Understanding RESTful Services and APIs

Questions and Answers

Which HTTP method is typically used to create a new resource in a REST API?

• GET
• DELETE
• POST (correct)
• PUT

SOAP APIs are generally more flexible than REST APIs.

False (B)

What does CORS stand for in the context of Web APIs?

Cross-Origin Resource Sharing

A REST API uses __________ methods to perform CRUD operations.

HTTP

Which of the following is a key difference between ASP.NET MVC and ASP.NET Web API?

ASP.NET MVC returns views, while Web API is used primarily to return data. (A)

Name one common use case for the SOAP protocol.

Enterprise-scale systems requiring advanced security

Which code is primarily used for a successful HTTP request?

200 (D)

Match the following HTTP methods to their corresponding operations:

GET = Retrieve data POST = Create a resource PUT = Update a resource DELETE = Remove a resource

Which of the following status codes indicates a successful client request?

200 (D)

CORS allows web pages to request resources from a different domain than the one that served the web page.

True (A)

What is the primary purpose of HTTP headers?

To provide essential information about the request or response.

In APIs, the status code 404 indicates _________.

Not Found

Match the following status codes with their description:

200 = OK 401 = Unauthorized 403 = Forbidden 500 = Internal Server Error

Which HTTP method is typically used to create a new resource?

POST (A)

API Controllers are specifically designed for rendering HTML views and handling web forms.

False (B)

Name one common method of authentication used in APIs.

JWT (JSON Web Token)

A status code of 301 refers to a ________ redirect.

Moved Permanently

Which of the following is a common status code for indicating a temporary redirect?

302 (A)

Flashcards are hidden until you start studying

Study Notes

REST APIs

• REST is an architectural style for distributed systems
• REST uses HTTP methods (GET, POST, PUT, DELETE) to perform CRUD operations on resources
• Resources are typically represented in JSON or XML format

REST vs SOAP

• SOAP is an XML-based messaging protocol that is used to transfer data between distributed applications and systems
• SOAP follows a very strict structure
• REST is more popular than SOAP but SOAP is still used in many enterprise-scale systems that require advanced security and error handling features

ASP.NET MVC vs ASP.NET Web API

• ASP.NET MVC is used to create web applications that can return views as well as data
• ASP.NET Web API is used to create RESTful HTTP services which return only data and no view
• In MVC, the request is mapped to the actions name
• In Web API, the request is mapped to the actions based on HTTP verbs

HTTP Methods

• HTTP methods define the type of operation performed on a resource

###.NET RESTful Service Best Practices

• API Design:
  • Use a consistent naming convention for resources and endpoints
  • Use clear and concise documentation
• Security:
  • Implement authentication and authorization
  • Secure communication
  • Input validation
• Performance:
  • Optimize database queries
  • Implement caching
  • Monitor performance
• Documentation:
  • Provide comprehensive API documentation
  • Use a format like Swagger
• Error Handling:
  • Provide meaningful error messages
  • Implement error handling
• Testing:
  • Write unit tests for API functionality
  • Perform integration testing
• Versioning:
  • Use versioning to manage changes in the API
• Logging and Monitoring:
  • Log API requests and responses
  • Monitor API performance and errors
• Compliance:
  • Adhere to relevant compliance standards
• Scalability:
  • Design the API for scalability
  • Use a cloud platform for deployment

Status Codes

• 1xx Informational
  • Communicates transfer protocol-level information
• 2xx Success
  • Indicates that the client’s request was accepted successfully
• 3xx Redirection
  • Indicates that the client must take some additional action in order to complete their request
• 4xx Client Error
  • This category of error status codes points the finger at clients
• 5xx Server Error
  • The server takes responsibility for these error status codes
• Common Status Codes
  • 200 - OK
  • 201 - Created
  • 202 - Accepted
  • 204 - No Content
  • 301 - Moved Permanently
  • 302 - Found
  • 303 - See Other
  • 304 - Not Modified
  • 307 - Temporary Redirect
  • 400 - Bad Request
  • 401 - Unauthorized
  • 403 - Forbidden
  • 404 - Not Found
  • 405 - Method Not Allowed
  • 406 - Not Acceptable
  • 412 - Precondition Failed
  • 415 - Unsupported Media Type
  • 500 - Internal Server Error
  • 501 - Not Implemented
  • 502 - Bad Gateway

HTTP Headers

• Categories of HTTP Headers:
  • General Headers: Apply to both requests and responses but do not relate to the data in the body.
  • Request Headers: Provide additional information about the request.
  • Response Headers: Provide additional information about the response.
  • Entity Headers: Provide information about the body of the resource, such as its content length or MIME type.

CORS

• Cross-Origin Resource Sharing (CORS) is a security feature that prevents web pages from making requests to a different domain than the one that served the web page.
• CORS allows or restricts resources on a web page to be requested from another domain outside the domain from which the resource originated

Authentication and Authorization

• Authentication verifies the identity of a user or system
  • Common Authentication Methods: Basic Authentication, Token-Based Authentication (JWT), OAuth 2.0, and API Keys
• Authorization determines what an authenticated user is allowed to do
  • Common Authorization Strategies: Role-Based Access Control (RBAC), Attribute-Based Access Control (ABAC), and Access Control Lists (ACLs)

ApiController vs Controller

• ApiController class is used for building HTTP APIs
• Controller class is used for building web applications with views, following the Model-View-Controller (MVC) pattern.