Prepare for your next REST API interview with this comprehensive guide. Whether you’re a fresher, have 1-3 years of experience, or are a seasoned professional with 3-6 years, these 30 REST API interview questions cover conceptual, practical, and scenario-based topics arranged from basic to advanced. Master HTTP methods, status codes, authentication, versioning, and more to ace your interview at companies like Zoho or Atlassian.
Basic REST API Interview Questions
1. What is a REST API?
A REST API is an architectural style for designing networked applications using standard HTTP methods to perform CRUD operations on resources identified by URIs. It follows principles like statelessness and uniform interface for scalable web services.
2. What are the key principles of REST architecture?
Key principles include client-server separation, statelessness (each request is independent), cacheability, uniform interface, layered system, and optional code-on-demand.
3. What is a resource in RESTful web services?
A resource is any information or entity that can be named and addressed via a URI, such as a user or product. Resources are manipulated using standard HTTP methods.
4. Name the primary HTTP methods used in REST APIs.
The primary methods are GET (retrieve), POST (create), PUT (update/replace), DELETE (remove), and PATCH (partial update).
5. What is the difference between GET and POST in REST APIs?
GET retrieves data without side effects and is idempotent, while POST creates new resources and may change server state. GET uses query parameters; POST uses request body.
6. Explain statelessness in REST APIs.
Statelessness means each request from client to server must contain all necessary information; the server does not store client context between requests.
7. What is a URI in REST APIs?
URI (Uniform Resource Identifier) uniquely identifies a resource, e.g., /api/users/123 for user ID 123.
8. What does cacheability mean in REST?
Responses must indicate if they can be cached via headers like Cache-Control, reducing server load for repeated requests.
9. Describe the structure of an HTTP request in REST.
It includes method/verb (e.g., GET), URI, HTTP version, headers (metadata), and optional body for data.
10. What is the role of HTTP status codes in REST APIs?
Status codes indicate request outcome: 2xx (success), 4xx (client error), 5xx (server error), e.g., 200 OK, 404 Not Found.
Intermediate REST API Interview Questions
11. Differentiate between PUT and PATCH in REST APIs.
PUT replaces the entire resource with new data (idempotent), while PATCH applies partial updates to specific fields.
PUT /api/users/123
{
"name": "John",
"email": "john@example.com"
}12. What is idempotency in REST APIs?
Idempotency means repeating the same request produces the same result, true for GET, PUT, DELETE but not POST.
13. How do you handle authentication in REST APIs?
Use API keys in headers, JWT tokens, or OAuth for secure access. Example: Authorization: Bearer <token>.
14. Explain CORS in the context of REST APIs.
CORS (Cross-Origin Resource Sharing) allows or restricts browser requests from different domains via headers like Access-Control-Allow-Origin.
15. What are common HTTP headers in REST APIs?
Content-Type (data format), Authorization (credentials), Accept (response format), Cache-Control (caching).
16. How do you version REST APIs?
Use URI versioning (e.g., /api/v1/users), header versioning (Accept: application/vnd.api.v1+json), or query params (?version=1).
17. What is HATEOAS in REST?
HATEOAS (Hypermedia as the Engine of Application State) includes links in responses for related actions, e.g., self, next, prev links.
{
"id": 123,
"name": "John",
"_links": {
"self": {"href": "/api/users/123"}
}
}18. Describe error handling best practices in REST APIs.
Return appropriate 4xx/5xx codes with JSON bodies detailing errors, e.g., {“error”: “Invalid ID”, “code”: 400}.
19. What is the Richardson Maturity Model for REST APIs?
Level 0: RPC over HTTP; Level 1: Resources; Level 2: HTTP verbs/status codes; Level 3: HATEOAS.
20. How do you test REST APIs?
Test endpoints with tools like Postman, cover HTTP methods, status codes, headers, error cases, and validate responses.
Advanced REST API Interview Questions
21. Scenario: At Salesforce, design a REST endpoint to retrieve orders with pagination. How?
Use GET /api/orders?limit=10&offset=20 with Link headers for next/prev, returning 200 with paginated JSON array.
22. Explain rate limiting in REST APIs with an example.
Limit requests per user/IP via headers like X-Rate-Limit-Remaining. Return 429 Too Many Requests if exceeded.
23. How would you secure a REST API for Paytm’s payment resources?
Implement HTTPS, JWT/OAuth2, role-based access, input validation, and CORS restrictions.
24. Scenario: Handle concurrent updates to a user resource at Oracle. What approach?
Use ETags or version fields in requests; return 409 Conflict if optimistic locking fails, forcing retry.
If-Match: "etag-value"25. What is the difference between uniform interface and layered system in REST?
Uniform interface standardizes resource interaction; layered system hides implementation behind intermediaries like proxies.
26. Design a REST API for Swiggy’s restaurant menu with search and filtering.
GET /api/restaurants?city=Delhi&cuisine=Indian&sort=rating, returning filtered list with 200 OK.
27. How do you ensure backward compatibility in evolving REST APIs?
Use versioning, avoid breaking changes, deprecate fields with warnings, and document changes in changelog.
28. Scenario: Debug a 500 error in Adobe’s REST API. Steps?
Check logs, validate inputs, review server code, ensure structured JSON errors, and test with valid payloads.
29. What are best practices for REST API documentation?
Use OpenAPI/Swagger specs, include getting-started guides, error codes, authentication details, and examples.
30. In a high-traffic API like Flipkart’s, how do you optimize performance?
Implement caching (ETag, Cache-Control), pagination, compression (gzip), and stateless design for horizontal scaling.
