Interview Questions and Answers

• Because the client side does not supply a specific session id for it, RESTful web services are transient and do not keep session simulation responsibility.
• Inherently, REST is unable to enforce the security limitation. However, by putting protocols in place, it inherits them. To improve the security of the REST APIs, SSL/TLS authentication integration must be done with great care.

Sensitive information such as user id, password, or verification token should not be visible in URIs. REST APIs can be kept secure with the help of security initiatives including such authorization and authorization, API server affirmation, TLs/SSL encryption, rate-limiting for DDoS attacks, and more.

It is an HTTP protocol used to retrieve the HTTP operations or options that are supported and assist clients in selecting choices in REST APIs. CORS, or Cross-Origin Resource Sharing, employs the REST option approach.

In contrast to RPC-style web services, document-style web services allow us to send an XML document as part of a SOAP request.

The application where a document-style web service is most suitable is one where an XML message behaves like a document, the content of which is subject to change, and the purpose of the web service is independent of the contents of XML messages.

Both JAX-WS and JAX-RS are frameworks (APIs) that allow for different types of communication in Java. A library called JAX-WS can then be used to do SOAP communications in Java, whereas JAX-RS enables REST communication.

There are various web service testing tools for REST APIs.

• MVC Jersey API
• Spring REST web service
• CXF Axis 
• Restlet

• Clients: Requests are sent by numerous users using various devices.
• Identity providers: They verify the identities of users or customers and provide security tokens.
• API Gateway: Client requests are handled via API Gateway.
• Static: All of the system's material is contained in static content.
• Management: Determines failures and balances services across nodes.
• Service discovery: A tool for determining the path of communication among microservices is called service discovery.
• CDN: Network connection of proxy servers and associated data centers is called a content delivery network(CDN).
• Information: Information stored on a network of IT devices can be accessed remotely with the help of a remote service.

The following are crucial considerations while creating a resource's representation format for a RESTful web service:

• Understanding and use of the resource's representation format should be possible for both the server and the client.
• Completeness A format ought to be able to accurately depict a resource. A resource could contain another resource, for instance. Format ought to be able to depict both straightforward and intricate resource structures.
• Linkability is a format that needs to be able to handle situations where one resource links to another.

A RESTful web service should not maintain a client state on the server in accordance with REST design. Statelessness is the term for this limitation. The client must transmit its context to the server, which can then store it and use it to perform the client's subsequent requests. For instance, the session identifier given by the client can be used to identify a server-maintained session.

• With a monolithic architecture, all the software parts of a program are put together and neatly wrapped in one large container.
• A group of services that communicate with one another is referred to as a service-oriented architecture. Simple data exchange or the coordination of an action between two or even more services are both possible forms of communication.
• Microservices Architecture is a type of architectural design that organizes an application as a group of tiny, independent services based on a business domain.

Because GraphQL hides your microservices architecture from the customers, it works perfectly with microservices. From the front end, you want all the data to come from a small API, while from the back end, you want to divide it into microservices. The best technique I'm aware of to do both is by using GraphQL. It enables you to divide the backend into microservices while still giving each application a single API and enabling joins across data from various services.