Web API Interview Questions and Answers

Ques 1. What is JSON Web Token (JWT) and how is it used in Web APIs?

JWT is a compact, URL-safe means of representing claims to be transferred between two parties. In Web APIs, it is often used for authentication and information exchange.

Example:

Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c

Ques 2. What is CORS, and how does it affect Web API security?

CORS (Cross-Origin Resource Sharing) is a security feature implemented by web browsers to restrict webpages from making requests to a different domain than the one that served the original webpage. Web APIs need proper CORS configuration to allow or deny cross-origin requests.

Ques 3. Explain the concept of Idempotence in the context of Web APIs.

Idempotence means that a given operation will produce the same result regardless of how many times it is executed. In Web APIs, methods like GET, PUT, and DELETE are expected to be idempotent.

Ques 4. What is the purpose of the OPTIONS HTTP method?

The OPTIONS method is used to describe the communication options for the target resource. It is often used to support CORS preflight requests and provide information about the available methods for a resource.

Example:

OPTIONS /users

Ques 5. What is the role of HTTP status codes in Web APIs?

HTTP status codes indicate the success, failure, or other status of a request. Common codes include 200 OK (success), 404 Not Found (resource not found), and 500 Internal Server Error (server error).