REST API Design Comprehensive Quiz & Projects

30 questions on REST API Design Tutorial.

Question 1: What does it mean for an HTTP method to be defined as 'idempotent'?

A. The method always returns the exact same data regardless of request state.
B. Making multiple identical requests has the same effect on the server state as making a single request. — (correct answer)
C. The method executes in zero milliseconds without server delay.
D. The method is encrypted automatically during transmission.

Explanation: GET, PUT, and DELETE are idempotent. Calling them multiple times yields the same database state (unlike POST).

Question 2: When should a REST API return a '202 Accepted' status code instead of '201 Created'?

A. When a resource is successfully updated.
B. When request payload validation fails.
C. When the request has been received for processing, but the processing is not yet complete (asynchronous execution). — (correct answer)
D. When the user has insufficient permissions to access the API endpoint.

Explanation: 202 is used for long-running, asynchronous backend jobs where the client doesn't need to wait for completion.

Question 3: How is Content Negotiation handled in a RESTful API?

A. The client uses the Accept header to request a specific format (e.g. application/json), and the server responds accordingly. — (correct answer)
B. The client must purchase access tokens to query other formats.
C. The server negotiates price options with the user's organization.
D. The database converts column structures based on client location.

Explanation: The Accept HTTP header allows clients to request the media type they prefer, and the server responds with a Content-Type header.

Question 4: What is the standard design pattern for implementing pagination in high-performance APIs?

A. Loading all records in RAM and filtering them on the frontend.
B. Using offset-limit parameters, or cursor-based tokens (best for dynamic real-time data feeds). — (correct answer)
C. Splitting data into separate databases per page.
D. Forcing clients to execute multiple GET queries to fetch individual rows.

Explanation: Limit-offset is common, but Cursor-based pagination is preferred for large dynamic datasets to prevent record skipping.

Question 5: What is the core concept of the HATEOAS constraint in REST design?

A. Encrypting all API routes to prevent crawling.
B. Designing APIs where the client navigates resources entirely through hyperlinks dynamically returned in response payloads. — (correct answer)
C. Enforcing strict schema validation on SQL databases.
D. Restricting API usage to a single web domain.

Explanation: Hypermedia As The Engine Of Application State (HATEOAS) provides discoverability, decoupling client logic from static URLs.

Question 6: Which HTTP method is standard for creating a new resource in a REST API?

A. GET
B. POST — (correct answer)
C. PUT
D. PATCH

Explanation: POST submits data to be processed to the specified resource, typically creating a new entity.

Question 7: What is the difference between PUT and PATCH methods?

A. PUT is asynchronous, while PATCH is synchronous.
B. PUT updates a resource by replacing it entirely, while PATCH applies partial updates to specific fields. — (correct answer)
C. PATCH is deprecated and replaced by PUT.
D. PUT works only on databases, while PATCH works in memory.

Explanation: PUT expects the complete resource payload. PATCH only needs the field values being changed.

Question 8: What HTTP status code should be returned if a client requests a resource they are not authenticated to view?

A. 400 Bad Request
B. 401 Unauthorized — (correct answer)
C. 403 Forbidden
D. 404 Not Found

Explanation: 401 Unauthorized indicates authentication is required, whereas 403 Forbidden represents authenticated but lacks permissions.

Question 9: Which HTTP status code represents a successful request that created a new resource?

A. 200 OK
B. 201 Created — (correct answer)
C. 202 Accepted
D. 204 No Content

Explanation: 201 is the standard success code for resource creations (e.g. creating users/posts).

Question 10: In URL design, what is the best practice for naming collections?

A. Singular nouns (e.g. /user)
B. Plural nouns (e.g. /users) — (correct answer)
C. Verbs (e.g. /getUsers)
D. Dynamic queries (e.g. /users.php)

Explanation: REST resource URLs should represent noun collections (plural) and utilize HTTP methods to indicate actions.

Question 11: What is the security risk of using API keys passed in URL query parameters?

A. It slows down processing latency.
B. URL parameters are logged in plaintext by firewalls, browser history, and server logs, exposing the keys. — (correct answer)
C. It blocks CORS requests on Safari.
D. It prevents the API from returning JSON.

Explanation: API keys should be sent in headers (e.g., x-api-key) or Authorization payloads to avoid logging exposure.

Question 12: Which format is the most popular data-interchange format for modern REST APIs?

A. XML
B. JSON — (correct answer)
C. YAML
D. HTML

Explanation: JSON is lightweight, readable, and parses natively in JavaScript, making it standard for APIs.

Question 13: What status code should a REST API return if a client attempts to delete a resource that does not exist?

A. 200 OK
B. 404 Not Found — (correct answer)
C. 400 Bad Request
D. 500 Internal Server Error

Explanation: 404 represents Not Found, indicating the target resource was not located.

Question 14: In REST, what does the 'stateless' constraint mathematically mean?

A. The database cannot store data.
B. The server stores no client context in memory; each request must contain all the information necessary to process it. — (correct answer)
C. The client must refresh the page every minute.
D. The API routes cannot contain query strings.

Explanation: Statelessness improves server scalability, allowing any instance to handle any request.

Question 15: Which HTTP status code is standard for a successful DELETE operation that returns no response payload?

A. 200 OK
B. 204 No Content — (correct answer)
C. 201 Created
D. 410 Gone

Explanation: 204 No Content indicates the request succeeded and the server has no body to return.

Question 16: What does REST stand for?

A. Real-time Event Stream Transfer
B. Representational State Transfer — (correct answer)
C. Routing Engine System Translation
D. Remote SQL Transaction

Explanation: REST is an architectural style for hypermedia systems introduced by Roy Fielding.

Question 17: What is the standard practice for versioning REST APIs?

A. Modifying the database schema names.
B. Including version codes in the URL path (e.g. /api/v1/users) or using custom API accept headers. — (correct answer)
C. Renaming the controller file names.
D. Running multiple server configurations.

Explanation: Versioning prevents breaking changes from disrupting active client integrations.

Question 18: What HTTP status code is returned if a client submits an invalid JSON payload that fails validation rules?

A. 400 Bad Request (or 422 Unprocessable Entity) — (correct answer)
B. 404 Not Found
C. 503 Service Unavailable
D. 401 Unauthorized

Explanation: 400/422 codes indicate that client input fails syntax validation checks.

Question 19: Why is the OPTIONS HTTP method important in REST APIs?

A. It downloads static files.
B. It is used to query the communication options (CORS preflight request) available for a target URL before active requests are sent. — (correct answer)
C. It clears API caching tables.
D. It deletes session data.

Explanation: Browsers send OPTIONS checks automatically to verify CORS permissions before unsafe operations.

Question 20: Which HTTP method is designed strictly to read data without altering resource state?

A. GET — (correct answer)
B. POST
C. PUT
D. DELETE

Explanation: GET requests are safe and read-only, meaning they must not modify backend databases.

Question 21: What is the difference between safe and unsafe HTTP methods?

A. Safe methods are encrypted using HTTPS.
B. Safe methods (GET, HEAD) do not modify resources, while unsafe methods (POST, PUT, DELETE) alter state. — (correct answer)
C. Unsafe methods require API keys.
D. There is no difference.

Explanation: Safe methods can be pre-fetched or cached without risking data corruption.

Question 22: In REST API design, how do you handle resource filtering (e.g., get only active users)?

A. By creating separate endpoints like /users/active.
B. By using query string parameters (e.g. /users?status=active) on the collection URL. — (correct answer)
C. By submitting a POST request with query json.
D. By modifying the database table schemas.

Explanation: Query parameters represent filters, searches, and configurations on resource lists.

Question 23: Which HTTP header specifies the format of the response payload returned by the server?

A. Accept
B. Content-Type — (correct answer)
C. Content-Length
D. Origin

Explanation: Content-Type (e.g. application/json) tells clients how to parse and render payloads.

Question 24: What HTTP status code represents a temporary redirect?

A. 301 Moved Permanently
B. 302 Found (or 307 Temporary Redirect) — (correct answer)
C. 304 Not Modified
D. 410 Gone

Explanation: 302/307 indicate that the resource is temporarily at a different location.

Question 25: What is the benefit of returning a 304 Not Modified status code?

A. It indicates the request failed due to syntax.
B. It saves bandwidth by instructing the client to use its cached copy of the resource, since no changes occurred. — (correct answer)
C. It deletes client cookie credentials.
D. It redirects requests to backup hosts.

Explanation: 304 responses contain empty bodies, relying on browser caching vectors.

Question 26: What is an 'Endpoint' in REST APIs?

A. The database column name.
B. A specific URL where an API user can access resources using HTTP methods. — (correct answer)
C. The end of the code execution path.
D. A server port designation.

Explanation: Endpoints are routes (e.g. /users/5) exposed to network clients.

Question 27: Which HTTP status code represents a generic internal server error?

A. 400 Bad Request
B. 500 Internal Server Error — (correct answer)
C. 503 Service Unavailable
D. 404 Not Found

Explanation: 500 represents generic server failures that aren't handled by custom logic.

Question 28: What does the 'Rate Limiting' header 'X-RateLimit-Remaining' inform clients about?

A. The speed of the server CPU.
B. The number of remaining API requests the client is allowed to make within the current time window. — (correct answer)
C. The remaining database storage space.
D. The page loading latency in milliseconds.

Explanation: Rate limit headers help developers throttle client code calls, avoiding 429 locks.

Question 29: How does HTTP Basic Authentication differ from Token Authentication?

A. Basic Authentication passes credentials in every request as base64-encoded strings inside headers, while Token Auth uses a pre-negotiated cryptographical signature key. — (correct answer)
B. Token Authentication requires SSL, while Basic does not.
C. Basic is faster and safer.
D. Basic Authentication is only used for databases.

Explanation: Basic authentication requires sending passwords repeatedly, raising security exposure risk.

Question 30: Which HTTP method is designed to delete a resource?

A. DELETE — (correct answer)
B. POST
C. REMOVE
D. DROP

Explanation: DELETE requests target resources for removal from database backends.

REST API Design Comprehensive Quiz & Projects

Test your knowledge with interactive questions.

Ready to test your skills?

You are about to start a comprehensive quiz containing questions covering REST API Design Tutorial. You have 30 minutes to complete it.

Discussion (0)

Comments are reviewed before appearing.

No comments yet — be the first!

Featured

Browse All 21+ Subject Areas

Popular Topics

More Topics

Quick Links

Featured

Visual Algorithm Labs

Sorting Algorithms

Data Structures

Featured

Frontend Dev

Career Paths

Skill Tracks

Featured

The Future of Web Architecture in 2026

Categories

Community

Practice Quizzes

REST API Design Comprehensive Quiz & Projects

Ready to test your skills?

Correct!

Incorrect

Explanation

Quiz Navigator /

Current Score

Discussion (0)

Send Feedback / Bug

Feedback Submitted!