REST APIs - Skill Assignment Quiz
Q1. What type of relationship is defined as one resource existing only if another parent resource exist-for example, pages in a book?
-
Partial -
dependent -
associative -
linked
Q2. Which URL pattern is recommended when working with one resource and a collection of resources?
-
/companies/{id} and /company -
/company/{id} and /companies -
/companies/{id} and /companies -
/company/{id} and /company
Q3. When dealing with JSON web Tokens (JWTs), what is a claim?
-
data in the token -
Ownership -
a permission -
and integer
Q4. Which REST constraint specifies that knowledge and understanding obtained from one component of the API should be generally applicable elsewhere in the API?
-
Uniform Interface -
Client-Server -
Stateless -
Chacheable
Q5. What would you enable to allow a browser on another site to make an AJAX request to your API?
-
HTTP -
REST -
OPTIONS -
CORS
Q6. APIs commonly use webhooks to _.
-
notify other systems of an event -
catch error faster -
improve error logging -
log additional data
Q7. What is the underlying goal of all APIs?
-
to add new technologies to an organization's infrastructure. -
to share features and functionality with other system. -
to move infrastructure to the cloud. -
to appease the latest digital transformation effort.
Q8. Which is a common command-line tool for using or exploring an API?
-
bash -
curl -
ssh -
powerShell
Q9. What is the modern specification for describing an API?
-
OpenAPI (Swagger) -
WADL -
WSDL -
OAuth
Q10. Which HTTP verb is normally used to update or create a resource in an API?
-
SUBMIT -
WRITE -
POST -
CREATE
Q11. What is one benefit of server-side caching in APIs?
-
Mobile app work better. -
It improves uptime. -
It offers better security. -
It reduce load on servers.
Q12. Your API resource does no allow deletion, and a client application attempted to delete the resource. What HTTP response code should you return?
-
409 Conflict -
400 Bad Request -
406 Not Acceptable -
405 Method Not Allowed
Q13. What is OpenID Connect?
-
an identify layer on top of OAuth 2.0 -
the new name for SAML 3.0 -
a modern replacement for API keys -
an SSO competitor for OAuth 2.0
Q14. What is one benefit of GraphQl over REST approaches?
-
flexible querying/responses -
more stable APIs -
compatible with more gateways -
more secure by default
Q15. Which REST constraint specifies that there should be no shared context?
-
Stateless -
Client-Server -
Uniform Interface -
Cacheable
Q16. What purpose does a User-Agent serve?
-
It identifies the user ID. -
It identifies the client application or SDK. -
It identifies if the API should expect a user authentication. -
It identifies if the API should accept microservice traffic.
Q17. If you were to add versioning by using the Accept and Content-Type header, what would be the correct format of the header value?
-
application/json -
application/json_version2 -
text/html -
application/vnd.myapp.v2+json
Q18. What is one benefit that OAuth provides over an API key approach?
-
A token is encrypted. -
A token is encoded. -
A token is scoped to the use case. -
A token can be shared between systems.
Q19. The ability to execute the same API request over and over again without changing the resource's state is an example of _.
-
stateless architecture -
idempotency -
a uniform interface -
cacheability
Q20. What component can you use to wrap legacy architectures or protocols into a REST interface for easier consumption and integration?
-
API proxy -
API gateway -
OpenAPI -
OAuth authorization server
Q21. What protection does a JSON Web Token (JWT) offer to mitigate tampering with its contents?
-
API proxy -
API gateway -
OpenAPI -
OAuth authorization server
Q22. What OAuth term is used to represent permissions?
-
token -
scope -
claim -
back channel
Q23. What should you add to a Cache-Control response header to specify that a response should not be stored in an intermediary cache?
-
no-proxy -
client-only -
restricted -
private
Q24. Which OAuth grant type can support a refresh token?
-
Authorization Code Grant -
Client Credentials Grant -
Implicit Grant -
Authentication Grant
Q25. Using OAuth, what scope would you request for write access to the API?
-
It varies from API to API. -
admin -
write -
read-write
Q26. Which content is best to include in your documentation?
-
your tech stack -
reasoning for your naming schema -
your mission statement -
sample code
Q27. What metric tracks overall availability for your API?
-
Response Time -
Time to First Hello World -
TTL -
Uptime
Q28. What is the recommended method and URL pattern for retrieving a specific user?
-
GET /user/{id} -
GET /users/{id} -
GET /user?id={id} -
GET /users?id={id}
Q29. What is the purpose of a link relation?
-
to describe relationships between resources or actions -
to describe subresources related to the current one -
to link two resources together -
to describe a resource and its purpose
Q30. What is OAuth?
- an authorization framework for granted delegated access
- an approach to single sign-on for APIs
- a method for API authentication
- HTTP Basic Authentication 2.0
Q31. What should your API documentation describe?
- JSON
- HTTP
- common use cases
- your tech stack
Q32. What is the purpose of an OAuth refresh token?
- to share user profile information
- to update an API configuration
- to keep a web session active
- to retrieve an access token
Q33. What is Time to First Hello World?
- how long it takes for a developer to do something with your API
- how long it takes to start a new programming language
- how long it takes to install your SDK
- how long it takes to read your documentation
Q34. Which response header tells the client and intermediaries that the response is not to be cached anywhere?
- Cache-State: none
- Expires:-1
- Cache-Control: no-cache
- Cache-Control: no-store
Q35. What component hides the distinctions or boundaries between various microservices from end-client applications?
-
API gateway -
API logging -
a layered system -
API proxy
Q36. The textbook approach to api versioning is to use _.
-
common knowledge -
URLs -
no versioning -
the Accept header
Q37. Within Oauth, what component validates the user's identity?
-
client -
not specified -
authorization server -
resource server
Q38. API traffic that is entirely internal to your organization is normally called _?
-
inbound traffic -
north-south traffic -
internal traffic -
east-west traffic
Q39. When a user attempts to access a record that is not their own, which HTTP response code is the most appropriate?
-
403 -
404 -
401 -
405
Q40. Which is a benefit of using an API gateway?
-
HTTP verbs -
JSON payloads -
HTTP response codes -
rate limiting/throttling
Q41. Which HTTP verb is used in a CORS preflight request?
-
PUT -
POST -
GET -
OPTIONS
Q42. What is the concept that allows an API client to explore an API via links embedded in payloads?
-
hypermedia -
link relations -
parsing -
browsing
Q43. Which is an example of Code on Demand?
- AWS Lambda
- downloading open-source software
- Serverless
- JavaScript on a webpage
Q44. Which verb is not considered idempotent?
- DELETE
- GET
- PUT
- POST
Q45. Which REST constraint specifies that each request should stand on its own and not have a specific required order?
- Uniform Interface
- Cacheable
- Stateless
- Client-Server
Q46. When exploring record sets, what is the best approach for pagination?
- date-based filtering
- next/previous cursors
- page size and filters
- database IDs
Q47. Which HTTP response code usually means the requested work is still processing and may or may not result in an error later?
- 200 OK
- 204 No Content
- 201 Created
- 202 Accepted
Q48. Which header is not used in cache management?
- Rate-Limit
- Expires
- Etag
- Cache-Control
Q49. A client application uses a filter or a search in your API correctly but there are zero results. What is the best response code?
- 204 No Content
- 400 Bad Request
- 200 OK
- 404 Not Found
READY TO GET STARTED?
Are you ready
Let’s Make Something Amazing Together
Need help? Contact our experts
Tell us about your project
