REST and GraphQL Concepts Quiz

Questions and Answers

Which of these is NOT considered a REST Resource?

• A user's email address (correct)
• Order information on Amazon
• A video from Youtube
• A product description from a company's website

What is the primary purpose of a Uniform Resource Identifier (URI) in REST?

• To establish a secure connection between the client and server
• To identify the specific server where a resource is located
• To uniquely identify and locate a resource (correct)
• To authenticate the user accessing the resource
• To encrypt data transmitted between the client and server

How does a client specify the desired representation of a resource using a URI?

• By using a dedicated API endpoint for each representation format.
• By using specific parameters within the URI. (correct)
• By sending a separate request header with the desired format.
• By including the desired format in the request body.

What does a server respond with after receiving a client request for a specific resource representation?

A representation of the requested resource (if access is granted). (B)

What is the purpose of the 'scheme' component in a URI?

Indicates the protocol used to access the resource (B)

What does REST stand for ?

Representational State Transfer (A)

Which of the following is NOT a characteristic of REST resources?

Resources are immutable and cannot be changed (D)

What is the primary purpose of using a query string in a URI?

To provide additional parameters to filter or refine the requested resource representation (B)

What is the purpose of the '?query' parameter in a URL?

To identify a specific resource on the server. (B)

What determines the format of a resource representation?

The resource's content-type. (D)

How does a browser know how to interpret a resource representation?

The browser relies on the resource's content-type. (A)

What does the 'action' refer to in the context of a resource representation?

The way the representation is processed by the client. (C)

How can a client access different representations of the same resource?

By accepting different content-types in the request headers. (C)

What type of data can be returned from a GraphQL server?

JSON (A), XML (B), CSV (C)

Which of these statements describes GraphQL's approach to data structure?

Clients can define the data structure and receive exactly the same structure from the server. (D)

What is the difference between a GET request and a PUT request in a RESTful system?

GET requests are used to retrieve resources, while PUT requests are used to update existing resources. (B)

What is the purpose of a GraphQL Mutation?

To update or create data on the server. (C)

Which method is used to delete a resource in a RESTful system?

DELETE (C)

What is the main difference between GraphQL's discoverability and REST's discoverability?

GraphQL's discoverability is based on the schema, while REST's discoverability is based on hypermedia controls. (C)

What is the main performance benefit of GraphQL over REST?

GraphQL avoids unnecessary data transfer by allowing clients to request only the data they need. (C)

What is the purpose of HTTP status codes in a RESTful service?

To provide information about the success or failure of a request. (B)

How would you describe the relationship between a GraphQL schema and stored data?

The schema defines the structure of data that can be requested, but not necessarily how the data is stored. (A)

What are the four main actions that can interact with resources in a RESTful system?

Create, Retrieve, Update, Delete (CRUD) (B)

What is the primary purpose of GraphQL's query language?

To specify the data that clients want to retrieve from the server. (C)

What is the purpose of Custom Token Authentication in securing RESTful services?

It uses a unique token generated by the server for each registered API user. (A)

What is the main advantage of using GraphQL over a RESTful API?

GraphQL allows clients to request only the data they need, reducing data transfer and improving performance. (B)

In a RESTful system, what is generally true about the URI of a resource when it is created using the POST method?

The server automatically generates the URI for the new resource. (C)

Which statement best describes Oauth as a method for securing RESTful services?

Oauth relies on a third-party service for user authentication and authorization. (B)

Which of the following is NOT a standard action under HTTP?

PATCH (D)

Which HTTP status code category indicates a client-side error?

4XX (A)

What does the term "CRUD" refer to in the context of RESTful systems?

Create, Retrieve, Update, Delete (D)

What is a key advantage of RESTful systems over other web applications?

RESTful systems use a standardized approach for naming and implementing resources. (B)

What does the URI "https://api.github.com/users/octocat" represent in the example of the Github API?

The URI for accessing information about the user "octocat" on GitHub. (D)

What is the purpose of the access_token parameter in the Instagram API URI "http://api.instagram.com/v1/locations/search?access_token=ACCESS_TOKEN&lat=40.7127&lng=74.0059"?

To authenticate the user making the request. (A)

Which statement is TRUE about the PUT method in a RESTful system?

PUT requests are idempotent, which means multiple identical requests have the same effect as a single request. (B)

What is a key disadvantage of HTTP Basic Authentication in RESTful services?

It is vulnerable to security risks due to transmitting usernames and passwords in plain text. (D)

Which of the following statements is NOT TRUE about using a GET request in a RESTful system?

GET requests can be used to update specific parts of a resource while leaving other parts unchanged. (A)

Which of the following is NOT a property of a REST system?

Data persistence (C)

What is the primary purpose of a REST system, as described in the text?

To establish an architectural style for building web applications (D)

What is the significance of the statement 'REST is not a technology or framework'?

It suggests that REST is a generic concept rather than a specific implementation. (A)

How does a web server demonstrate the principles of REST?

By providing a unique address for each resource and delivering its current state (C)

What is the difference between REST and SOAP?

REST is a highly constrained architecture, unlike SOAP. (B)

What is the primary disadvantage of HTTP Basic Authentication when used without HTTPS?

It is not considered secure as it can easily be deciphered. (C)

What is the primary purpose of OAuth 2.0 for RESTful services?

To enable third-party access to user data with user consent, without requiring username and password exchange. (B)

What is the main difference between HTTP Basic Authentication and OAuth 2.0 in terms of user information sharing?

HTTP Basic Authentication requires users to provide credentials to third parties, while OAuth 2.0 does not. (D)

Which scenario exemplifies a suitable use case for OAuth 2.0?

A social media platform allowing a game to post messages on behalf of its users. (D)

What is the primary role of the authorization token in OAuth 2.0?

To enable access to the web service without requiring user login credentials. (C)

What is the output of the convertCtoF() method in the Java REST example provided?

The Fahrenheit equivalent of 36.8 degrees Celsius, formatted as a string. (C)

What is the purpose of the @Path annotation in the Java REST example code?

To specify the URL path where the REST service will be exposed. (D)

What is the difference between the convertCtoF() and convertCtoFfromInput() methods in the REST example?

The convertCtoFfromInput() method takes a Celsius value as input, while convertCtoF() uses a hardcoded value. (B)

What is the purpose of the @Produces annotation in the Java REST example?

To specify the data format (XML or JSON) of the response. (C)

What is the main difference between the convertCtoF() and convertFtoC() methods in the REST example?

The convertCtoF() method converts Celsius to Fahrenheit, while convertFtoC() converts Fahrenheit to Celsius. (B)

What is the key difference between REST and GraphQL in terms of data retrieval?

REST uses predefined endpoints, while GraphQL allows flexible data requests. (A)

What is the main reason for using the JSONObject class in the convertFtoC() method in the REST example?

To create a JSON object for the response containing the converted temperatures. (B)

In the Java REST example code, what is the role of Response.status(200).entity(result).build()?

To create a response object with the converted temperature value and a status code. (A)

What does @PathParam("c") Double c in the convertCtoFfromInput() method represent?

A parameter that receives the Celsius value from the URL path for conversion. (B)

Flashcards

REST

Representational State Transfer; an architectural style for designing networked applications.

Client-Server Architecture

A structure where client requests resources from a server, which then responds to those requests.

Stateless System

A property where each request is independent; no client session data stored on the server.

Caching System

A mechanism to store copies of resources to improve speed and performance of web applications.

Uniformly Accessible

Each resource in a REST system has a unique address (URI) for easy access and identification.

Static vs Dynamic Pages

Static pages remain fixed, while dynamic pages change frequently.

REST Abstractions

The three main abstractions of REST are Resources, Representations, and Actions.

Definition of Resource

A resource is anything a service can provide, including states and functions.

Unique Address of Resource

A resource must have a unique address, known as a URI, to be accessible.

URI Stability

URIs are intended to remain unchanged to maintain link integrity.

Negotiating Resource Representation

The client uses parameters in the URI to specify the desired representation of a resource.

Structure of URI

A URI consists of scheme, userinfo, host, port, path, query, and fragment.

URI Example

An example of a URI is https://[email protected]:123/forum/questions/?

Resource Representations

Items transferred between clients and servers to represent resources.

Content-Type

The format of a representation that indicates how to interpret it.

HTTP Communication

The protocol used for transferring representations between clients and servers.

URI

Uniform Resource Identifier; the address used to access resources in REST.

Representation Formats

Different formats like text, image, video, or JSON for resource representations.

GraphQL

A query language for APIs, developed by Facebook in 2012 and released publicly in 2015.

GraphQL Schema

Defines types and fields, allowing clients to inspect available data.

GraphQL Types

Used to model data in GraphQL; each type has defined fields.

GraphQL Query

A request to fetch specific data from the server.

GraphQL Mutation

Used to create or update data on the server.

GraphQL JSON Output

Result format of a GraphQL query, typically in JSON.

Over-fetching in GraphQL

The problem where too much data is retrieved typically solved by requesting specific fields.

GraphQL vs REST

GraphQL allows introspective querying, while REST relies on predefined endpoints and caching.

720p video

A video resolution of 1280x720 pixels, commonly seen in HD formats.

HTTP Actions

Standard methods used in HTTP: GET, POST, PUT, DELETE.

CRUD Actions

Create, Retrieve, Update, Delete - four main operations in REST.

GET Method

HTTP method used to retrieve resources without modifying them.

POST Method

HTTP method used to create new resources; URI is often unknown at creation.

PUT Method

HTTP method used to update existing resources with new values.

DELETE Method

HTTP method used to remove existing resources from the server.

Muh HTTP Status Codes

Codes indicating the result of an HTTP request (1XX, 2XX, 3XX, 4XX, 5XX).

API Resources

Resources represented often as JSON, identifiable by URIs in API requests.

Custom Token Authentication

Method where a unique token is sent by a registered user with each request.

HTTP Basic Authentication

A method where username and password are sent as cleartext in HTTP headers.

OAuth

A protocol for allowing third party services to access user data without sharing credentials.

JSON Representation

Data format often used for API responses; lightweight and easy to read.

Resource URI

Unique address for accessing a specific resource within an API.

Data Action Mapping

Mapping of actions: CREATE (POST), RETRIEVE (GET), UPDATE (PUT), DELETE (DELETE).

HTTP Error Code 401

Indicates unauthorized access; client must handle it.

Advantages of HTTP Basic Auth

Client can manage authorization requests; secure with HTTPS.

Disadvantages of HTTP Basic Auth

Insecure over HTTP; Base64 encoding is easily decoded.

OAuth 2.0

Preferred authorization scheme for RESTful services; open-source protocol.

Third Party Access in OAuth 2.0

Allows third-party apps to access user's data with consent, without sharing login details.

Authorization Token

A unique token given to third-party to access user data securely.

OAuth 2.0 Process

Sequence of steps that a user follows to grant access to a third party without sharing credentials.

User Experience in OAuth 2.0

Users don’t provide login details directly to third-party services.

Examples of OAuth in Games

Games use OAuth to post on user’s social media, accessing friend lists.

Java REST Example Structure

Java class structure for REST services using annotations and produces methods.

convertCtoF Method

Converts Celsius to Fahrenheit in Java RESTful service.

convertFtoC Method

Converts Fahrenheit to Celsius in Java RESTful service response with JSON.

Secure HTTP Methods

Use HTTPS instead of HTTP to secure data transmission.

Study Notes

REST Introduction

• REST stands for REpresentational State Transfer
• Proposed by Roy Fielding in his PhD thesis in 2000
• Considered an Architectural Style, not a technology or framework
• Defined by principles and constraints; in contrast to SOAP, which is more constrained

REST Properties

• Implements client-server architecture
• Stateless system: each request treated independently, no session storage
• Supports caching mechanism
• Uniformly accessible: each resource has a unique address and access point

REST Architecture

• Web server acts as a REST system when a browser enters a URL
• Browser receives a representation of the resource's current state (can be static or dynamic -like news sites, blogs)
• Example: A webpage is a representation of its current state.

REST Abstractions

• Consists of three main abstractions: Resources, Representations, and Actions

REST Resources

• Anything accessible and transferable between client and server
• Includes states and functions
• Examples include reviews from Metacritic, images from Imgur, videos from YouTube, and order information from Amazon
• Each resource must have a unique Uniform Resource Identifier (URI) within HTTP.

URI

• URIs are not meant to change over time.
• They're the only way to locate a resource, and if the URI changes, links to the resource do as well.
• URIs are used to negotiate the specific data representation the client desires.
• Clients define what specific data they want in the URI using parameters.
• Servers respond with the requested resource representation containing the needed data.

URI Structure

• URI format: scheme[userinfo@]host[:port]path[?query][#fragment]
• Example: https://[email protected]:123/forum/questions/?tag=networking&order=newest#top
• The ?query portion allows the client to specify parameters for which data the client wants.

Representations

• Items transferred between client and server
• Resources are not sent, only their representations
• Format determined by content-type (e.g., HTML, XML, JSON)
• How a representation interacts depends on the action on the resource.

REST Representations (Details)

• REST uses HTTP for communication between clients and servers
• Browser understands data transfer due to the TCP/IP protocol and the HTTP response header's Content-Type
• A representation can be in text, image, video, or JSON format, consistently using the same URI.

REST Representations (Examples)

• Data transfer as JSON instead of plain text (readability isn't essential)
• Video resolution relevant to the platform (720p for a mobile device)

Actions

• Used to operate on resources
• Examples include reviews for films, posting images, watching videos, deleting files

HTTP Actions

• Standard HTTP actions: GET, POST, PUT, DELETE

Data Actions and HTTP Equivalents

• CREATE equivalent to POST
• RETRIEVE equivalent to GET
• UPDATE equivalent to PUT
• DELETE equivalent to DELETE

HTTP as Uniform Interface

• Resource names are important in RESTful systems
• Four specific actions available for interacting with resources: Create, Retrieve, Update, and Delete (CRUD)
• This contrasts with other web applications, which lack standardized naming and implementation standards

Example 1: Instagram API

• Service URL: https://api.instagram.com/
• Resources represented as JSON files
• User URI: https://api.instagram.com/v1/users/{user-id}
• Search URI: https://api.instagram.com/v1/users/search
• Location URI: https://api.instagram.com/v1/locations/{location-id}
• Example query: http://api.instagram.com/v1/locations/search?accesstoken=ACCESS_TOKEN&lat=40.7127&lng=74.0059

Example 2: GitHub API

• Service URL: https://api.github.com/
• Resources represented as JSON files
• User URI: https://api.github.com/users/{user-id}
• Organization URI: https://api.github.com/orgs/{organization-id}
• Repository URI: https://api.github.com/repos/{repository-id}
• Example query: https://api.github.com/users/octocat

GET Method

• Used for retrieving resources
• Should not modify the resource
• Can be used repeatedly without changing the resource's state
• Can return parts of a resource
• Altering the URI can act as a query operation

POST Method

• Used for creating resources
• Resource URI usually unknown at creation time
• Server usually automatically generates the new URI for the resource

PUT Method

• Updates resource using a representation as a payload
• A GET request first obtain the representation of the resource to be updated

DELETE Method

• Deletes resources
• Similar to PUT in operation
• Atomic operations. A single DELETE request determines the final state.
• Can be used to determine the URI of the resource to be deleted.

HTTP Status Codes

• REST services use HTTP status codes (e.g., 200 OK, 404 Not Found, 500 Internal Server Error) to communicate the result of requests.

Security

• RESTful services have three main security methods: custom token authentication, HTTP Basic Authentication, and OAuth.
• OAuth is preferred for accessing services on behalf of users, but other methods control access to resources directly.

Custom Token Authentication

• Server generates a unique token for registered API users
• Registered users send the token with every request
• Token can be part of the URI or added to the HTTP request header
• Can be used for additional functionality like billing based on GET requests

Advantages and Disadvantages of Custom Tokens

• Advantages: independent token generation, easy implementation, logging data exchange.
• Disadvantages: insecure token-copying reuse without authorization.

HTTP Basic Authentication

• Clients send username and password pair (encoded in Base64) in the HTTP Authorization header.
• Client may receive 401 error if no username/password is provided
• Needs to be sent with every HTTP request for validation.

HTTP Basic Advantages and Disadvantages

• Advantages: manageable server authorization requests, reasonably secure with HTTPS (SSL).
• Disadvantages: not secure without HTTPS, Base64 encoding can be deciphered.

OAuth 2.0

• Preferred authorization scheme for RESTful services
• Easy integration, open-source protocol
• Allows third-party access to user data in a web service, with user consent, without exchanging username/password.

OAuth 2.0 Example

• User logs into game via Facebook
• Game accesses user data from Facebook
• Authorization granted by Facebook for the game application.

OAuth 2.0 Process

• User initiates Authorization Request
• Authorization Grant
• Access Token
• Protected Resource Access

Java REST Example

• Demonstrates a simple example (or examples) of a Java program or code related to RESTful Web Services.

GraphQL (Successor to REST)

• Open-source data query and manipulation language and runtime
• Developed internally at Facebook, publicly released in 2015
• Clients define the data structure required
• Returns exactly the structure requested from the server
• Potentially reduces data transferred compared to REST

GraphQL Design

• Models data as types and fields
• Functions for accessing data based on types and fields
• Queries validate against the defined fields and types
• Results returned in formats like JSON, XML, etc.
• Supports mutations for updating or creating data

GraphQL Examples

• Query example: retrieving hero's name
• Mutation example: creating a review

GraphQL Example Mutation Variables

• Example demonstrating how variables are passed to a mutation

GraphQL Example Mutation Result

• Demonstrates the format of the returned data from running a GraphQL mutation

GraphQL vs. REST

• GraphQL provides reflective discoverability (inspecting schema). REST uses hypermedia.
• GraphQL simplifies client-side work by reducing data fetching. REST uses caching.

GraphQL Conclusions

• GraphQL shifts server responsibilities to the client
• Aims for returning minimal data upon request
• Can be implemented along with REST(currently by GitHub)
• The suitability of GraphQL depends on the implementation quality of the REST system.