2.0 Understanding and Using APIs Flashcards
T/F - HTTP is a stateless (connectionless) protocol.
True
T/F - The data is exchanged via HTTP requests and HTTP responses, which are specialized data formats used for HTTP communication. A sequence of requests and responses is called an HTTP session and is initiated by a client by establishing a connection to the server.
True
T/F - Web APIs are a subset of APIs, accessible over HTTP
True
What do you call HTTP verbs (or nouns) that are a predefined set of request methods that represent desired actions that should be performed on the resources? They are used in HTTP requests as a part of the request line.
HTTP Methods
HTTP Method - Requests a representation of a specific resource. Should only retrieve data and is considered safe and idempotent.
GET
HTTP Method - Used to submit an entity to the specified resource, often causing a state change or side effects on the server. Requests made with this verb should include a request body.
POST
HTTP Method - Deletes the specified resource. Subsequent calls should not cause any side effects.
DELETE
HTTP Method - Replaces all current representations of the target resource with the request payload.
PUT
Asks for a response identical to that of a GET request, but without the response body. Useful for validating resource availability.
HEAD
Applies partial modification to a resource. Useful for instances where using PUT might be too cumbersome. It is not an idempotent method and is used for merging resources.
PATCH
What is a predefined set of numerical codes that indicate the status of a specific HTTP request in the response header.
HTTP Status Code
What are the 5 classes (categories) of HTTP status codes by functionality?
1xx Informational, 2xx Successful, 3xx Redirection, 4xx Client Error, 5xx Server Error.
Most HTTP Status codes from this category indicate that the request was received and understood. They usually mean that the request processing continues and alerts the client to wait for the final response. Rarely used.
1xx Informational
HTTP Status Code for a standard response for a successful HTTP request. The information returned depends on the request method.
200 (OK)
HTTP Status Code that indicates that a resource has been successfully created.
201 (Created)
HTTP Status Code that the server has successfully fulfilled the request and the response body is empty. Useful when you want to confirm that a POST request was received by the server.
204 (No content)
HTTP Status Code that this an all future requests should be directed to the given URI.
301 (Moved Permanently)
HTTP Status Code that the requested resource resides temporarily under a different URI.
302 (Found)
HTTP Status Code that indicates that the resource has not been modified since the version specified by the request headers. Useful for reducing overhead.
304 (Not Modified)
HTTP Status Code that the server cannot process the request because of a malformed request (bad syntax, deceptive routing, size too large)
400 (Bad Request)
HTTP Status Code the request requires a valid authorized user. It usually means that the user is not authenticated or that authentication failed.
401 (Unauthorized)
HTTP Status Code The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource.
403 (Forbidden)
HTTP Status Code that the server has not found anything matching the request URI. No indication is given whether the condition is temporary or permanent.
404 (Not Found)
HTTP Status Code which is a generic error message, given when an unexpected condition was encountered and no more specific message is suitable.
500 (Internal Server Error)
HTTP Status Code that the server does not support the functionality required to fufill the request.
501 (Not Implemented)
HTTP Status Code that the service cannot handle the request. It is usually a temporary condition attributed to a server crash, maintenance, overload, and so on.
503 (Service Unavailable)
What is a list of key-value pairs that the client and server use to pass additional information or metadata between them in requests? They consist of a case-insensitive name, followed by a colon (“:”) and then its value.
HTTP Headers
What are the four distinct types of HTTP headers?
General, Request, Response, and Entity
HTTP Header - This type is not specific to any particualar kind of message. They are primarly used to communicate information about the message itself and how to process it.
General
HTTP Header - This type carries information about the resource to be fetched. They also contain information about the client.
Request
HTTP Header - This type of header hold additional information about the response and the server providing it.
Response
HTTP Header - These type of headers contain information about the response body.
Entity
What does a HTTP Request use to identify and locate the resources targeted by the request?
HTTP URL
In relation to a HTTP URL, what is the term that identifies a resource ../people/alice
URI
In relation to an HTTP URL, what is the term that identifies a resource using a (made-up) scheme urn:people:names:alice
URN
In HTTP, what is the process of selecting the best representation for a given response when there are multiple representations available.
HTTP Content Negotiation
What HTTP Header takes care of content negotiation?
Accept
What is the scale of the quality-factor weighting of Accept HTTP headers?
0 to 1
RPC
Remote Procedure Call
SOAP
Simple Object Access Protocol
What protocol provides mechanisms to install, manipulate, and delete configurations on network devices. It also provides a mechanism for notification subscriptions and asynchronous message delivery.
NETCONF
NETCONF
Network Configuration Protocol
T/F - NETCONF is a session based protocol
True
What does NETCONF use for encapsulation?
XML
Which API style is optimized for the web, known for its excellent performance scalability, and has a greater simplicity than other styles?
REST
T/F - A RESTful API needs to be stateless, no client context needs to be stored on the server in between requests.
True
T/F - A RESTful API needs to be built using Client/Server architecture.
True
T/F - A RESTful API needs to be a layered system, a client should not be able to know if it is connected to an end point or an intermediary agent (proxy, caching server, etc)
True
T/F A RESTful API needs a uniform interface to decouple the client from the implementation of the REST service.
True
CRUD
Create, Read, Update, Delete
What Python library is used to create a simple HTTP GET request to a member resource on a RESTful API?
requests
T/F - The best API to use is based on the problem you are trying to solve and the resources you have available.
True
T/F - Scalability, performance and flexibility are advantages of a REST API
True
T/F - High Security and Standardization are advantages of a SOAP API
True
T/F - Less secure and not suitable for distributed environments are disadvantages of a REST API
True
T/F - Increased complexity and poorer performance are disadvantages of a SOAP API
True
What message format is used with a SOAP API?
XML
What transfer protocol is used with a REST API?
HTTP
What are tools that allow you to react to events and changes in an application. They are commonly referred to as a “reverse API” or a “web callback”.
Webhooks
What HTTP method is used to update a webhook endpoint?
POST
How are webhook notifications transported to subscribers?
HTTP POST requests
What is the biggest benefit of webhooks compared with regular REST API?
Webhooks provide real-time data
T/F - REST does not use a fixed response format
True
What is the purpose of content negotiation?
to select the best available representation for a given resource
T/F - In the case of Cisco, pagination is a part of the Cisco Web API standards and is implemented with RFC 5988
True
What effectively limits the number of specific requests that can be fulfilled by an API?
rate limiting
Is it better to implement rate limiting on the client side or server side?
Server Side - prevents DOS, prevent misuse of sensitive or destructive API calls.
What is the difference between rate limiting and payload limiting?
With rate limiting, you limit the rate of API calls toward the API, while with payload limiting, you limit the size of the API request bodies.
What is the act of proving the identity of someone?
Authentication
What specifies the rights and privileges that a specific entity has over resources.
Authorization
What are the three general approaches to REST API authentication?
Basic HTTP Authentication, API Key Authentication, and Custom Token Authentication
What authentication method uses a unique, pregenerated, cryptographically strong string as authentication?
API Key Authentication
How frequently is a new token issued in custom token authentication?
When the old one expires
What does the term “hardcoding” mean, in relation to security in your code?
Including data directly in the source code
What type of API communication is where the client requests, and waits for reply?
Synchronous
What type of API communication is where the client requests, then the reply comes later?
Asynchronous
