ASP .Net Web API Questions Flashcards
What is ASP.NET Web API?
ASP.NET Web API is a framework for building HTTP services that can be accessed from various clients, including browsers and mobile devices.
How can you define routing in ASP.NET Web API?
Routing in ASP.NET Web API can be defined using either convention-based routing or attribute-based routing.
Explain attribute-based routing in Web API.
Attribute-based routing allows you to define routing by placing route attributes directly on controller actions, making the route configuration more granular.
How does content negotiation work in Web API?
Content negotiation in Web API involves the negotiation between the client and server to determine the appropriate media type (e.g., JSON, XML) for the response data based on the client’s preferences.
What is serialization in Web API?
Serialization is the process of converting complex objects into a format that can be easily transmitted over the network, such as JSON or XML.
How would you implement CRUD operations in Web API?
To implement CRUD operations, you would create controller actions for each operation (Create, Read, Update, Delete) that handle incoming HTTP requests and interact with the data storage.
Explain how you can handle HTTP GET and POST requests in Web API.
HTTP GET requests are typically used for retrieving data, while HTTP POST requests are used for creating new resources. You can define corresponding controller actions to handle these requests.
What is the purpose of the IHttpActionResult interface in Web API?
The IHttpActionResult interface allows you to return various HTTP status codes and content types from Web API actions more efficiently.
How do you handle exceptions in Web API?
You can create a global exception handler using the ExceptionFilterAttribute or handle exceptions within individual controller actions.
What is CORS, and how do you enable it in Web API?
CORS (Cross-Origin Resource Sharing) is a security feature that allows or restricts web applications running at one origin to access resources from a different origin. You can enable it by adding the EnableCors attribute and configuring CORS settings in WebApiConfig.
Explain OAuth authentication and its role in API security.
OAuth is an authentication framework that allows secure access to resources without sharing user credentials. It’s commonly used to grant third-party applications limited access to a user’s resources.
What are JSON Web Tokens (JWTs) in the context of API security?
JSON Web Tokens (JWTs) are compact and self-contained tokens used for securely transmitting information between parties. They are commonly used for authentication and data integrity in APIs.
How do you implement JWT authentication in Web API?
You can implement JWT authentication by adding the necessary middleware and configuring JWT-related settings in your application.
What are API keys, and how are they used for API security?
API keys are credentials passed by clients to identify and authenticate themselves to an API. They are often included in the headers or query parameters of API requests.
Explain the concept of authorization in API security.
Authorization is the process of determining whether a user or client has the necessary permissions to access a specific resource or perform a particular action.
How can you enforce access control for different parts of an API?
Access control can be enforced by implementing role-based authorization, claims-based authorization, or using policies and attributes to restrict access to specific controllers or actions.
What is the purpose of OAuth scopes?
OAuth scopes define the specific permissions or access levels that a client application can request from the user. They help limit the extent of access a client can have.
How do you prevent security vulnerabilities like SQL injection in API requests?
You can prevent SQL injection by using parameterized queries, using an ORM (Object-Relational Mapping) framework, and validating user input.
Explain the concept of token-based authentication in Web API.
Token-based authentication involves exchanging user credentials for a token (like JWT) upon successful login. The token is then sent with each subsequent request to authenticate the user.
How can you secure sensitive data in transit over APIs?
You can secure sensitive data by enabling HTTPS (SSL/TLS) for your API to encrypt the data transmitted between the client and the server.
What is the purpose of API documentation, and why is it important?
API documentation provides clear and comprehensive information about the structure, functionality, and usage of an API. It helps developers understand how to interact with the API correctly.
How can you generate API documentation using Swagger?
Swagger is a tool that automatically generates interactive API documentation based on your Web API code. You can annotate your code with Swagger attributes to provide descriptions and metadata.
Explain the benefits of using OpenAPI for API documentation.
OpenAPI is a specification that defines a standardized way to describe and document RESTful APIs. It allows for consistent and machine-readable documentation that can be used by various tools.
How do you keep API documentation up-to-date as the API evolves?
Keeping API documentation up-to-date involves using tools like Swagger to automatically generate documentation and regularly reviewing and updating the documentation as changes are made to the API.
Can you describe the process of documenting API endpoints using XML comments?
You can use XML comments in your code to provide descriptions and explanations for your API endpoints. These comments can then be processed by tools like Swagger to generate documentation.
What is the “Try It Out” feature in API documentation tools like Swagger?
The “Try It Out” feature allows developers to interact with and test API endpoints directly from the documentation interface, providing an interactive way to understand API behavior.
How can clear API documentation contribute to developer adoption and integration?
Clear and well-maintained API documentation can reduce the learning curve for developers, making it easier for them to integrate and use the API effectively.
What information should be included in API documentation beyond just endpoint descriptions?
API documentation should include information about request and response formats, authentication methods, error handling, rate limiting, and any special considerations.
Explain the benefits of versioning in API documentation.
Versioning in API documentation allows developers to understand the changes and updates made to the API over time, enabling them to make informed decisions about whether and how to migrate to a new version.
How can API documentation facilitate client developers’ understanding of data models?
API documentation should include details about the data models used in requests and responses, including the structure of objects, data types, and any validation rules.
What are some key principles of RESTful API design?
RESTful API design principles include using standard HTTP methods, utilizing meaningful resource URIs, employing HATEOAS (Hypermedia as the Engine of Application State), and prioritizing statelessness.
How can you create consistent and intuitive URI structures in your API?
Use nouns to represent resources and use appropriate naming conventions to structure your URIs. Avoid unnecessary complexity and maintain consistency throughout your API.
Explain the concept of idempotency in the context of API design.
An idempotent API operation can be repeated multiple times without producing different results. For example, a DELETE request that deletes a resource remains the same even if called multiple times.
How do you decide between embedding resources and using relationships in API responses?
The decision depends on the relationship between resources. Embedding resources can reduce the number of requests, while using relationships provides more flexibility and better fits the HATEOAS principle.
What is the Richardson Maturity Model, and how does it relate to RESTful APIs?
he Richardson Maturity Model categorizes APIs into levels based on adherence to REST principles. Level 0 is the lowest (no REST), and Level 3 is the highest (full REST with HATEOAS).
Explain the concept of versioning in API design
Versioning is the practice of providing multiple versions of an API to accommodate changes and updates without breaking existing client applications.