Top 20 Rest API interview questions with answer

Mayank Gupta
5 min readJul 12, 2023

Question: What is REST API?

Answer: REST (Representational State Transfer) API is an architectural style that defines a set of principles for designing networked applications. It uses the HTTP protocol to communicate between the client and the server and is widely used for building web services and APIs.

Question: What are the main principles of RESTful architecture?

Answer: The main principles of RESTful architecture are:

  • Stateless: Each request from a client to a server contains all the necessary information, and the server does not store any client state.
  • Client-Server: The client and server are separate entities that communicate over a network.
  • Uniform Interface: The API should have a uniform and consistent interface using standard HTTP methods (GET, POST, PUT, DELETE) and status codes (200, 404, 500).
  • Cacheable: Responses from the server can be cached by the client.
  • Layered System: The architecture can be composed of multiple layers, with each layer having specific responsibilities.

Question: What are the commonly used HTTP methods in RESTful API?

Answer: The commonly used HTTP methods in RESTful API are:

  • GET: Retrieves a representation of a resource.
  • POST: Creates a new resource.
  • PUT: Updates an existing resource or creates a new resource.
  • DELETE: Deletes a resource.
  • PATCH: Partially updates a resource.
  • OPTIONS: Returns the supported methods for a resource.

Question: What is the difference between PUT and POST methods in REST API?

Answer: The main difference between PUT and POST methods is their intended use:

  • PUT is used to update an existing resource or create a new resource at a specific URI. It is idempotent, meaning that multiple identical requests have the same effect as a single request.
  • POST is used to submit data to be processed by a resource. It is not idempotent, and multiple identical requests may have different effects each time.

Question: What is the difference between RESTful API and SOAP API?

Answer: The main differences between RESTful API and SOAP API are:

  • RESTful API uses lightweight protocols like HTTP, while SOAP API uses XML-based protocols.
  • RESTful API is simpler and easier to use, while SOAP API is more complex and has more features.
  • RESTful API is stateless, while SOAP API can maintain state between requests.
  • RESTful API has better performance and scalability, while SOAP API has stronger standards and security.

Question: What are the advantages of using RESTful API?

Answer: Some advantages of using RESTful API are:

  • Simplicity and ease of use.
  • Scalability and performance.
  • Support for multiple data formats like JSON and XML.
  • Flexibility to work with various platforms and devices.
  • Better caching and reduced server load.
  • Stateless nature, making it easier to test and maintain.

Question: What are the common data formats used in RESTful API?

Answer: The common data formats used in RESTful API are:

  • JSON (JavaScript Object Notation): A lightweight and human-readable format widely used for data interchange.
  • XML (eXtensible Markup Language): A markup language used for structuring data and representing complex information.

Question: What is an endpoint in RESTful API?

Answer: An endpoint in RESTful API is a specific URL that represents a resource or a collection of resources. It defines the location where clients can make requests to interact with the API.

Question: What is the purpose of HTTP status codes in REST API?

Answer: HTTP status codes provide information about the outcome of a request made by a client to a server. They indicate whether the request was successful, encountered an error, or requires further action. Some common status codes are 200 (OK), 404 (Not Found), and 500 (Internal Server Error).

Question: What is the purpose of authentication and authorization in REST API?

Answer: Authentication is the process of verifying the identity of a client, typically using credentials like username and password. Authorization, on the other hand, determines whether a client has the necessary permissions to access or perform specific actions on a resource.

Question: What is content negotiation in REST API?

Answer: Content negotiation is the process of selecting the appropriate representation of a resource based on the client’s preferences and capabilities. The client specifies its preferred media types (e.g., JSON, XML) in the request’s Accept header, and the server returns the resource in the requested format if available.

Question: How do you handle pagination in REST API?

Answer: Pagination in REST API is typically handled using query parameters, such as page and limit, to specify the desired subset of results. The server returns the requested page of data along with metadata, such as the total number of items or the number of pages available.

Question: How can you version a RESTful API?

Answer: There are various approaches to versioning a RESTful API, including:

  • URL Versioning: Adding a version number to the API endpoint (e.g., /api/v1/resource).
  • Query Parameter Versioning: Specifying the version as a query parameter (e.g., /api/resource?version=1).
  • Header Versioning: Sending the version information in a custom header (e.g., X-API-Version: 1).

Question: What is HATEOAS in RESTful API?

Answer: HATEOAS (Hypermedia as the Engine of Application State) is a principle in RESTful API design where the server includes links or hypermedia controls in the response, allowing the client to discover and navigate related resources dynamically. It enables self-descriptive APIs and reduces coupling between the client and server.

Question: How can you handle error responses in REST API?

Answer: Error responses in REST API typically include an appropriate HTTP status code and a response body containing additional error details. The response body may include error messages, error codes, or links to further resources for error resolution.

Question: What are the best practices for designing RESTful APIs?

Answer: Some best practices for designing RESTful APIs include:

  • Using descriptive and meaningful resource URIs.
  • Using HTTP methods appropriately for the intended actions.
  • Providing clear and consistent naming conventions.
  • Implementing appropriate security measures, such as authentication and authorization.
  • Properly documenting the API using standards like OpenAPI (formerly known as Swagger).
  • Handling errors and providing informative error responses.
  • Versioning the API to ensure backward compatibility.

Question: How can you test a REST API?

Answer: REST API testing can be performed using various tools and techniques, such as:

  • Manual testing using tools like Postman or cURL to send requests and verify responses.
  • Automated testing using frameworks like Selenium or REST-assured.
  • Writing unit tests and integration tests for individual endpoints.
  • Performing performance testing using tools like JMeter or Gatling.

Question: What is the role of API documentation in RESTful API development?

Answer: API documentation provides information about how to use and interact with an API. It includes details about endpoints, request/response formats, authentication methods, available resources, and any specific requirements or limitations. Well-documented APIs are easier to understand, use, and integrate into applications.

Question: What are the common security vulnerabilities in RESTful API?

Answer: Common security vulnerabilities in RESTful API include:

  • Injection attacks (e.g., SQL injection or command injection).
  • Cross-Site Scripting (XSS) attacks.
  • Cross-Site Request Forgery (CSRF) attacks.
  • Insecure direct object references.
  • Inadequate authentication and authorization mechanisms.
  • Insecure handling of sensitive data (e.g., passwords or tokens).

Question: How can you handle rate limiting in REST API?

Answer: Rate limiting is the process of restricting the number of requests a client can make to an API within a given time frame. It helps prevent abuse, protects server resources, and ensures fair usage. Rate limiting can be implemented by tracking the number of requests per client and enforcing limits using techniques like token bucket or fixed window algorithms.

For more articles consider making a follow on my account. Thanks…



Mayank Gupta

QA Automation Lead | Web Automation | Mobile Automation | API Automation l Performance | Web Security | IOT | Blockchain