Right Answer: API documentation is a technical manual that explains how to use an API, including its endpoints, request and response formats, authentication methods, and examples. It is necessary because it helps developers understand how to integrate and interact with the API effectively, ensuring proper usage and reducing errors.
Right Answer: An API (Application Programming Interface) is a set of rules and protocols that allows different software applications to communicate with each other. It defines the methods and data formats that applications can use to request and exchange information. APIs work by sending requests from one application to another, which then processes the request and sends back a response.
Right Answer: Webhooks are user-defined HTTP callbacks that are triggered by specific events in a web application, allowing real-time data transfer. They differ from APIs in that APIs require a request to be made to receive data, while webhooks automatically send data when an event occurs without needing a request.
1. **Open APIs (Public APIs)** - Available to developers and third parties.
2. **Internal APIs (Private APIs)** - Used within an organization.
3. **Partner APIs** - Shared with specific business partners.
4. **Composite APIs** - Combine multiple endpoints into a single call.
5. **Web APIs** - Accessible over the internet using HTTP/HTTPS.
Right Answer: An API Gateway acts as a single entry point for clients to access multiple microservices, handling requests, routing them to the appropriate services, managing authentication, rate limiting, and aggregating responses.
Right Answer: REST (Representational State Transfer) is an architectural style that uses standard HTTP methods and is typically more lightweight and easier to use, while SOAP (Simple Object Access Protocol) is a protocol that relies on XML for message format and has strict standards for security and transactions. REST is generally more flexible and faster, while SOAP is more suited for enterprise-level services requiring high security and reliability.
Right Answer: Synchronous API calls wait for the response before moving on to the next task, while asynchronous API calls allow the program to continue executing other tasks while waiting for the response.
Right Answer: A web service is a standardized way of allowing different applications to communicate over the internet using protocols like HTTP. It provides a method for applications to exchange data and perform operations. An API (Application Programming Interface) is a set of rules and tools that allows different software applications to interact with each other. A web service is a type of API that specifically uses web protocols to enable this interaction.
1. **Statelessness**: Each API call must contain all the information needed to understand and process the request, with no stored context on the server.
2. **Client-Server Architecture**: The client and server are separate, allowing for independent development and scalability.
3. **Uniform Interface**: A consistent way to interact with resources, typically using standard HTTP methods (GET, POST, PUT, DELETE).
4. **Resource-Based**: APIs should expose resources (data entities) through URIs, and clients interact with these resources.
5. **Representation**: Resources can be represented in various formats (like JSON or XML), and clients can request the format they prefer.
6. **Cacheability**: Responses should indicate whether they can be cached to improve performance and reduce server load.
These principles guide the design of APIs to be scalable, efficient, and easy to use.
Right Answer: HTTP methods are standardized request types used in APIs to perform actions on resources. The main methods are:
1. **GET**: Retrieve data from a server.
2. **POST**: Send data to a server to create a new resource.
3. **PUT**: Update an existing resource on the server.
4. **DELETE**: Remove a resource from the server.
5. **PATCH**: Apply partial modifications to a resource.
These methods define the action to be performed on the specified resource in the API.
Right Answer: GET is used to retrieve data from a server, POST is used to send data to a server to create a resource, PUT is used to update an existing resource on the server, and DELETE is used to remove a resource from the server.
Right Answer: API authentication is the process of verifying the identity of a user or application trying to access an API. Common methods include:
1. **API Keys**: Unique keys provided to users to access the API.
2. **Basic Authentication**: Uses a username and password encoded in Base64.
3. **OAuth**: A token-based authentication method that allows users to grant limited access to their resources without sharing credentials.
4. **JWT (JSON Web Tokens)**: A compact, URL-safe means of representing claims to be transferred between two parties, often used for stateless authentication.
5. **HMAC (Hash-based Message Authentication Code)**: Uses a secret key to create a hash of the request, ensuring data integrity and authenticity.
Right Answer: API versioning is the practice of managing changes to an API by assigning version numbers to different iterations of the API. It is important because it allows developers to introduce new features or make changes without breaking existing client applications that rely on older versions, ensuring backward compatibility and a smoother transition for users.
Right Answer: The common status codes in HTTP responses are:
- **200**: OK
- **201**: Created
- **204**: No Content
- **400**: Bad Request
- **401**: Unauthorized
- **403**: Forbidden
- **404**: Not Found
- **500**: Internal Server Error
- **502**: Bad Gateway
- **503**: Service Unavailable
Right Answer: Rate limiting in APIs is a technique used to control the number of requests a user can make to an API within a specific time period. It is implemented by setting thresholds (e.g., requests per minute) and using mechanisms like tokens, counters, or IP address tracking to monitor and restrict access when the limit is exceeded.
Right Answer: CORS, or Cross-Origin Resource Sharing, is a security feature implemented by web browsers that allows or restricts web applications from making requests to a domain different from the one that served the web page. It affects API development by requiring developers to configure their APIs to specify which origins are allowed to access their resources, ensuring that only trusted domains can interact with the API.
Right Answer: OAuth is an open standard for access delegation commonly used for token-based authentication and authorization. It allows third-party applications to access a user's resources without sharing their credentials.
In API authentication, OAuth works by having the user authorize the application to access their data. The process involves:
1. The user is redirected to an authorization server to log in and grant permission.
2. The authorization server issues an access token to the application.
3. The application uses this access token to make API requests on behalf of the user.
4. The API validates the token and grants access to the requested resources.
Right Answer: API testing is the process of verifying that an application programming interface (API) functions as expected, ensuring it meets the requirements for functionality, reliability, performance, and security. Tools that can be used for API testing include Postman, SoapUI, JMeter, RestAssured, and Swagger.
Right Answer: JSON (JavaScript Object Notation) is a lightweight data interchange format that is easy for humans to read and write, and easy for machines to parse and generate. In APIs, JSON is commonly used to format data exchanged between a client and a server, allowing for structured data representation in requests and responses.
Right Answer: An API endpoint is a specific URL or URI where an API can be accessed by a client to perform operations like retrieving or sending data. It defines the location and method (such as GET, POST) for interacting with the API.
