Sunday, September 10, 2023

Top 10 RESTful Web Service Interview Questions for Java Developers

REST is an architectural style of developing web services that have become immensely popular in the last couple of years and consequently gained a lot of importance in core Java and Java EE interviews. If you are a Java web developer, then you are most likely to see a couple of questions from web services every time you go for a Java web developer interview. One of the most frequent ones is the difference between REST and SOAP web services, which I have recently answered there, but there are a lot many other good questions I have collected from friends and my readers, which I have not yet published. In this article, I am sharing those questions, mainly based on REST-style web services for your practice and preparation.

Some of them are easy to answer, and you will find them either in my blog or by doing Google, but a couple of them is exciting and challenging and required real solid experience in Java web service domain to answer. I leave it to you guys for now and will probably update this post with answers shortly.

If you don't find the answer to any REST interview question then I suggest you take a look at these two resources, REST API Design and Developmentand RESTful Web Services you will most likely find your answer there. Both are great online courses on Udemy which is also available at a throwaway price of just $10 during Udemy sales which happens every month.




10 RESTful Web Services Interview Questions Answers

Here is my list of RESTful web services questions for senior Java developers who have a couple of years of experience developing both SOAP and REST-based web services. This is actually the second part of my series of Java web services based question, in the earlier article, I have shared some SOAP web services based questions. If you have not looked already, you may want to take a look.

Question 1: What is REST?

Answer: REST is an architectural style of developing web services that take advantage of the ubiquity of HTTP protocol and leverages the HTTP method to define actions. REST stands for REpresntational State Transfer.


Question 2: What is RESTFul Web Service?
Answer: There is two popular way to develop web services, using SOAP (Simple Object Access Protocol) which is XML based way to expose web services and second REST-based web services which use the HTTP protocol. Web services developed using REST-style is also known as RESTful Web Services. You can see the REST API Design and Development course on Udemy to learn more about them.

RESTful Web Service Interview Questions for Java Developers



Question 3: What is HTTP Basic Authentication and how it works?


Question 4: Can you tell me which API can be used to develop the RESTFul web service in Java?

Answer: There are many framework and libraries out there, which helps to develop RESTful web services in Java, including JAX-RS, which is a standard way to build REST web services. Jersey is one of the popular implementations of JAX-RS, which also offers more than specification recommendations. Then you also have RESTEasy, Restlet, Jersey, and Apache CFX. If you like Scala, then you can also use the Play framework to develop RESTful web services.


Question 5: How do you configure the RESTFul web service?

Configuring a RESTful web service involves a series of crucial steps. Firstly, you need to choose a suitable programming language and framework that supports building RESTful services. 

Popular options include Java with Spring Boot, Python with Flask, or Node.js with Express. Next, you must define the API's endpoints, specifying the URI paths, HTTP methods (GET, POST, PUT, DELETE), and the data format (usually JSON or XML) for request and response payloads. 

Then, it's time to implement the business logic, where you write code to handle incoming requests, process data, and generate appropriate responses. Utilizing libraries or frameworks can simplify tasks like routing and request parsing, streamlining the configuration process.

Question 6: How you apply security in RESTFul web services?

Securing RESTful web services is of utmost importance to safeguard sensitive data and thwart unauthorized access. Several vital practices contribute to a robust security framework. Authentication serves as the initial line of defense, with mechanisms such as API keys, tokens (OAuth or JWT), or basic authentication, verifying client identities. 

Authorization, equally crucial, dictates access control policies, specifying who can access specific resources to ensure proper permissions. Employing HTTPS encryption bolsters data protection during transmission, guarding against eavesdropping and tampering. 

Additionally, rigorous input validation is essential, as it helps mitigate common security risks like SQL injection and cross-site scripting (XSS). 

Lastly, implementing rate limiting mechanisms can thwart brute force attacks and ensure fair resource utilization. These combined efforts bolster the security of RESTful web services.


Question 7: Have you used securing RESTful APIs with HTTP Basic Authentication?

Yes, I have used it HTTP Basic Authentication many times. 
TTP Basic Authentication is a widely used method to secure RESTful APIs. It involves the inclusion of a username and password in the request headers. When a client seeks access to a protected resource, it sends a request with the credentials encoded in Base64 format. 

On the server side, the RESTful service is configured to validate these credentials against stored user data. If the credentials match, the server grants access; otherwise, it returns a 401 Unauthorized status, denying entry. 

While this approach is straightforward to implement, it's essential to ensure the security of transmitted credentials and consider more robust authentication methods for production systems, such as token-based authentication for added security.


Question 8: How you maintain sessions in RESTful services? What Challenges you have faced?

Yes, I have done that. Maintaining sessions in RESTful services presents a challenge due to the stateless nature of the architecture. However, when session-like functionality is necessary, alternative approaches come into play. 

One common method involves utilizing tokens, such as JSON Web Tokens (JWT) or OAuth tokens. These tokens carry user-related data and can be included in request headers, allowing for authentication and authorization while maintaining a degree of statelessness.

For web applications interacting with RESTful services, cookies can also be employed to manage sessions. Cookies can store session IDs or tokens, facilitating user tracking and session management.

However, it's essential to note that relying on cookies may introduce some statefulness into an otherwise stateless architecture, potentially complicating scalability and system maintenance.

Therefore, careful consideration is needed when choosing the appropriate method for session management in a RESTful context.


Question 9: Have you used Jersey API to develop RESTful services in Java?

Answer: Jersey is one of the most popular frameworks and API to develop REST-based web services in Java. Since many organization uses Jersey, they check if the candidate has used it before or not. It's simple to answer, say Yes if you have really used and No if you have not.

In the case of No, you should also mention which framework you have applied for developing RESTful web services, like Jersey, Apache CFX, Play, or Restlet. And, if you want to learn Jersey for building REST APIs in Java, I suggest you take a look at the RESTFul Services in Java using Jersey by Bryan Hansen course on Pluralsight, one of the in-depth course to learn Jersey for RESTful application.





Question 10: What is WADL in RESTFul?


Question 11: What do you understand by the payload in RESTFul?

Answer: Payload means data that passed inside the request body; also, the payload is not request parameters. So only you can do payload in POST  and not in GET and DELETE method


Question 12: Can you do payload in the GET method?
Answer: No, the payload can only be passed using the POST method.




Question 13: Can you do payload in HTTP DELETE?
Answer: This is again, similar to the previous REST interview question, the answer is No. You can only pass payload using the HTTP POST method.


Question 14: How do you test RESTful web services?

You can test RESTful web service using tools like Postman and Swagger. I love Postman they provide a lot of functionalities to test RESTful web services like you can send a request to any end-points, you can see the response, you can convert them to JSON and XML and you can even inspect request and response parameters, headers, and query parameters.

If you are testing REST API then I strongly suggest learning Postman and if you need a resource this Postman Crash Course on Udemy is a great place to start with. It's also a free course and tutorial, which means you don't need to pay anything, you just need an Udemy account to enroll in the course.

free course to learn Postman tool





Question 15: How much maximum payload you could do in the POST method?

Answer: If you remember the difference between the GET and POST request, then you know that unlike GET, which passes data on URL and thus limited by maximum URL length, POST has no such limit. So, theoretically, you can pass unlimited data as payload to the POST method. Still, you need to take practical things into account, like sending a POST with a large payload will consume more bandwidth, take more time and present performance challenge to your server.


Question 16: What is the difference between SOAP and RESTFul web services?

Answer: There is much difference between these two styles of web services, e.g. SOAP takes more bandwidth because of heavyweight XML based protocol, but REST takes less bandwidth because of widespread use of JSON as message protocol and leveraging HTTP method to define action. This also means that REST is faster than SOAP-based web services.

You can derive many differences between SOAP and RESTful with the fact that it's HTTP based, like REST URLs, can be cached or bookmarked. Here are a few more differences between them :

RESTFul web services interview questions answers


Question 17: If you have to develop web services, which one you will choose SOAP OR RESTful, and why?

Answer: You can answer this question based upon your experience, but the key here is if you know the difference between them, then you can answer this question in more detail. For example, it's easy to develop RESTful web services than SOAP-based web services but later comes with some in-built security features.


Question 18: What framework you had used to develop RESTFul services?

Answer: This is a real experience-based question. If you have used Jersey to develop RESTFul web services, then answer as Jersey but expect some follow-up question on Jersey. Similarly, if you have used Apache CFX or Restlet, then respond to them accordingly.


That's all in this list of some good RESTful web service interview questions for Java developers. Though this list is meant for Java developer, you can use these questions to check any candidate's knowledge on REST-style web services independent of programming language because REST doesn't say that you need to implement web service in Java only. Since it takes advantage of the ubiquitous HTTP protocol, you can build backed with any web technology stack, like Java, .NET, Python, JavaScript or any other programming language


Other Java REST Web Service tutorials you may like
  • The difference between REST and SOAP Web Services? (answer)
  • Top 5 Courses to learn RESTFul Web Services in Java? (courses)
  • Top 10 REST Web Service Interview Questions (answer)
  • Spring HelloWorld Example using Dependency Injection (tutorial)
  • The difference between PUT vs POST in REST Web Service? (article)
  • How to create a JDBC connection pool using Spring? (tutorial)
  • Top 5 courses to learn GraphQL in 2020 (courses)
  • The difference between Idempotent and safe methods in HTTP? (answer)
  • How to convert a JSON array to a String array in Java? (tutorial)
  • 3 ways to parse JSON in Java? (example)
  • Top 5 Books to learn RESTful APIs and Web Services (books)
  • How to create a REST client using Spring framework in Java? (tutorial)
  • 7 Best Courses to learn Spring Framework (best courses)
  • 10 Free Courses to learn Spring Boot (Free Courses)
  • My Favorite Courses to learn Software Architecture (courses)
  • Top 10 Courses to learn Microservices for Java developers (courses)

P.S. - If you are looking for online training to learn how to develop RESTful Web Services in Java using the Spring framework, I suggest you joining Eugen Paraschiv's REST with Spring course. The course has various options depending upon your experience level and how much you want to learn, like beginner's class, intermediate class, and master class.

21 comments:

  1. Question 3 : What is HTTP Basic Authentication and how it works?

    The server sends back a header stating it requires authentication for a given realm. The user provides the username and password, which the browser concatenates (username + ":" + password), and base64 encodes. This encoded string is then sent using a "Authorization"-header on each request from the browser. Because the credentials are only encoded, not encrypted, this is highly insecure unless it is sent over https.

    ReplyDelete
  2. Question 10 : How you test RESTful web services?

    There several tools to create automated tests for RESTful Web Services. You can test internally or externally.
    For internal testing you can relay in unit test (JUnit or other of your choice), mocking the lower layers you need, business, cache, persistence, etc.
    For external testing you can use tools (JMeter, Grinder, etc) to perform functional and stress test. Of course you have to recreate all the enviroment to recreate the same conditions, using in-memory db, and emulated servers (Docker myself) will allow you to do it easily.
    Both kind of test can be tested by a CI server or manually

    ReplyDelete
  3. Question 10 : How you test RESTful web services?

    For testing the web services, we can use SAOP UI tool.its very help to test the both services.

    ReplyDelete
    Replies
    1. RESTClientUI tool we can use to test web services.

      Delete
    2. Chrome pluggin POSTMEN can be used to test restful web services and SOAP UI for SOAP web services

      Delete
  4. I have used Postman(Chrome Plugin) and Advance REST Client to test RESTful Web Services

    ReplyDelete
  5. One of my favorite REST Interview Questions is, "difference between idempotent and safe" methods, always like to ask.

    ReplyDelete
  6. Tell about Features of RESTful web services?

    ReplyDelete
  7. Q13. According to HTTP spec you in fact can have payload in GET calls but the payload should not have any impact on the endpoint functionality.

    ReplyDelete
  8. Answers for Q12-14 are incorrect! You cannot send payload only for TRACE request, all others allow it (althought format is not defined for GET, DELETE, OPTIONS, etc.)
    Reference: http://stackoverflow.com/questions/5905916/payloads-of-http-request-methods

    ReplyDelete
  9. Question 10 : How you test RESTful web services?
    For testing the web services, we can use SAOP UI tool.its very help to test the both services.
    For more information visit our website
    http://www.aqtsoft.com/

    ReplyDelete
  10. Question 11 : What is WADL in RESTFul?

    WADL is a XML description of a deployed RESTful web application. It contains model of the deployed resources, their structure, supported media types, HTTP methods and so on. In a sense, WADL is a similar to the WSDL (Web Service Description Language) which describes SOAP web services

    ReplyDelete
  11. Question 7 : Have you used securing RESTful APIs with HTTP Basic Authentication
    HTTP Basic Authentication is the simplest way for a HTTP User Agent to provide a username and password to the web server to enforce access control of the resources. The Basic Authentication method provides no confidentiality and the credentials are transmitted as merely Base64 encoded string. Therefore, this method of authentication is typically used over HTTPS for added security.
    The user credentials are sent using the Authorization header. The header is constructed as follows:
    • Combine username and password into a string “username:password”
    • Encode the resulting string in a Base64 variant
    • Prefix the encoded string with “Basic ” ; notice the space here
    These encoded credentials are then sent over to the server. On the server side you can then extract these credentials and use them to authenticate the user.

    ReplyDelete
  12. Few more questions : How will you publish web service? How will maintain state in Restful web service?

    ReplyDelete
    Replies
    1. Good question Satish, Can you also provide answer pls?

      Delete
  13. Can we add Difference between @Controller and @RestController

    ReplyDelete
    Replies
    1. Hello @Anonymous, sure, will add that, btw, I have already answered this question in detail in my post @RestController vs Controller in spring

      Delete
  14. Can you provide some restful examples,I mean real senario based programs.

    ReplyDelete
  15. is RESTFULL stateless or stateful. what do you mean by stateless and stateful. can any one explain it please?

    ReplyDelete

Feel free to comment, ask questions if you have any doubt.