WEB > REST API > Flashcards

REST API Flashcards

(16 cards)

Study These Flashcards
1
Q

What is REST?

A

REpresentational State Transfer. Is an architectural style for providing standards between computer systems on the web, making it easier for systems to communicate with each other

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is API?

A

Application programming interface. Is a computing interface that defines interactions between multiple software intermediaries. It defines the kinds of calls or requests that can be made, how to make them, the data formats that should be used, the conventions to follow, etc.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is HEAD request?

A
  • The HTTP HEAD method is used to request HTTP headers from the server.
  • The HTTP HEAD request is identical to the GET request except that the server must not return the message body in the response.
  • The HTTP HEAD request may be executed before loading a large resource, to check resource size, validity, accessibility, and recent modification.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is http header?

A

HTTP headers let the client and the server pass additional information with an HTTP request or response

( Content-Type for example )

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is the difference between POST and PUT?

A

Practically speaking, POST is used to append a resource to an existing collection, while PUT is used to update an existing resource.

PUT puts a file or resource at a specific URI, and exactly at that URI.

POST sends data to a specific URI and expects the resource at that URI to handle the request

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What are the most important points when you develop API?

A
  • security
  • accessibility
  • usability
  • reliability
  • versioning
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What authentication API methods do you know?

A
  • Username and password as parameters
  • HTTP basic authentication
  • HTTP cookies
  • SAML
  • JWT
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is HTTP basic authentication?

A

When we use:
• HTTP methods: GET, POST, PUT, DELETE, PATCH, and
more
• HTTP header: Authorization: Basic bXk6Ym9vaw==
• Content-Type: Any

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is ‘Username, password as parameters’ authentication methods?

A

When payload (message body) includes username and password.

HTTP methods: POST, PUT, PATCH, and more.
Methods like GET or DELETE may include username
and password as URL query parameters (i.e. GET /authenticate?
username=bob&password=secret)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What 2 authorization approaches do you know?

A
  • Preemptive Authorizations
  • Just-in-Time Authorizations
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What are the difference between Preemptive Authorizations and Just-in-Time Authorizations?

A

Preemptive Authorizations:
- User instructs client to make a request to http://user:pass@example.com
- Client makes a request with a header like: Authorization: Basic dXNlcjpwYXNz
- Server authenticates the user and response with 200

Just-in-Time Authorizations:

  • User instructs client to make a request to http://user:pass@example.com
  • Client makes a request without authentication
  • Server responds with 401 and a header like: WWW-Authenticate: Basic realm=”Default Realm”
  • Client makes a second request with a header like: Authorization: Basic dXNlcjpwYXNz
  • Server authenticates the user and response with 200
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What OAuth flows ( grand types ) do you know?

A
  • Implicit grand ( one request and you get access token )
  • Authorization code grand ( first request gets authorization code the second gets access token)
  • Resource Owner Password Credentials (ROPC) Grant ( One request and you send password in this request)
  • Refresh Token Grant ( one request to get a new access_token using refresh token)
  • Client Credentials Grant ( the same as password but with credentials)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What part we need to consider during API implementation?

A
  • Security
  • API restriction
  • Rate limit
  • Request size/type validation
  • Response handling
  • Errors handling
  • Caching
  • Documentation
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is API gateway?

A

It’s like api proxy. It’s like additional layer to handle common things for API. API gateway doesn’t keep business logic.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What Are API Gateways Used For?

A
  1. Access control (i.e. who can access)
  2. Network-level security (i.e. use of TLS)
  3. Message security (i.e. message encryption)
  4. Message validation and transformation (i.e. from JSON to
    XML)
  5. Message routing (i.e. forwarding messages via HTTP)
  6. API availability (i.e. accessible during certain hours)
  7. Logging
  8. Threat protection (i.e. protecting against SQL injection)
  9. Support for messaging (i.e. HTTP to MQTT)
  10. Support for accessing data sources (i.e. accessing
    databases)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Why do we need API gateway?

Study These Flashcards
A
  • Load balancing
  • Concern separation
  • Mocking API
WEB
flashcards
Decks in class (3)
# Cards
Brainscape helps you reach your goals faster, through stronger study habits.
© 2026 Bold Learning Solutions. Terms and Conditions