APIs and MicroServices

Question 1

What is an API?

Answer 1

Application Programming Interface (API) is a way for one application to connect to another application.

It is a request-response setup where API takes client’s requests to an external system/application and returns the response back from system/application.

Question 2

Give an example of API.

Answer 2

When we book a flight ticket from the website of the flight company itself, the ticket booking application can directly check the database of bookings and provide a seat.

If we are booking a flight from a third party website which provides us a comparison of prices between different flight companies, the third party client cannot directly connect to the databases of each company. It instead connects to the APIs of those applications, which take the request parameters and lookup their databases. The response provided by APIs is received by the third party client and displayed on screen.

Question 3

What are the advantages of APIs?

Answer 3

1. As a client, we have to only “consume” an API, i.e., just send request to it and receive responses from it. We do not have to program it.
2. APIs are platform independent because even if the client and the API itself are written in two different languages, they communicate with each other via common language such as XML/JSON.
3. APIs are upgrade safe.

Question 4

What is a web service?

Answer 4

An API which requires exposure to a network is called web service. An API can also be a simple API which needs no network and only communicates with another application on the same interface without network.

This makes all web services APIs but the vice versa may not be true.

To send data over the internet, it must be in correct format, which could be XML/JSON and must use correct protocol, which could be SOAP/REST.

Question 5

What is XML?

Answer 5

Extensible Markup Language (XML) is a type of data sent to/received frommostly SOAP APIs. XML uses tags similar to HTML except that for XML, the tags are extensible, i.e., can be customized.

Question 6

What is JSON?

Answer 6

JavaScript Object Notation (JSON) is a type of data sent to/received from mostly REST APIs. JSON uses key value pair
in the format “key”:”value”.

Question 7

What is SOAP?

Answer 7

Simple Object Access Protocol (SOAP) is a web service protocol that defines the structure of HTTP request/response to connect to a web service. The SOAP request body must use XML for communication.

It must use Web Services Description Language (WSDL) which describes the web service endpoints in XML format. A SOAP request must follow WSDL.

Every SOAP API uses POST method, not because it creates a new resource, but it is used as a mere placeholder as SOAP needs no HTTP method.

Question 8

What is REST?

Answer 8

REpresentational State Transfer (REST) is an architecture in which server transfers XML/JSON representation of the current state of the resource to the client.

The web services which adhere to this REST style, called RESTful web services, are stateless, meaning no client context is stored on the server.

Unlike SOAP, REST uses HTTP methods.

Question 9

What are the few common web security principles?

Answer 9

Authentication- is about validating the identity of client.

Authorization- is about determining the level of client’s access.

Basic Auth- requires username and password which is encoded and sent via the header of HTTP request. If the credentials are correct then the response is sent otherwise 401 Unauthorized Request status is sent.

API Key Authentication- requires APIs to be accessed with a unique key

Question 10

What is the difference between APIs and Web Services?

Answer 10

APIs and Web Services both facilitate the communication between two applications/services.

Web Services must use network for this communication to take place whereas APIs can work without network.

APIs are lightweight structures whereas Web Services have the overhead of packing and unpacking of data as they use SOAP protocol which is not lightweight.

All Web Services are eventually APIs but not all APIs are Web Services.

Question 11

What are the two types of web services?

Answer 11

SOAP and RESTful

Question 12

Why are RESTful APIs better than SOAP APIs?

Answer 12

SOAP is a communication protocol whereas REST is an architecture style.

RESTful APIs promote loose coupling and allow for greater variety of data formats such as XML, JSON or anything entirely new. This adds a lot of flexibility.

SOAP APIs must use XML, which contains data in essentially string format and needs a layer of metadata on top to describe the data. This makes it heavy.

With REST, We can provide various types of HTTP responses to client but with SOAP, its either 200 OK or 500 Server Error.

Question 13

What is HATEOAS?

Answer 13

Hypermedia As The Engine Of Application State (HATEOAS) means that a client interacts with the REST API entirely through the responses sent dynamically by the server.

Put even simply, it means that client shouldn’t need any documentation/ out-of-band information to use a REST API.

This might be odd as working with a new API requires going through its documentation to see what endpoints are provided by the API, how requests should be structured and what responses should be expected.

With RESTful APIs, the resources should be discoverable through publication of links.

For e.g. in a banking application, when client clicks a link to view the account balance, the response should also provide links to deposit money, transfer money or close account, without the client having to see documentation.

If the account balance is low, then the links should not contains ways to close account but only to deposit money.

This says that as per requests, the server should dynamically send back new ways of interaction.

Question 14

Explain OAuth.

Answer 14

The Open Authorization (OAuth) framework enables a third-party application to obtain limited access to a web service.

In traditional client-server authentication model, the client requests a protected resource on a server by providing its credentials. In order to provide third party applications access to such protected resources, the resource owner had to share the credentials with third party, creating security issues.

OAuth addresses these issues by introducing a layer of authorization. Instead of using the resource owner’s credentials to access protected resources, the client obtains an access token, issued by an authorization server.

Question 15

Explain the OAuth protocol flow.

Answer 15

1. The client first sends out the Authorization Request to resource owner.
2. The request is accepted and resource owner sends Authorization Grant to the client which is the representation of resource owner’s authorization.
3. The client requests an access token by sending the Authorization Grant to authorization server.
4. Authorization server authenticates the client and validates authorization grant, and if valid, issues Access Token.
5. The client requests protected resources from resource server and authenticates by providing access token.
6. The resource server validates access token and if valid, serves the request.

Question 16

What is digest authentication?

Answer 16

In basic authentication, the username and password are sent over the network in base64 format, which can be easily translated back to plaintext format, making it highly insecure.

Digest authentication uses a digest scheme, which involves sending the client a random number called NONCE (Number only used ONCE) and a realm (hash) asking it to authenticate.

Under this scheme, the client sends an credentials encrypted by applying hash function to username, password, realm, nonce, HTTP method and the URI requested.

Question 17

Explain webhook.

Answer 17

Webhooks are the web services hooked to a particular event such as log in/payment processing/price change of a product/changes in application status etc, where the web service sends response to the client whenever the events occur.

This is reverse of a traditional API, in which client sends request to a web service and web service responds with a response, hence webhooks are also called reverse APIs.

Question 18

Explain microservices.

Answer 18

Microservices is an application architectural style in which application is developed as a suite of

• multiple
• loosely coupled
• autonomous

application components aka services (for eg. profile, payment), modeled around business domain, each running in its own process.

It is a modern architecture in contrast with traditional monolithic style, where applications are built as single unit.

Question 19

What are the advantages of microservices?

Answer 19

1. Independent, decoupled Development
2. Independent Deployment
3. Fault isolation
4. Easier testing
5. Mixed Technology Stack

Question 20

What is Service-Oriented Architecture (SOA)?

Answer 20

SOA is an application architectural style where services communicate with each other in one of two ways:

1. through passing data
2. through two or more services coordinating an activity

Question 21

How is SOA different from Microservices architecture?

Answer 21

SOA relies heavily on Enterprise Service Bus (ESB), which is a communication system bridging the gap between two services when they need to interact with each other. Microservices do not rely on ESB at all.

Question 22

What is cohesion and coupling?

Answer 22

The degree to which the elements inside a module belong together is called cohesion.

The strength of the dependencies between components is called coupling.

A good application is said to have high cohesion and low/loose coupling.

Question 23

Explain the architectural style for creating web API?

Answer 23

1. HTTP for client-server communication
2. XML/JSON as formatting language
3. Simple URI as the address for service
4. Stateless communication

Question 24

What is the difference between Ajax and REST?

Answer 24

Ajax is a technique of dynamically updating parts of UI without reloading the entire page. REST is a software architecture for client to request data from servers.

In Ajax, requests are sent to server by using XMLHttpRequest objects and response is used by Javascript code to dynamically alter the current view page.

In REST, structured HTTP requests are sent to server and server responds with XML/JSON response encapsulated in HTTP structure.

Question 25

What is JAXB?

Answer 25

Formerly Java Architecture for XML Binding and now Jakarta XML Binding, is a framework that allows developers to map Java classes to XML representation and vice versa.

It provides a quick way to marshal (write) Java objects to XML and un-marshal (read) XML into Java objects using Java annotations.

Question 26

What is RPC?

Answer 26

Remote Procedure Call (RPC) is a way in which one program calls procedures from another program located in another remote network, without having to understand the network details and lets you exchange data by message passing.

It typically involves generating method stubs on client process, behind which request call to server process takes place. HTTP is sometimes used as underlying protocol for message passing but it is not bound to it.

Question 27

What is the difference between RPC and REST?

Answer 27

RPC thinks in terms of verbs, exposing the functionality as function calls that accept parameters and invokes these functions via appropriate HTTP verb, but the HTTP verb has no real meaning to the actual functionality, since different URL is being called every time.

The REST API, in contrast, uses HTTP verbs to represent transactions against resources. All these verbs invoked on same URL provide different functionality.

For a product website,
REST API is finding a particular product by navogating to a webpage and following a set of given links (like product category) and
RPC is directly calling a procedure to get a product by name.

In the first case, changes to API can be made on server directly but in second case, a coordinated deployment to client and server is needed.

For a restaurant service, placing an order will be something like this:

RPC: http://MyRestaurant:8080/Orders/PlaceOrder (POST: {Tacos object})

REST: http://MyRestaurant:8080/Orders/Order?OrderNumber=asdf (POST: {Tacos object})

and retrieving an order will be like this:

RPC: http://MyRestaurant:8080/Orders/GetOrder?OrderNumber=asdf (GET)

REST: http://MyRestaurant:8080/Orders/Order?OrderNumber=asdf (GET)

Question 28

Explain WSDL.

Answer 28

Web Service Description Language (WSDL) is an XML notation for describing a web service. It tells us about the functions that a developer can implement or functions that are exposed to clients.

The maojr elements of a WDSL document are:
1. definitions: root element of all WSDLs and defines name and namespace etc of web service.

2. types: defines data types used by web service.
3. messages: abstract definition of data being transmitted

Question 29

What is JAX-WS?

Answer 29

Java API for XML-based Web Service is an API for creating and consuming SOAP web services. JAX-WS API is built in JDK and hence its usage does not need addition of any extra dependency.

Question 30

What is JAX-RS?

Answer 30

Jakarta RESTful Web Services, formerly known as Java API for RESTful Web Services, is a Java specification that provides support in creating web services according to REST architectural pattern.

It uses annotations to simplify the development and deployment of web service clients and endpoints.

Question 31

Explain the structure of HTTP request.

Answer 31

HTTP request contains:

1. Start-line: contains HTTP verb followed by URI and HTTP version

GET category/book/ HTTP/1.1

2. Headers: describe the Host, user-agent (browser), accepted types of responses (HTML/PDF etc), length
3. Blank line: indicates that metadata has been sent and now data will be begin
4. Optional body

Question 32

Explain the structure of HTTP response.

Answer 32

HTTP response contains:

1. Status line: contains HTTP version followed by HTTP status code and status text

HTTP/1.1 403 Forbidden

2. Headers: describe the Server, type and size of content sent, cookies etc
3. Blank line: indicates that metadata has been sent and now data will be begin
4. Optional body