Questions in: ADDIE

Right Answer:
API documentation is a technical manual that explains how to use an Application Programming Interface (API). It includes details on endpoints, request and response formats, authentication methods, and examples. It is necessary because it helps developers understand how to integrate and interact with the API effectively, ensuring proper usage and reducing errors.

Right Answer:
An API, or Application Programming Interface, is a set of rules and protocols that allows different software applications to communicate with each other. It defines the methods and data formats that applications can use to request and exchange information. When one application wants to use the functionality of another, it sends a request to the API, which processes the request and returns the appropriate response.

Right Answer:
Webhooks are automated messages sent from apps when something happens, allowing real-time data sharing. They differ from APIs in that APIs require a request to get data, while webhooks push data automatically when an event occurs.

Right Answer:
The different types of APIs are:

1. **Open APIs (Public APIs)** - Available to developers and third parties.
2. **Partner APIs** - Shared with specific business partners.
3. **Internal APIs (Private APIs)** - Used within an organization.
4. **Composite APIs** - Combine multiple services or data sources.
5. **Web APIs** - Accessible over the internet using HTTP/HTTPS.
6. **Library APIs** - Provided by software libraries for specific functions.

Right Answer:
An API Gateway acts as a single entry point for clients to access multiple microservices, managing requests, routing them to the appropriate service, handling authentication, load balancing, and providing features like caching and monitoring.

Right Answer:
REST APIs use standard HTTP methods and are lightweight, while SOAP APIs rely on XML and have a strict protocol with built-in error handling and security features.

Right Answer:
Synchronous API calls wait for the response before moving on to the next task, while asynchronous API calls allow the program to continue executing other tasks without waiting for the response.

Right Answer:
A web service is a standardized way for different applications to communicate over the internet using protocols like HTTP. It allows data exchange between systems. An API (Application Programming Interface) is a set of rules that defines how software components should interact. A web service is a type of API that specifically uses web protocols to enable communication between applications.

Right Answer:
RESTful principles include statelessness, client-server architecture, cacheability, uniform interface, and layered system. In API design, these principles ensure that the API is scalable, maintainable, and easy to use. Each resource is identified by a URI, and standard HTTP methods (GET, POST, PUT, DELETE) are used to perform operations on these resources.

Right Answer:
HTTP methods are standardized requests used in APIs to perform actions on resources. The main methods are:

1. **GET**: Retrieve data from a server.
2. **POST**: Send data to a server to create a new resource.
3. **PUT**: Update an existing resource on the server.
4. **DELETE**: Remove a resource from the server.
5. **PATCH**: Apply partial modifications to a resource.

These methods define the type of operation to be performed on the server.

Right Answer:
GET is used to retrieve data from a server, POST is used to send data to a server to create a resource, PUT is used to update an existing resource on the server, and DELETE is used to remove a resource from the server.

Right Answer:
API authentication is the process of verifying the identity of a user or application trying to access an API. Common methods include:

1. **API Keys**: Unique identifiers passed with requests to authenticate the user.
2. **Basic Authentication**: Uses a username and password encoded in Base64.
3. **OAuth**: A token-based authentication method that allows third-party applications to access user data without sharing passwords.
4. **JWT (JSON Web Tokens)**: A compact, URL-safe means of representing claims to be transferred between two parties, often used for authentication.
5. **HMAC (Hash-based Message Authentication Code)**: Uses a secret key to create a hash of the request data for verification.

Right Answer:
API versioning is the practice of managing changes to an API by assigning version numbers to different iterations of the API. It is important because it allows developers to introduce new features or make changes without breaking existing applications that rely on older versions, ensuring backward compatibility and a smoother transition for users.

Right Answer:
The common status codes in HTTP responses are:

- **200**: OK
- **201**: Created
- **204**: No Content
- **301**: Moved Permanently
- **302**: Found (Redirect)
- **400**: Bad Request
- **401**: Unauthorized
- **403**: Forbidden
- **404**: Not Found
- **500**: Internal Server Error
- **502**: Bad Gateway
- **503**: Service Unavailable

Right Answer:
Rate limiting in APIs is a technique used to control the number of requests a user can make to an API within a specified time period. It is implemented by setting thresholds (like requests per minute) and using mechanisms such as tokens, counters, or headers to track and enforce these limits. When a user exceeds the allowed number of requests, the API responds with an error message, typically a 429 status code, indicating that the rate limit has been exceeded.

Right Answer:
CORS, or Cross-Origin Resource Sharing, is a security feature implemented by web browsers that allows or restricts web applications from making requests to a domain different from the one that served the web page. It affects API development by requiring developers to configure their servers to specify which domains are permitted to access their resources, ensuring secure data exchange between different origins.

Right Answer:
OAuth is an open standard for access delegation commonly used for token-based authentication and authorization. It allows a user to grant a third-party application limited access to their resources on another service without sharing their credentials.

In API authentication, OAuth works by having the user authenticate with the service provider (like Google or Facebook) and then receive an access token. This token is then used by the third-party application to access the user's data on the service provider's API, ensuring that the user's credentials remain secure.

Right Answer:
API testing is the process of verifying that an application programming interface (API) meets its expected functionality, performance, and security requirements. Tools that can be used for API testing include Postman, SoapUI, JMeter, and RestAssured.

Right Answer:
JSON (JavaScript Object Notation) is a lightweight data interchange format that is easy for humans to read and write, and easy for machines to parse and generate. It is commonly used in APIs to transmit data between a server and a client in a structured way, allowing for easy data exchange and integration.

Right Answer:
An API endpoint is a specific URL where an API can be accessed by a client to request or send data. It defines the location and method (like GET, POST) for interacting with a particular resource or service in the API.