Prepare for your next REST API interview with this comprehensive guide. Whether you’re a fresher, have 1-3 years of experience, or are a seasoned professional with 3-6 years, these 30 REST API interview questions cover conceptual, practical, and scenario-based topics. Questions progress from basic to advanced, helping you build confidence in REST principles, HTTP methods, and best practices.
Basic REST API Interview Questions (Freshers & 1-3 Years Experience)
1. What is a REST API?
A REST API is an architectural style for designing networked applications using HTTP. It follows Representational State Transfer (REST) principles, enabling stateless client-server communication through standard HTTP methods and URIs to manipulate resources.
2. What are the key principles of REST architecture?
Key principles include statelessness (each request contains all needed information), client-server separation, uniform interface, cacheability, layered system, and optional code-on-demand.
3. What is a resource in RESTful web services?
A resource is any information or entity that can be named and accessed via a URI, such as a user profile or product. Resources are represented in formats like JSON.
4. What are the main HTTP methods used in REST APIs?
Main methods are GET (retrieve), POST (create), PUT (update or create), DELETE (remove), and PATCH (partial update).
5. Explain the structure of an HTTP request in REST.
An HTTP request includes method/verb (e.g., GET), URI (resource identifier), HTTP version, request headers (metadata like content-type), and optional request body (data for POST/PUT).
6. What is statelessness in REST?
Statelessness means each client request must contain all information needed for the server to process it, without relying on stored session data from previous requests.
7. What is a URI in REST APIs?
URI (Uniform Resource Identifier) uniquely identifies a resource on the server, such as /api/users/123 for user ID 123.
8. What does cacheability mean in REST?
Cacheability allows responses to be cached by clients or intermediaries to improve performance and reduce server load, indicated via headers like Cache-Control.
9. Differentiate between POST and PUT in REST.
POST creates a new resource (non-idempotent), while PUT updates or creates a specific resource at a given URI (idempotent).
10. What is the purpose of HTTP status codes in REST APIs?
Status codes indicate request outcomes: 2xx for success (e.g., 200 OK), 4xx for client errors (e.g., 404 Not Found), 5xx for server errors (e.g., 500 Internal Server Error).
Intermediate REST API Interview Questions (1-3 Years Experience)
11. What is the difference between PUT and PATCH?
PUT replaces the entire resource with new data, while PATCH applies partial updates to specific fields of the resource.
12. How do you handle authentication in REST APIs?
Common methods include API keys in headers, Basic Auth, or token-based like JWT (JSON Web Tokens) sent in Authorization headers.
13. What is CORS in REST APIs?
CORS (Cross-Origin Resource Sharing) is a mechanism allowing restricted resources to be requested from a different domain, controlled via response headers like Access-Control-Allow-Origin.
14. Explain idempotency in REST APIs.
Idempotency means repeating the same request produces the same result. GET, PUT, DELETE are idempotent; POST is not.
15. What are common HTTP response headers in REST?
Headers like Content-Type (e.g., application/json), Authorization, Accept, Cache-Control provide metadata about requests and responses.
16. Scenario: At Zoho, how would you design a REST endpoint to retrieve orders?
Use GET /api/orders with query params like ?status=pending&page=1 for filtering and pagination, returning JSON array of orders.
17. What is HATEOAS in REST?
HATEOAS (Hypermedia as the Engine of Application State) includes links in responses to related resources, enabling clients to discover actions dynamically.
18. How do you version REST APIs?
Common approaches: URI versioning (e.g., /api/v1/users), header versioning (Accept: application/vnd.api.v1+json), or query param (?version=1).
19. What is the Richardson Maturity Model for REST?
It grades APIs: Level 0 (RPC), Level 1 (resources), Level 2 (HTTP verbs/status codes), Level 3 (HATEOAS).
20. Practical: Write a sample GET request for a user resource.
GET /api/v1/users/123 HTTP/1.1
Host: api.example.com
Accept: application/json
Authorization: Bearer token123Advanced REST API Interview Questions (3-6 Years Experience)
21. How do you handle errors in REST APIs?
Return appropriate 4xx/5xx status codes with JSON body containing error code, message, and details for programmatic handling.
22. Scenario: Design a Salesforce-like endpoint for bulk user updates.
Use POST /api/users/bulk with JSON array in body; return 202 Accepted for async processing and a location header for status.
23. What is rate limiting in REST APIs?
Rate limiting restricts request volume per client (e.g., 1000/hour) using headers like X-Rate-Limit-Remaining, preventing abuse.
24. Explain uniform interface in REST.
It standardizes interactions via resource identification (URIs), manipulation through representations, self-descriptive messages, and hypermedia (HATEOAS).
25. Scenario: At Atlassian, how to paginate large datasets in REST?
Use query params like ?page=2&limit=50, with Link headers providing next/prev URLs and total count in response.
26. What are request parameters in REST?
Parameters include path params (/users/{id}), query params (?filter=active), header params (Authorization), and body params (JSON payload).
27. How do you ensure backward compatibility in REST APIs?
Use versioning, avoid breaking changes, add new fields optionally, deprecate old endpoints gradually, and document changes.
28. Practical: Sample error response for invalid input.
HTTP/1.1 400 Bad Request
Content-Type: application/json
{
"error": {
"code": "VALIDATION_ERROR",
"message": "Invalid email format",
"field": "email"
}
}29. Scenario: At Adobe, handle concurrent updates to a resource.
Use ETag headers: Client sends If-Match: etag-value; server returns 412 Precondition Failed if changed, ensuring optimistic locking.
30. What documentation is essential for REST APIs?
OpenAPI/Swagger specs, getting started guides, authentication details, error codes, changelog, and rate limit info for client integration.
