

















































































Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
This exam evaluates understanding of HTTP protocols, REST design principles, request/response structures, authentication (OAuth, tokens), rate limiting, pagination, and API testing. Practical tasks include crafting API calls, handling errors, using curl/Postman, creating API documentation, and integrating APIs into automation pipelines and applications.
Typology: Exams
1 / 89
This page cannot be seen from the preview
Don't miss anything!


















































































Question 1. What is the primary purpose of an Application Programming Interface (API)? A) To store data permanently B) To define a contract for software components to communicate C) To render HTML pages in a browser D) To encrypt network traffic Answer: B Explanation: An API specifies how software components should interact, providing a contract for communication. Question 2. Which of the following best distinguishes a web service from a generic API? A) Web services always use SOAP, while APIs never do B) Web services are accessed over a network using standardized protocols such as HTTP/HTTPS C) APIs are only used internally within a single application D) Web services require a graphical user interface Answer: B Explanation: Web services are a subset of APIs that expose functionality over a network using protocols like HTTP. Question 3. In the client‑server model, which component initiates the request? A) Server B) Database C) Client D) Proxy Answer: C Explanation: The client sends an HTTP request to the server, which then processes it and returns a response.
Question 4. Which REST constraint emphasizes that the client should not store session state on the server? A) Layered system B) Statelessness C) Cacheability D) Uniform interface Answer: B Explanation: Statelessness requires each request to contain all information needed to understand and process it. Question 5. Which of the following is a characteristic of a cacheable response? A) The response must always contain a body B) The response includes headers like Cache-Control or Expires C) The response is always encrypted D) The response can only be used by the original client Answer: B Explanation: Cacheable responses include directives that allow intermediaries or clients to store them for reuse. Question 6. In REST, what does HATEOAS stand for? A) Hypermedia as the Engine of Application State B) HTTP Authentication Through Encrypted Access Tokens C) Hierarchical API Transaction and Execution Order System D) High Availability Through Elastic Autoscaling Answer: A
Answer: C Explanation: POST can create multiple resources when called repeatedly, so it is not idempotent. Question 10. Which method should be used to partially update a resource? A) PUT B) PATCH C) POST D) OPTIONS Answer: B Explanation: PATCH applies partial modifications without replacing the entire resource. Question 11. What does the HTTP status code 201 indicate? A) The request succeeded and a new resource was created B) The request was malformed C) The server encountered an unexpected condition D) The client must authenticate Answer: A Explanation: 201 Created signals successful creation of a resource, often with a Location header. Question 12. Which status code is returned when a client tries to access a resource that does not exist? A) 401 B) 403 C) 404
Answer: C Explanation: 404 Not Found indicates the requested URI does not map to any resource. Question 13. Which header tells the server the media type the client can understand? A) Content-Type B) Accept C : Authorization D) User-Agent Answer: B Explanation: The Accept header lists MIME types the client is willing to receive. Question 14. In a JSON representation, which data type is NOT valid? A) String B) Number C) Date D) Boolean Answer: C Explanation: JSON does not have a native date type; dates are represented as strings. Question 15. Which HTTP header is used to provide authentication credentials using a bearer token? A) Cookie
B) They can be safely retried without side effects C) They always return a 201 status code D) They are only applicable to GET requests Answer: B Explanation: Idempotent methods produce the same result when executed multiple times, allowing safe retries. Question 19. Which HTTP header is commonly used to control caching behavior? A) Content-Length B) Cache-Control C) Accept-Encoding D) Host Answer: B Explanation: Cache-Control provides directives like max-age, no-cache, etc. Question 20. When designing a RESTful API, which URI pattern best follows resource hierarchy? A) /getUser?id=123 B) /users/123 C) /users?id=123 D) /api/v1/users?userId=123 Answer: B Explanation: /users/123 directly addresses the resource with its identifier, adhering to REST principles.
Question 21. Which HTTP status code signals that the client must authenticate to gain access? A) 401 Unauthorized B) 403 Forbidden C) 404 Not Found D) 409 Conflict Answer: A Explanation: 401 indicates that authentication is required and has failed or not been provided. Question 22. Which of the following is NOT a typical use of the HEAD method? A) Retrieve only the headers of a resource B) Check if a resource has changed without downloading its body C) Delete a resource D) Validate caching metadata Answer: C Explanation: HEAD is like GET but without a response body; it does not delete resources. Question 23. In REST, what does the uniform interface constraint NOT require? A) Resource identification in requests B) Manipulation of resources through representations C) Use of a single HTTP method for all operations D) Self‑descriptive messages Answer: C Explanation: The uniform interface does not mandate a single method; it defines a set of standardized interactions.
Explanation: Location provides the client with the URI where the new resource can be accessed. Question 27. Which of the following best describes “code on demand” in REST? A) Servers must always send JavaScript to clients B) Clients can download executable code (e.g., JavaScript) to extend functionality C) All responses must be in binary format D) It is a mandatory REST constraint Answer: B Explanation: Code on demand is an optional constraint allowing servers to deliver executable code to clients. Question 28. Which of these is a common format for representing resources in RESTful APIs? A) CSV B) JSON C) PDF D) MP Answer: B Explanation: JSON is lightweight, language‑independent, and widely used for API payloads. Question 29. Which HTTP status code category indicates client‑side errors? A) 1xx B) 2xx C) 3xx D) 4xx
Answer: D Explanation: 4xx codes signal that the client sent a malformed or invalid request. Question 30. What does the Accept-Encoding request header specify? A) The character set the client can understand B) The compression algorithms the client can handle (e.g., gzip) C) The preferred language for the response D) The maximum size of the request body Answer: B Explanation: Accept-Encoding tells the server which content‑encoding (compression) formats the client supports. Question 31. Which of the following is an example of a layered system in REST? A) Direct database access from the client B) A client communicating with a caching proxy that forwards to the origin server C) All requests bypassing any intermediate components D) Using a single monolithic server for all operations Answer: B Explanation: A layered system allows intermediaries such as proxies or gateways without the client needing to know about them. Question 32. Which HTTP status code indicates that the requested resource has been moved permanently? A) 301 Moved Permanently B) 302 Found C) 307 Temporary Redirect
C) Embed the version in the URI, e.g., /v1/users D) Change the domain name for each version Answer: C Explanation: URI versioning is explicit, cache‑friendly, and widely adopted. Question 36. What does the HTTP status code 429 represent? A) Too Many Requests – the client has sent too many requests in a given amount of time B) Bad Gateway – the server received an invalid response from upstream C) Not Implemented – the server does not support the request method D) Conflict – the request could not be completed due to a conflict with the current state of the resource Answer: A Explanation: 429 is used for rate‑limiting scenarios. Question 37. Which HTTP method is commonly used to retrieve metadata about a resource without fetching the representation itself? A) GET B) HEAD C) OPTIONS D) TRACE Answer: B Explanation: HEAD returns headers identical to GET but without a response body. Question 38. Which of the following best describes a “self‑descriptive message” in REST? A) The message body contains a full HTML page
B) All necessary information to process the request is included in the message itself (method, URI, headers, etc.) C) The server logs every request for auditing D) The client must maintain session state to interpret the message Answer: B Explanation: Self‑descriptive messages allow intermediaries to understand and forward requests without additional context. Question 39. Which HTTP status code indicates that the request was successful but the server has no representation to return? A) 200 OK B) 204 No Content C) 202 Accepted D) 303 See Other Answer: B Explanation: 204 signals success without a response body. Question 40. Which of the following is an advantage of using HTTPS for API communication? A) It reduces the size of JSON payloads automatically B) It provides encryption, data integrity, and authentication of the server C) It eliminates the need for API keys D) It makes the API stateless by default Answer: B Explanation: HTTPS (TLS) secures data in transit and verifies the server’s identity.
Question 44. Which of the following best describes “rate limiting” in API security? A) Encrypting all request bodies B) Restricting the number of requests a client can make within a time window C) Requiring a CAPTCHA for every request D) Limiting the size of the response payload Answer: B Explanation: Rate limiting protects APIs from abuse by throttling request frequency. Question 45. When using cURL to send a JSON payload via POST, which option correctly sets the Content-Type header? A) -H "Accept: application/json" B) -H "Content-Type: application/json" C) -d '{"key":"value"}' D) --data-binary Answer: B Explanation: -H "Content-Type: application/json" tells the server the body format. Question 46. Which HTTP status code is appropriate when a client sends a request that is syntactically correct but semantically invalid, such as an out‑of‑range value? A) 400 Bad Request B) 422 Unprocessable Entity C) 500 Internal Server Error D) 404 Not Found Answer: B
Explanation: 422 signals that the server understands the content type and syntax but cannot process the contained instructions. Question 47. Which of the following is a common way to pass an API key in an HTTP request? A) As part of the URL path (/api/v1/key/abcdef) B) In the Authorization header using the Bearer scheme C) In the request body as plain text D) As a cookie named session_id Answer: B Explanation: API keys are often sent via the Authorization: Bearer <key> header. Question 48. Which of the following statements about the PATCH method is true? A) It replaces the entire resource representation B) It is safe and idempotent C) It applies a set of changes to a resource without sending the full representation D) It cannot be used with JSON payloads Answer: C Explanation: PATCH sends a diff or partial update, reducing bandwidth. Question 49. In REST, what does the term “resource” refer to? A) The physical server hardware B) Any identifiable piece of information that can be addressed via a URI C) Only HTML pages served over HTTP D) The programming language used to implement the API
Answer: B Explanation: PUT replaces the target resource with the request payload. Question 53. What does the 401 status code differ from 403 in terms of authentication? A) 401 means the client is not authenticated; 403 means authenticated but not authorized B) 401 indicates a server error; 403 indicates a client error C) 401 is used for missing API keys; 403 is used for malformed JSON D) There is no difference; they are interchangeable Answer: A Explanation: 401 requires authentication; 403 indicates insufficient permissions after authentication. Question 54. Which HTTP header is commonly used to indicate the language of the response body? A) Content-Type B) Accept-Language C) Content-Language D) Locale Answer: C Explanation: Content-Language specifies the language(s) of the returned representation. Question 55. Which of the following best describes “statelessness” in the context of REST? A) The server stores session identifiers for each client B) Each request contains all information needed to understand and process it
C) The client must maintain a persistent TCP connection D) The API must use only GET and POST methods Answer: B Explanation: Statelessness eliminates server‑side session state. Question 56. Which status code is appropriate when a client sends a request that is syntactically correct but the requested operation is not allowed on the resource (e.g., trying to DELETE a read‑only resource)? A) 400 Bad Request B) 405 Method Not Allowed C) 409 Conflict D) 415 Unsupported Media Type Answer: B Explanation: 405 indicates the HTTP method is not supported for the target resource. Question 57. In the context of REST, what is meant by “hypermedia”? A) Binary data transferred over HTTP B) Links and controls embedded in responses that guide client navigation C) A special type of JSON array D) The use of HTTP/2 multiplexing Answer: B Explanation: Hypermedia provides actionable links (HATEOAS) within resource representations. Question 58. Which of the following is a secure way to transmit an API key? A) As a plain query parameter in the URL