19. Creating RESTful Web Services Flashcards

1
Q

What are RESTful Web Services?

A

Web services provide access to an application’s data, typically expressed in the JSON format.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Why are RESTful Web Services useful?

A

Web services are most often used to provide rich client-side applications with data.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

How are RESTful Web Services used?

A

The combination of the URL and an HTTP method describes an operation that is handled by an action method defined by an ASP.NET Core controller.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Are there any pitfalls or limitations with RESTful Web Services?

A

There is no widespread agreement about how web services should be implemented, and care must be taken to produce just the data the client expects.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Are there any alternatives to RESTful Web Services?

A

There are a number of different approaches to providing clients with data, although RESTful web services are the most common.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What does REST stand for?

A

Representational State Transfer

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What are 5 HTTP methods and operations?

A

GET, POST, PUT, PATCH, DELETE

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What does the GET HTTP Method do?

A

This method is used to retrieve one or more data objects

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What does the POST HTTP Method do?

A

This method is used to create a new object.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What does the PUT HTTP Method do?

A

This method is used to update an existing object.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What does the PATCH HTTP Method do?

A

his method is used to update part of an existing object.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What does the DELETE HTTP Method do?

A

This method is used to delete an object.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What does a Web Service define an API through?

A

A combination of URLs and HTTP methods such as GET and POST, which are also known as the HTTP verbs. The method specifies the type of operation, while the URL specifies the data object or objects that the operation applies to.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

How do RESTful web services format the response data?

A

Most RESTful web services format the response data using the JavaScript Object Notation (JSON) format.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Name two alternatives to RESTful Web Services

A

GraphQL and gRPC

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What is GraphQL and how does it work?

A

GraphQL is most closely associated with the React JavaScript framework, but it can be used more widely. Unlike REST web services, which provide specific queries through individual combinations of a URL and an HTTP method, GraphQL provides access to all an application’s data and lets clients query for just the data they require in the format they require. GraphQL can be complex to set up—and can require more sophisticated clients—but the result is a more flexible web service that puts the developers of the client in control of the data they consume. GraphQL isn’t supported directly by ASP.NET Core, but there are .NET implementations available. See https://graphql.org for more detail.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

What is gRPC and how does it work?

A

A new alternative is gRPC, a full remote procedure call framework that focuses on speed and efficiency. At the time of writing, gRPC cannot be used in web browsers, such as by the Angular or React framework, because browsers don’t provide the fine-grained access that gRPC requires to formulate its HTTP requests.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

What is the conventional URL prefix for web services?

A

URLs start with /api, which is the conventional URL prefix for web services.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

What is over-binding?

A

When the client sets properties to object that were not supposed to be set by the client. Or if the client sets an unexpected value for a property. Also a well-known attack (grant users more access than they should have)

The Product data model class needs a ProductId property, but the model binding process doesn’t understand the significance of the property and adds any values that the client provides to the objects it creates, which causes the exception in the SaveProduct action method.
This is known as over-binding, and it can cause serious problems when a client provides values that the developer wasn’t expecting. At best, the application will behave unexpectedly, but this technique has been used to subvert application security and grant users more access than they should have.

The safest way to prevent over-binding is to create separate data model classes that are used only for receiving data through the model binding process. Where the class defines only the properties that the application wants to receive from the client when storing a new object. The model binding process will then ignore and discard values for read-only properties.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

How does the update action work?

A

The UpdateProduct action is similar to the SaveProduct action and uses model binding to receive a Product object from the request body.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

How does the delete action work?

A

The DeleteProduct action receives a primary key value from the URL and uses it to create a Product that has a value only for the ProductId property, which is required because Entity Framework Core works only with objects, but web service clients typically expect to be able to delete objects using just a key value.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

What is CORS?

A

Supporting Cross-Origin Requests

If you are supporting third-party JavaScript clients, you may need to enable support for cross-origin requests (CORS). Browsers protect users by only allowing JavaScript code to make HTTP requests within the same origin, which means to URLs that have the same scheme, host, and port as the URL used to load the JavaScript code. CORS loosens this restriction
by performing an initial HTTP request to check that the server will allow requests originating from a specific URL, helping prevent malicious code using your service without the user’s consent.

23
Q

How do asynchronous actions work?

A

It allows ASP.NET Core threads to process other requests when they would otherwise be blocked, increasing the number of HTTP requests that the application can process simultaneously.
Asynchronous actions don’t produce responses any quicker, and the benefit is only to increase the number of requests that can be processed concurrently.
Not all operations can be performed asynchronously, like update and remove.

24
Q

How does ASP.NET Core platform process requests?

A

The ASP.NET Core platform processes each request by assigning a thread from a pool. The number of requests that can be processed concurrently is limited to the size of the pool, and a thread can’t be used to process any other request while it is waiting for an action to produce a result.
Actions that depend on external resources can cause a request thread to wait for an extended period. A database server, for example, may have its own concurrency limits and may queue up queries until they can be executed. The ASP.NET Core request thread is unavailable to process any other requests until the database produces a result for the action, which then produces a response that can be sent to the HTTP client.

25
Q

What is a controller?

A

A controller allows a web service to be defined in a single class. Controllers are part of the MVC Framework, which builds on the ASP.NET Core platform and takes care of handling data in the same way that endpoints take care of processing URLs.
a controller, which allows a web service to be defined in a single class. Controllers are part of the MVC Framework, which builds on the ASP.NET Core platform and takes care of handling data in the same way that endpoints take care of processing URLs.

Controllers are classes whose methods, known as actions, can process HTTP requests. Controllers are discovered automatically when the application is started. The basic discovery process is simple: any public class whose name ends with Controller is a controller, and any public method a controller defines is an action.

26
Q

What does the base class provide? And what are the most useful properties provided by the base class?

A
Controllers are derived from the ControllerBase class, which provides access to features provided by the MVC Framework and the underlying ASP.NET Core platform.
A new instance of the controller class is created each time one of its actions is used to handle a request, which means the properties below describe only the current request.

HttpContext, ModelState, Request, Response, RouteData and User

27
Q

What does HttpContext return? (ControllerBase Property)

A

This property returns the HttpContext object for the current request.

28
Q

What does ModelState return? (ControllerBase Property)

A

This property returns details of the data validation process, as demonstrated in the “Validating Data” section later in the chapter and described in detail in Chapter 29.

29
Q

What does Request return? (ControllerBase Property)

A

This property returns the HttpRequest object for the current request.

30
Q

What does Response return? (ControllerBase Property)

A

This property returns the HttpResponse object for the current response.

31
Q

What does RouteData return? (ControllerBase Property)

A

This property returns the data extracted from the request URL by the routing middleware, as described in Chapter 13.

32
Q

What does User return? (ControllerBase Property)

A

This property returns an object that describes the user associated with the current request, as described in Chapter 38.

33
Q

Describe LINQ queries

A

LINQ queries do not include related data.

34
Q

How is the URL for the controller specified?

A

The URL for the controller is specified by the Route attribute, which is applied to the class, like this:

[Route(“api/[controller]”)]
public class ProductsController: ControllerBase {

The [controller] part of the attribute argument is used to derive the URL from the name of the controller class. The Controller part of the class name is dropped, which means that the attribute in Listing 19-7 sets the URL for the controller to /api/products.

35
Q

How are the HTTP methods and URLs supported by the action methods, determined for the controller?

A

The HTTP methods and URLs supported by the action methods are determined by the combination of attributes that are applied to the controller

36
Q

How is the HTTP method for the action specified? And example?

A

Each action is decorated with an attribute that specifies the HTTP method that it supports, like this:

[HttpGet]
public Product[] GetProducts() {

The name given to action methods doesn’t matter in controllers used for web services.

The attributes applied to actions to specify HTTP methods can also be used to build on the controller’s base URL.

[HttpGet(“{id}”)]
public Product GetProduct() {

This attribute tells the MVC framework that the GetProduct action method handles GET requests for the URL pattern api/products/{id}.

Example: The HttpGet attribute tells the MVC framework that the GetProducts action method will handle HTTP GET requests.

37
Q

What does the HttpGet attribute specify?

A

This attribute specifies that the action can be invoked only by HTTP requests that use the GET verb.

38
Q

What does the HttpPost attribute specify?

A

This attribute specifies that the action can be invoked only by HTTP requests that use the POST verb.

39
Q

What does the HttpDelete attribute specify?

A

This attribute specifies that the action can be invoked only by HTTP requests that use the DELETE verb.

40
Q

What does the HttpPut attribute specify?

A

This attribute specifies that the action can be invoked only by HTTP requests that use the PUT verb.

41
Q

What does the HttpPatch attribute specify?

A

This attribute specifies that the action can be invoked only by HTTP requests that use the PATCH verb.

42
Q

What does the HttpHead attribute specify?

A

This attribute specifies that the action can be invoked only by HTTP requests that use the HEAD verb.

43
Q

What does the AcceptVers attribute specify?

A

This attribute is used to specify multiple HTTP verbs.

44
Q

What are benefits of controller?

A

One of the main benefits provided by controllers is that the MVC Framework takes care of setting the response headers and serializing the data objects that are sent to the client. You can see this in the results defined by the action methods, like this:

[HttpGet(“{id}”)]
public Product GetProduct() {

When I used an endpoint, I had to work directly with the JSON serializer to create a string that can be written to the response and set the Content-Type header to tell the client that the response contained JSON data. The action method returns a Product object, which is processed automatically.

45
Q

What is dependency injection in controllers?

A
A new instance of the controller class is created each time one of its actions is used to handle a request. The application’s services are used to resolve any dependencies the controller declares through its constructor and any dependencies that the action method defines. This allows services that are required by all actions to be handled through the constructor while still allowing individual actions to declare their own dependencies.
The constructor declares a dependency on the DataContext service, which provides access to the application’s data. The services are resolved using the request scope, which means that a controller can request all services, without needing to understand their lifecycle.
46
Q

Explain the action method that responds to POST requests.

A

The model binding feature can also be used on the data in the request body, which allows clients to send data that is easily received by an action method.

The new action relies on two attributes. The HttpPost attribute is applied to the action method and tells the MVC Framework that the action can process POST requests. The FromBody attribute is applied to the action’s parameter, and it specifies that the value for this parameter should be obtained by parsing the request body. When the action method is invoked, the MVC Framework will create a new Product object and populate its properties with the values in the request body.

47
Q

Explain the HTTP PUT request.

A

It replaces objectcs. The UpdateProduct action is similar to the SaveProduct action and uses model binding to receive a Product object from the request body.
The command sends an HTTP PUT request whose body contains a replacement object. The action method receives the object through the model binding feature and updates the database.

48
Q

Explain the HTTP DELETE request

A

It deletes objects.
The DeleteProduct action receives a primary key value from the URL and uses it to create a Product that has a value only for the ProductId property, which is required because Entity Framework Core works only with objects, but web service clients typically expect to be able to delete objects using just a key value.
The DeleteProduct action receives a primary key value from the URL and uses it to create a Product that has a value only for the ProductId property, which is required because Entity Framework Core works only with objects, but web service clients typically expect to be able to delete objects using just a key value.

49
Q

What are action result methods?

A
Action methods can direct the MVC Framework to send a specific response by returning an object that implements the IActionResult interface, which is known as an action result. This allows the action method to specify the type of response that is required without having to produce it directly using the HttpResponse object.
The ControllerBase class provides a set of methods that are used to create action result objects, which can be returned from action methods.
ok
NoContent
BadRequest
File
NotFound
StatusCode 
osv.
50
Q

What is a redirect method?

A

Method that directs the client to another URL.
You can redirect to another action method using the RedirectToAction method (for temporary redirections) or the RedirectToActionPermanent method (for permanent redirections).

51
Q

What is Validating data? Explain attributes.

A

When you accept data from clients, you must assume that a lot of the data will be invalid and be prepared to filter out values that the application can’t use.
The Required attribute denotes properties for which the client must provide a value and can be applied to properties that are assigned null when there is no value in the request. The Range attribute requires a value between upper and lower limits and is used for primitive types that will default to zero when there is no value in the request.
The ModelState property is inherited from the ControllerBase class, and the IsValid property returns true if the model binding process has produced data that meets the validation criteria. If the data received from the client is valid, then the action result from the Ok method is returned. If the data sent by the client fails the validation check, then the IsValid property will be false, and the action result from the BadRequest method is used instead. The BadRequest method accepts the object returned by the ModelState property, which is used to describe the validation errors to the client.

52
Q

Explain the API controller attribute.

A

The ApiController attribute can be applied to web service controller classes to change the behavior of the model binding and validation features. The use of the FromBody attribute to select data from the request body and explicitly checking the ModelState.IsValid property is not required in controllers that have been decorated with the ApiController attribute. Getting data from the body and validating data are required so commonly in web services that they are applied automatically when the attribute is used, restoring the focus of the code in the controller’s action to dealing with the application features.
Using the ApiController attribute is optional, but it helps produce concise web service controllers.

53
Q

Explain Projecting Selected Properties

A

Return just the properties that the client requires. Can be done by: The properties that the client requires are selected and added to an object that is passed to the Ok method.