What is the limit? api/customer/123/order/1/items/2/prices etc etc

A

By creating new endpoints? There is no limit, but should make sense by simply lookng at it.

25
what does paging do? why is it important?
Allows users to query up to a maximum amount of data, after that the user needs to do another request to retrieve the rest of it. important to not send more data than necessary
26
What to do for error handling? do i need to include extra information other than the status code? When?
the api needs to return the error code and extra information when pertinent... e.g: title field is missing. 404 is clear enough by itself.
27
What is the HTTP caching and how it differs from server caching?
HTTP makes use of the ETag which is a key that is sent back and forth in order to know if the object that is being transmitted is the latest version of the object or if its invalidated
28
How the usage on a ETag differs from a get to a post when it is stale?
A get will simply the the data again.. a post would return an error because the client no longer has the latest version
29
What is a functional API? What does it have to do with pragmatism? Can I use common verbs to trigger functional API?
Functional API is an non-REST operation that is useful for the user, for the devs or even the sys admins to execute usefull things in the server... like reseed the database or flag a reboot. Usually the verb used is OPTIONS
30
What to use when we need a long-lived connection to the server? Should we use rest for that?
rest is not useful here... for this case it's best using gRCP, comet, signalR, Firebase and etc..
31
Can I make breaking changes to my api after publishing? how to approach this?
no. use api versioning
32
When to version the api?
When there are external users of the API other the team itself.
33
How the api can be versionated? Cite 4 types;
url versioning: /api/v2/customers query string versioning: /api/customers?ver=2 header and content versioning
34
What are the security considerations for an API?
Server security; Security in transit (ssl); Cors; auth
35
What CORS stands for? Why does it do?
Cross origin resource sharing. It gives fine grained control over who can access the site via the browser (which domains can access which resources).
36
What are the fours ways usually APIs are secured?
cookies, basic auth, token auth and oauth
37
How does the token auth differs from basic auth?
client sends the creds less often once it uses the token most of the time until it expires.
38
What is contained in a JSON web token (JWT)?
user information, claims, server signature, and other information.
39
How does the server know the JWT was not modified, since it's pretty easy to change it because it's plain text?
because of the server signature.