Skip to content
Maratib Ali Khan maratib

RESTful Web Services

πŸ”Ή REST (Representational State Transfer)

Section titled β€œπŸ”Ή REST (Representational State Transfer)”
  • REST is an architectural style for building lightweight web services.
  • REST APIs expose resources over HTTP using standard verbs (GET, POST, PUT, DELETE) and URIs.
  • REST is often used to implement SOA or microservices in modern systems.

πŸ”Ή REST Principles (Constraints)

Section titled β€œπŸ”Ή REST Principles (Constraints)”
  1. Client-Server separation
  2. Stateless requests
  3. Cacheable responses
  4. Uniform Interface (resources via URIs, verbs for actions)
  5. Layered System (intermediaries allowed)
  6. Resource-based (everything is a resource, not a method)

πŸ”Ή HTTP Methods in REST

Section titled β€œπŸ”Ή HTTP Methods in REST”
MethodUsageExample
GETRetrieve a resourceGET /users/1
POSTCreate a new resourcePOST /users
PUTUpdate/replace a resourcePUT /users/1
PATCHPartially update a resourcePATCH /users/1
DELETERemove a resourceDELETE /users/1
OPTIONSList available operationsOPTIONS /users
HEADSame as GET, but no bodyHEAD /users/1

πŸ”Ή Common HTTP Status Codes

Section titled β€œπŸ”Ή Common HTTP Status Codes”

βœ… Success (2xx)

  • 200 OK β†’ Success (GET/PUT/DELETE).
  • 201 Created β†’ Resource created (POST).
  • 202 Accepted β†’ Async processing.
  • 204 No Content β†’ Success, no body.

⚠️ Client Errors (4xx)

  • 400 Bad Request β†’ Invalid input.
  • 401 Unauthorized β†’ Auth required/failed.
  • 402 Payment Required β†’ Payment Required.
  • 403 Forbidden β†’ No permission.
  • 404 Not Found β†’ Resource not found.
  • 405 Method Not Allowed β†’ Wrong HTTP method.
  • 409 Conflict β†’ Duplicate or state conflict.
  • 422 Unprocessable Entity β†’ Validation error.
  • 429 Too Many Requests β†’ Rate-limited.

🚨 Server Errors (5xx)

  • 500 Internal Server Error β†’ Generic failure.
  • 502 Bad Gateway β†’ Invalid upstream response.
  • 503 Service Unavailable β†’ Temporary downtime.
  • 504 Gateway Timeout β†’ Upstream timed out.

πŸ”Ή REST Best Practices

Section titled β€œπŸ”Ή REST Best Practices”
  • Use nouns, not verbs in URIs β†’ /users/1/orders instead of /getUserOrders.
  • Use plural resource names β†’ /products not /product.
  • Support pagination/filtering β†’ /products?page=2&limit=20.
  • Return structured error messages (with code, message, details).
  • Use versioning β†’ /api/v1/users.
  • Secure with HTTPS, OAuth2, JWT.

πŸ”Ή Example REST API

Section titled β€œπŸ”Ή Example REST API”
Request:
POST /users
Content-Type: application/json


{
  "name": "Alice",
  "email": "alice@example.com"
}
 
Response:
201 Created
Location: /users/101
{
  "id": 101,
  "name": "Alice",
  "email": "alice@example.com"
}

πŸ”Ή Common Interview Qs on REST

Section titled β€œπŸ”Ή Common Interview Qs on REST”

Difference between PUT and PATCH?

  • PUT replaces the entire resource, PATCH updates only specific fields.

Why is POST not idempotent?

  • Multiple POST requests can create multiple resources, unlike PUT.

How to secure REST APIs?

  • Use HTTPS, OAuth2, JWT, API keys, rate limiting.

Why do we use 201 Created instead of 200 for POST?

  • 201 explicitly tells the client a resource was created, and usually includes Location header with new resource URI.

What’s the difference between 401 and 403?

  • 401 Unauthorized = authentication missing/invalid.
  • 403 Forbidden = authentication is fine, but user lacks permission.

Why is PUT idempotent but POST is not?

  • Repeating PUT /users/1 with same data updates the same resource β†’ same result.
  • Repeating POST /users may create multiple users β†’ different result.