➢ REST API Interview Questions

By Abhishek Rathor

Instagram: code.abhii07 (SYNTAX ERROR)

1. What is REST?

REST (Representational State Transfer) is an architectural style for designing networked

applications. It uses HTTP methods to interact with resources.

2. What is an API?

API (Application Programming Interface) allows applications to communicate and exchange

data. REST APIs are one type of web API.

3. Difference between REST and SOAP?

REST is lightweight, uses JSON/HTTP, and stateless. SOAP is protocol-heavy, uses XML,
and has built-in security.

4. What are HTTP methods used in REST?

Common methods: GET (read), POST (create), PUT (update/replace), PATCH

(update/modify), DELETE (delete).

5. What is statelessness in REST?

Each REST API request contains all necessary information. Server does not store client
context between requests.

6. What is a resource in REST?

A resource is any data object or entity exposed via REST API. Each resource has a unique
URI.
7. What is a URI?

Uniform Resource Identifier (URI) uniquely identifies a resource. Example: /users/123.

8. Difference between PUT and PATCH?

PUT replaces the entire resource. PATCH modifies only specified fields.

9. What is the difference between POST and PUT?

POST creates a new resource and is not idempotent. PUT creates/updates a resource and is
idempotent.

10. What is idempotency?

An operation is idempotent if executing it multiple times has the same effect as executing it
once. Example: GET, PUT, DELETE.

11. What is HATEOAS?

HATEOAS (Hypermedia As The Engine Of Application State) allows REST clients to

navigate API dynamically via links provided in responses.

12. What are REST constraints?

REST constraints include client-server, stateless, cacheable, layered system, uniform

interface, code-on-demand (optional).

13. What is the difference between PUT and POST for resource creation?

POST is used for creating resources where server assigns ID. PUT is used when client knows
the resource ID.
14. What is a REST endpoint?

A REST endpoint is a URI that clients use to access a resource. Example: /users,
/products/1.

15. What is versioning in REST API?

Versioning ensures backward compatibility. Example: /v1/users vs /v2/users.

16. What is rate limiting?

Rate limiting restricts the number of API requests per time period to prevent abuse or server
overload.

17. What is API key authentication?

API key is a token passed with requests to identify and authorize the client.

18. What is JWT?

JWT (JSON Web Token) is a compact token used for authentication and data exchange
between client and server.

19. Difference between REST and GraphQL?

REST exposes multiple endpoints per resource. GraphQL exposes single endpoint allowing
clients to request exactly the data they need.

20. What is content negotiation?

Content negotiation allows server and client to agree on response format (JSON, XML,
HTML) via Accept headers.

21. What are common HTTP status codes?

 • 200 OK (success)
• 201 Created (resource created)
• 204 No Content (successful with no body)
• 400 Bad Request (client error)
• 401 Unauthorized
• 403 Forbidden
• 404 Not Found
• 500 Internal Server Error

22. Difference between 200, 201, and 204?

200 = request successful with response body

201 = resource created successfully
204 = request successful, no content returned

23. Difference between 4xx and 5xx errors?

4xx = client-side error, 5xx = server-side error

24. Difference between REST API and WebSocket?

REST is request-response, stateless. WebSocket provides bi-directional, persistent connection

for real-time data.

25. What is CORS?

Cross-Origin Resource Sharing (CORS) allows browsers to make requests to a different

domain safely.

26. Difference between SOAP and REST?

Already explained — REST is lightweight, uses HTTP and JSON; SOAP is protocol-heavy,
uses XML.

27. What is a RESTful API?

A RESTful API follows REST constraints: stateless, cacheable, layered, uniform interface,
and uses HTTP methods.

28. Difference between HTTP and HTTPS?

HTTPS encrypts data using SSL/TLS. HTTP sends data in plain text.

29. What is caching in REST API?

Caching stores response data temporarily to reduce server load and improve performance.
Controlled using headers like Cache-Control.

30. What is the difference between PUT and POST idempotency?

PUT is idempotent (repeated calls same effect). POST is non-idempotent (creates multiple
resources if repeated).

31. What is rate limiting?

Already explained — limits number of API calls per time frame to avoid overload.

32. Difference between XML and JSON?

JSON is lightweight, easy to parse, and preferred in REST. XML is verbose and requires
parsing libraries.

33. What is OpenAPI (Swagger)?

OpenAPI (Swagger) is a specification for documenting REST APIs. It allows auto-generating

docs and client SDKs.

34. What is the difference between PUT, POST, PATCH, DELETE, GET?

• GET = read
• POST = create
 • PUT = replace
• PATCH = partial update
• DELETE = remove

35. Difference between query parameters and path parameters?

Query parameters appear after ? and are optional. Path parameters are part of URI and
identify resource.

36. What is a client-server architecture in REST?

Client and server are separate. Client requests resources; server provides them. Separation
allows independent evolution.

37. What is stateless vs stateful?

Stateless = server does not store client info between requests. Stateful = server maintains
session info.

38. Difference between JSON and XML?

JSON = lightweight, readable, preferred. XML = verbose, needs parsing, supports schema.

39. What is API throttling?

Throttling limits number of requests a client can make in a time window to prevent server
overload.

40. Difference between synchronous and asynchronous API calls?

Synchronous = client waits for server response

Asynchronous = client continues execution, handles response later

41. What is response body?

Response body contains data sent back by server after API request. Usually JSON in REST
APIs.

42. What is request header?

Request headers provide metadata about the request, such as content type, authorization, and
user agent.

43. Difference between API authentication and authorization?

Authentication = verify identity of client (who you are)

Authorization = verify permissions (what you can do)

44. What is OAuth 2.0?

OAuth 2.0 is an authorization framework that allows secure access to resources without
sharing credentials.

45. Difference between JWT and OAuth?

JWT is a token format for authentication. OAuth 2.0 is a protocol for granting limited access
using tokens.

46. What is the difference between PUT and PATCH?

Already explained — PUT = full replacement, PATCH = partial update.

47. Difference between REST and gRPC?

REST = HTTP/JSON, text-based, stateless

gRPC = HTTP/2, binary, supports streaming, faster

48. What is API versioning and why is it important?

API versioning ensures backward compatibility when API changes. Example: /v1/users vs
/v2/users.

49. What is rate limiting vs throttling?

Rate limiting = max requests per time period

Throttling = slows down or blocks requests beyond limit

50. What are best practices for REST APIs?

• Use nouns in endpoints

• Use proper HTTP methods
• Stateless design
• Versioning
• Proper status codes
• Security (HTTPS, authentication)

Connect & Share:

Tag us on your success
stories:

• Instagram: @code.abhii07
• YouTube: SYNTAX ERROR