API Quick Reference: HTTP Verbs and Status Codes

Questions and Answers

Which HTTP verb is typically used to retrieve data from a server?

• POST
• PUT
• GET (correct)
• DELETE

Which HTTP verb is used to send data to the server to update a resource?

• DELETE
• GET
• PUT (correct)
• PATCH

Which HTTP verb is responsible for partially modifying a resource?

• POST
• DELETE
• PUT
• PATCH (correct)

Which HTTP method is most suitable for conducting diagnostic actions against a server?

TRACE (A)

Which HTTP method can be used to determine the HTTP methods supported by a server?

OPTIONS (C)

Which HTTP method facilitates converting the request connection to a transparent TCP/IP tunnel?

CONNECT (C)

Which HTTP method invalidates a cached resource?

PURGE (C)

Which HTTP method is used to reserve a resource for exclusive use?

LOCK (A)

Which HTTP method releases a resource that was previously locked?

UNLOCK (D)

Which HTTP method creates a new collection resource?

MKCOL (A)

Which HTTP method duplicates the identified resource to the destination URI?

COPY (B)

What does a 'Content-Type' response header specify in an HTTP response?

The MIME type of the data in the response body. (B)

What information is conveyed by the 'Content-Length' header in an HTTP response?

The length of the response body in bytes. (C)

What aspect of an HTTP response does the 'Cache-Control' header manage?

The caching behavior. (D)

What information does the 'Location' header provide in an HTTP response?

The URI of a resource for retrieving the requested resource. (A)

What information can be found in the 'Server' header of an HTTP response?

The server software's name and version. (D)

What is the purpose of the 'Access-Control-Allow-Origin' header in an HTTP response?

To indicate which origins are permitted to access the resource. (C)

What function does the 'Set-Cookie' header perform in an HTTP response?

It sets a cookie to be stored by the client. (B)

Which header specifies the date and time after which the response is considered stale?

Expires (C)

Which header specifies the date and time the resource was last modified?

Last-Modified (B)

Which architectural style is best suited for building web services, emphasizing a stateless client-server communication?

REST (D)

Which technology is described as a messaging protocol for exchanging structured data, often relying on XML?

SOAP (C)

Which of the following is a query language and runtime specifically designed for building APIs, allowing clients to request specific data?

GraphQL (C)

Which component acts as a central point for managing, protecting, and scaling APIs?

API Gateway (D)

Which architectural pattern structures an application as a suite of small, independent services, modeled around a business domain?

Microservices (A)

Flashcards

GET

Retrieve data from the server.

POST

Send data to the server to create a resource.

PUT

Send data to the server to update a resource.

PATCH

Send data to the server to update a resource partially.

DELETE

Delete a resource from the server.

TRACE

Returns the full HTTP request received by the server for debugging and diagnostic purposes.

OPTIONS

Returns the HTTP methods supported by the server for the request URL.

CONNECT

Converts the request connection to a transparent TCP/IP tunnel for secure communication.

PURGE

Invalidates a cached resource.

LOCK

Locks the resource for exclusive use by the client.

UNLOCK

Unlock the resource previously locked by the client.

MKCOL

Creates a new collection resource.

COPY

Copies the resource identified by the Request-URI to the destination URI.

1xx

Informational responses

2xx

Successful responses

3xx

Redirection messages

4xx

Client error responses

5xx

Server error responses

Content-Type

Specifies the MIME type of the data in the response body

Content-Length

Specifies the length of the response body in bytes.

Cache-Control

Specifies the caching behavior of the response.

Location

Specifies the URI of a resource that can be used to retrieve the requested resource.

Server

Specifies the name and version of the server software that generated the response.

Access-Control-Allow-Origin

Specifies which origins are allowed to access the resource.

Set-Cookie

Specifies a cookie that should be stored by the client and sent back to the server with future requests.

Study Notes

• Quick reference guide for API's.

HTTP Verbs

• GET: Used to retrieve data from the server.
• POST: Used to send data to the server to create a resource.
• PUT: Used to send data to the server to update a resource.
• PATCH: Used to send data to the server to partially update a resource.
• DELETE: Used to delete a resource from the server.
• TRACE: Returns the full HTTP request received by the server, useful for debugging and diagnostic purposes.
• OPTIONS: Returns the HTTP methods supported by the server for a particular request URL.
• CONNECT: Converts the request connection to a transparent TCP/IP tunnel for secure communication.
• PURGE: Invalidates a cached resource.
• LOCK: Locks a resource for exclusive use by a client.
• UNLOCK: Unlocks a resource previously locked by a client.
• MKCOL: Creates a new collection resource.
• COPY: Copies a resource identified by the Request-URI to a specified destination URI.

HTTP Status Codes

• 1xx: Informational responses.
• 2xx: Success.
• 3xx: Redirection.
• 4xx: Client errors.
• 5xx: Server errors.

Response Headers

• Content-Type: Specifies the MIME type of the data in the response body.
• Content-Length: Specifies the length of the response body in bytes.
• Cache-Control: Specifies the caching behavior of the response.
• Location: Specifies the URI of a resource that can be used to retrieve the requested resource.
• Server: Specifies the name and version of the server software generating the response.
• Access-Control-Allow-Origin: Specifies which origins are allowed to access the resource.
• Set-Cookie: Specifies a cookie that should be stored by the client and sent back to the server in future requests.
• Expires: Specifies the date and time after which the response is considered stale.
• Last-Modified: Specifies the date and time the resource was last modified.

API Design

• REST (Representational State Transfer): A design pattern for building web services.
• SOAP (Simple Object Access Protocol): A messaging protocol designed for exchanging structured data.
• GraphQL: A query language and runtime for building APIs.
• API Gateway: A service that manages, protects, and scales APIs.

API Architectures

• SOA (Service-Oriented Architecture): An architectural style for building distributed systems.
• Microservices: An architectural style for building complex applications as a suite of small, independent services.
• Serverless: A cloud computing execution model where the cloud provider manages infrastructure and auto-allocates resources.
• Event-Driven: An architectural style where the flow of data between components is triggered by events.
• RESTful API: An architectural style that uses HTTP requests such as GET, POST, PUT, and DELETE for data manipulation.

API Design Patterns

• Adapter Pattern: Converts the interface of a class into another interface that clients expect.
• Decorator Pattern: Adds behavior to an individual object dynamically.
• Proxy Pattern: Provides a surrogate or placeholder for another object to control access to it.
• Chain of Responsibility Pattern: Delegates commands to a chain of processing objects.
• Observer Pattern: Defines a one-to-many dependency between objects so that when one object changes state, all its dependents are notified and updated automatically.

API Security

• OAuth: An open standard for authorization used for protecting APIs.
• JWT (JSON Web Tokens): A standard for securely transmitting information between parties as a JSON object.
• SSL/TLS (Secure Sockets Layer/Transport Layer Security): Establishes a secure connection between a client and a server.
• API Key: A secret token that limits the number of requests to an API over a specific period.
• OpenID Connect: An authentication layer built on top of OAuth to allow user authentication across multiple domains.
• CORS (Cross-Origin Resource Sharing): Enables resources from different domains to be requested on a web page.

API Testing

• Postman: A tool used for testing and debugging APIs.
• SoapUI: A tool for testing SOAP and REST web services.
• Swagger: A tool for designing, building, and testing APIs.
• JMeter: A tool for testing the performance of APIs.
• TestRail: A test management tool for planning, executing, and tracking API tests.
• Dredd: A command-line tool for testing API documentation against its backend implementation.
• REST Assured: A Java-based library for testing RESTful APIs.
• Karate DSL: A testing framework for API testing using Gherkin syntax.
• HTTPMaster: A tool for testing and debugging APIs.
• Assertible: A tool for testing and monitoring APIs with automated tests.

API Development

• Node.js: A JavaScript runtime for building server-side applications.
• Express: A framework for building web applications and APIs with Node.js.
• Django: A Python web framework for building web applications and APIs.
• Flask: A lightweight Python web framework for building web applications and APIs.
• Spring: A Java framework for building enterprise-level web applications and APIs.
• Swagger Editor: A tool for designing and documenting APIs using the OpenAPI Specification.
• Postman: A tool for testing and debugging APIs.
• Insomnia: A tool for designing, testing, and debugging APIs.
• Paw: A tool for designing and testing APIs on macOS.
• API Blueprint: A high-level API description language for building RESTful APIs.

API Implementation Platforms

• Firebase: A mobile and web application development platform.
• Backendless: A mobile and web application development platform allowing development and deployment without backend coding.
• Parse Server: An open-source version of the Parse backend to be deployed on any infrastructure.
• Amazon API Gateway: A fully managed service for developers to create, publish, maintain, monitor, and secure APIs.
• Microsoft Azure API Management: A managed service enabling users to publish, secure, transform, maintain, and monitor APIs.

API Performance

• Caching: A technique for improving API performance by storing responses in a cache.
• Throttling: A technique to limit the rate of requests to prevent overload.
• Load Balancing: Distributes traffic evenly across multiple servers to improve API performance.
• CDN (Content Delivery Network): Delivers content to users based on geographic location to improve API performance.
• Edge Computing: Computing paradigm that brings computation and data storage closer to the location where it's needed to reduce latency and improve API performance.

API Monitoring

• Pingdom: A tool for monitoring the uptime and performance of APIs.
• New Relic: Monitors the performance of APIs and web applications.
• Datadog: A monitoring and analytics platform for cloud-scale applications and APIs.
• Sumo Logic: A cloud-based log management and analytics platform.
• Loggly: A cloud-based log management platform for monitoring APIs and other applications.

API Standards

• JSON API: A specification for building APIs.
• HAL (Hypertext Application Language): A standard for building hypermedia-driven APIs.
• JSON-LD: A format for representing linked data on the web.
• OData (Open Data Protocol): A standard for building and consuming RESTful APIs.
• AsyncAPI: A specification for building event-driven APIs.

API Standard Organizations

• W3C (World Wide Web Consortium): An international community that develops web standards.
• IETF (Internet Engineering Task Force): Develops and promotes Internet standards.
• OASIS: Organization for the advancement of structured information standards.
• RESTful API Modeling Language (RAML): Describes RESTful APIs developed by Mulesoft.
• JSON API: A specification for building APIs that use JSON as the data format.

API Infrastructure

• Kubernetes: An open-source platform for managing containerized workloads and services.
• OpenShift: A container application platform that builds on top of Kubernetes.
• Docker Swarm: A native clustering and orchestration solution for Docker.
• Consul: A service mesh solution that provides service discovery, configuration, and segmentation capabilities.
• Istio: A service mesh solution that provides traffic management, security, and observability capabilities.

API Governance

• API Management: The process of creating, publishing, and monitoring APIs in a secure and scalable manner.
• API Monetization: Generates revenue from APIs by charging developers for use.
• API Versioning: Manages changes to APIs.

API Analytics

• API Analytics: Collects and analyzes on API usage and performance.
• API Gateway: Manages, protects, and scales APIs.

API Documentation

• OpenAPI: Specifies for building APIs in YAML or JSON format.
• API Blueprint: Describes RESTful APIs.
• RAML: Lists the language for describing RESTFul APIs
• Swagger UI: Visualizes and interacts APIs that have been described using the OpenAPI specification.
• Slate: Generates responsive API documentation.

API Deployment

• Heroku: A cloud platform for deploying and scaling web applications and APIs.
• AWS Elastic Beanstalk: A service for deploying and scaling web applications and APIs on AWS.
• Azure App Services: Deploys and scales web applications and APIs on Azure.
• Google App Engine: Deploys and scales web applications and APIs on GCP.
• Docker: Containerization platform used for package and deploying applications.
• AWS Lambda: Serverless compute service for running code in response to events.
• Azure Functions: Serverless compute services for running code in response to events.
• Google Cloud Functions: Serverless Compute Service for running code in response to events.
• Netlify: A cloud platform for deploying and managing static websites and APIs.
• Vercel: A cloud platform for deploying and managing static websites and APIs.

API Security

• OAuth: An open standard for authorization with social media platforms and APIs.
• OpenID connect: Authentication layer built on Oauth that authenticates across multiple domains.
• JSON Web Tokens (JWT): Method for representing claims securely between parts.
• Cross-Origin Resource Sharing (CORS): Allows resources that fonts and java to be requested from another domain outside of its origination.

API Keys

• API Keys: Identifies an API client to the server and allows the client to access resources.

API Best Practices

• Versioning: Manages changes to APIs over time.
• Pagination: Breaks up large API responses into smaller, manageable chunks.
• Caching: Technique for improving API performance.
• Error Handling: Returns to meaningful error messages top API clients.
• HATEOAS: (Hypermedia as the Engine of Application State) Offers RESTful APIs that requires the API to provide links to related resources.

API Guides and Tools

• REST API Tutorial by Guru99
• A Beginner's Guide to HTTP and REST by Linode
• REST API Design: Resource Modeling by Oracle
• API Security Best Practices by Google Cloud
• API Governance Handbook by WS02
• API Studio: A web-based IDE design tool.
• Stoplight: A design, document and testing tool.
• Apigee: Lifecycle API management platform.
• Postman Learning Center: hub for designing developing and testing APIs.
• Azure API Management: used to publish and monitor APIs.