Chapter 14 - WEB, REST Flashcards

1
Q

Http and its features

A

HTTP (Hypertext Transfer Protocol) is the foundation of communication on the World Wide Web. Here are some of its key features:

Statelessness: HTTP is stateless, meaning it treats each request independently, without retaining any information from previous interactions. This simplifies implementation but may require additional mechanisms like cookies or session handling for maintaining state between requests.

Client-Server Model: It operates in a client-server model where the client (typically a web browser) sends requests to the server (where websites are hosted) and receives responses in return.

Request Methods: HTTP defines various request methods or verbs, such as GET (retrieve data), POST (submit data to be processed), PUT (update a resource), DELETE (remove a resource), and more. Each method serves a specific purpose and determines the action to be performed on the server.

URI (Uniform Resource Identifier): HTTP uses URIs to identify resources on the web. A URI can be a web page, an image, a file, or any other resource that can be accessed via a web browser.

Headers: HTTP uses headers to transmit additional information with each request and response. Headers contain metadata about the message, such as content type, caching directives, authentication details, and more.

Status Codes: HTTP defines a range of status codes that indicate the outcome of a request. For instance, 200 OK signifies success, 404 Not Found indicates the requested resource is unavailable, 500 Internal Server Error denotes an issue on the server side, and so on.

Connection Handling: HTTP allows persistent connections, enabling multiple requests and responses to be sent over a single TCP connection, reducing the overhead of establishing new connections for each request.

Security: HTTP can be augmented with security protocols like HTTPS (HTTP Secure), which uses encryption (SSL/TLS) to secure data transmission between the client and the server, ensuring privacy and integrity.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Http Versions

A

HTTP/0.9: This was the earliest version of HTTP, introduced in 1991. It was a simple protocol used for transferring hypertext documents and only supported the GET method without headers. It didn’t include status codes or headers other than the required URL.

HTTP/1.0: This version, introduced in 1996, expanded the protocol’s capabilities significantly. It added support for various request methods (like POST, HEAD, and more), status codes (including 404 Not Found), and headers, allowing more complex transactions between clients and servers.

HTTP/1.1: Released in 1997, HTTP/1.1 brought further improvements and optimizations to the protocol. It introduced features like persistent connections (allowing multiple requests over a single TCP connection, reducing latency), chunked transfer encoding (enabling transmission of data in parts), and host headers (allowing multiple websites to be served from a single IP address). HTTP/1.1 remains widely used on the web.

HTTP/2: This major update, standardized in 2015, aimed to address the limitations of HTTP/1.1. It introduced several performance enhancements, including multiplexing (allowing multiple requests and responses to be sent concurrently over a single connection), header compression (reducing overhead), server push (allowing servers to push resources to clients proactively), and more efficient binary framing, resulting in faster page load times.

HTTP/3: This version, standardized in 2020, is a significant departure from its predecessors. It is based on Google’s QUIC protocol (Quick UDP Internet Connections) and uses UDP (User Datagram Protocol) instead of TCP (Transmission Control Protocol) for transport. HTTP/3 improves performance further by reducing latency through mechanisms like encryption by default and better handling of packet loss.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Browser?

A

A browser, short for web browser, is a software application used to access and navigate the World Wide Web. It acts as an interface between a user and the internet, allowing users to view websites, access web pages, and interact with various online content.

Key features and functions of a web browser include:

Rendering Web Pages: Browsers interpret HTML (Hypertext Markup Language), CSS (Cascading Style Sheets), and JavaScript code to render web pages, presenting text, images, videos, and other multimedia elements in a visually appealing format.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

TCP?

A

TCP (Transmission Control Protocol) is one of the core protocols of the Internet Protocol Suite (commonly known as TCP/IP), providing a reliable, connection-oriented, and stream-oriented communication between devices over a network. It operates at the transport layer of the TCP/IP model and is responsible for ensuring data delivery and integrity between applications running on different devices.

Key features of TCP include:

Reliability: TCP ensures reliable data delivery by using acknowledgment mechanisms. When a device sends data over TCP, the receiving device acknowledges the receipt of each segment. If a segment is lost or not acknowledged, TCP automatically retransmits the data to ensure reliable delivery.

Connection-Oriented: TCP establishes a connection between two devices (known as a TCP connection) before transmitting data. This connection setup involves a three-way handshake process (SYN, SYN-ACK, ACK) between the sender and receiver to establish parameters for communication.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

IP

A

IP, short for Internet Protocol, is a fundamental protocol that enables communication and data transfer across networks, including the internet. It’s a core component of the Internet Protocol Suite (TCP/IP) and is responsible for routing packets of data from a source device to a destination device in a network.

Key characteristics of IP include:

Packet Switching: IP breaks data into smaller units called packets. Each packet contains both the data being transmitted and metadata, including the sender’s and receiver’s IP addresses. These packets are independently routed across various networks and reassembled at the destination.

Addressing: IP assigns unique numerical addresses, known as IP addresses, to devices connected to a network. IPv4 (Internet Protocol version 4) uses a 32-bit address format, while IPv6 (Internet Protocol version 6) uses a 128-bit address format. IP addresses are essential for identifying and locating devices on a network.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

URL?

A

URL stands for Uniform Resource Locator. It’s a reference or address used to identify and locate resources on the internet, such as web pages, files, images, videos, or any other content. URLs are essential for accessing specific resources hosted on web servers.

A URL consists of several components that specify the location and access method for a resource:

Scheme: It indicates the protocol or scheme used to access the resource. For example, “http://” or “https://” for web pages, “ftp://” for file transfer, “mailto://” for email addresses, etc.

Domain Name or IP Address: This part identifies the specific location of the resource. Domain names (e.g., www.example.com) or IP addresses (e.g., 192.0.2.1) are used to locate the server hosting the resource.

Port Number (optional): It specifies a port on the server to establish a connection. If not specified, the default port for the specified protocol is used (e.g., port 80 for HTTP, port 443 for HTTPS).

Path: It defines the specific location or directory structure on the server where the resource is located. For example, “/folder/page.html” refers to a web page named “page.html” inside a folder named “folder.”

Query Parameters (optional): It includes additional parameters or data that can be sent to the server. These parameters are separated from the URL by a question mark (?) and consist of key-value pairs (e.g., “?id=123&name=example”).

Fragment Identifier (optional): It points to a specific section or anchor within a resource. It is indicated by a hash symbol (#) followed by a fragment identifier (e.g., “#section2” for a specific section of a web page).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

DNS?

A

DNS, which stands for Domain Name System, is a decentralized hierarchical naming system used to translate human-readable domain names into IP addresses. It serves as the internet’s address book, allowing users to access websites and other online services using easily understandable domain names instead of complex numerical IP addresses.

Here’s how DNS works:

Domain Names: Domain names (e.g., www.example.com) are alphanumeric labels used to identify websites or internet resources. Each domain name represents a unique location on the internet.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Proxy?

A

A proxy server acts as an intermediary between a user’s device (such as a computer or smartphone) and the internet.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Cache?

A

A cache is a hardware or software component that stores data temporarily to facilitate quicker access and retrieval. It stores copies of frequently accessed or recently used data in a location that allows for faster access compared to retrieving the same data from its original source.

Caches are utilized in various computing systems, including:

Web Browsers: Web browsers use a cache to store web pages, images, scripts, and other resources locally on a user’s device. When a user revisits a web page, the browser can retrieve some elements from the cache instead of re-downloading everything from the internet, resulting in faster page loading times.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Cookies?

A

Cookies are small pieces of data stored in a user’s web browser by websites they visit. They are created by web servers and are sent to the user’s browser where they are stored. Cookies serve several purposes in web browsing:

Session Management: Cookies are commonly used for session management, allowing websites to recognize users as they navigate between pages or return to the site. Session cookies are temporary and are deleted when the user closes the browser.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

TLS

A

A TLS (Transport Layer Security) certificate, formerly known as an SSL (Secure Sockets Layer) certificate, is a digital certificate that establishes a secure encrypted connection between a web server and a web browser.

Key points about TLS certificates:

Encryption: TLS certificates use encryption algorithms to secure data transmitted over the internet. This encryption prevents unauthorized access or interception of sensitive information, such as login credentials, personal details, or financial data.

Authentication: TLS certificates also serve to authenticate the identity of a website. They are issued by trusted Certificate Authorities (CAs) after verifying the legitimacy of the requesting entity (e.g., a website or organization). When a user visits a website with a valid TLS certificate, the browser confirms the certificate’s authenticity, assuring the user of the website’s identity.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Basics of RESTful APIs

A

REST is an API architecture style. It stands for Representational State Transfer (REST). REST is an architectural style that defines a set of constraints to be used for creating web services. REST API is a way of accessing web services in a simple and flexible way without having any processing. REST technology is generally preferred to the more robust Simple Object Access Protocol (SOAP) technology because REST uses less bandwidth, simple and flexible making it more suitable for internet usage. It’s used to fetch or give some information from a web service. All communication done via REST API uses only HTTP protocol.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Richardson REST API Maturity Model

A

The Richardson Maturity Model grades RESTful API by their maturity. The REST Maturity Model is a way to grade your API according to the constraints of REST. It describes four different levels of REST (starting from 0 to 3 level). A REST API that supports hypermedia controls is classified as Level 3 in this maturity model.

Level 0 - a single URI and use a single HTTP method (typically POST)
These services have a single URI and use a single HTTP method (typically POST). This is the most primitive way of building SOA applications with a single POST method and using XML to communicate between services. Level zero of maturity does not make use of any of URI, HTTP Methods, and HATEOAS capabilities.

Level 1 - different URIs for different resources but use a single HTTP method (typically POST)
API design at Level 1 is all about using different URIs to interact with the different resources in your application but only a single HTTP verb – generally HTTP POST. These services will give each resource, available in the application, a unique URI. A unique URI separately identifies one unique resource – and that makes these REST API better than level zero.

Level 2 - different URIs and HTTP Verbs for manipulating resources
REST API of Level 2 uses different URIs and HTTP Methods, but does not use the HATEOAS. Such REST API supports several of the HTTP verbs on each exposed resource – Create, Read, Update and Delete (CRUD) operations. Here the state of resources, typically representing business entities, can be manipulated over the network.Maturity level 2 is the most popular usecase of REST principles, which advocate using different verbs based on the HTTP request methods, while the system can have multiple resources.

Level 3 - different URIs and HTTP Verbs and HATEOAS
REST API of Level 3 is the most mature level of Richardson’s model, which encourages easy discoverability. This level makes it easy for the responses to be self-descriptive by using HATEOAS. Level 3 leads the service consumers through a trail of resources, causing application state transitions as a result.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is resource in Rest API?

A

Resource
The key abstraction of information in REST is a resource. Any information that can be named can be a resource: a document or image, a temporal service (e.g. “today’s weather in Los Angeles”), a collection of other resources, a non-virtual object (e.g. a person), and so on. In other words, any concept that might be identified by a URI provided by the server can be called a resource. A resource is an object with a type, associated data, relationships to other resources, and a set of methods that operate on it. It is similar to an object instance in an object-oriented programming, with the important difference that only a few standard methods are defined for the resource (corresponding to the standard HTTP GET, POST, PUT and DELETE methods), while an object instance typically has many methods. Resources can be singleton or grouped into collections.
1.Singleton and Collection Resources
For example, “customers” is a collection resource and “customer” is a singleton resource (in a banking domain).We can identify “customers” collection resource using the URI “/customers“. We can identify a single “customer” resource using the URI “/customers/{customerId}“.
2.Collection and Sub-collection Resources
A resource may contain sub-collection resources also. For example, sub-collection resource “accounts” of a particular “customer” can be identified using the URN “/customers/{customerId}/accounts” (in a banking domain). Similarly, a singleton resource “account” inside the sub-collection resource “accounts” can be identified as follows: “/customers/{customerId}/accounts/{accountId}“.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Resource state

A

Resource state is the current state of a resource on a server at any point in time – and it has nothing to do with the interaction between client and server. It is what we get as a response from the server as the API response. We refer to it as resource representation.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Resource representations

A

A server can provide different representations for the same resource. A resource state can be represented in multiple formats, such as JSON, XML, YAML, etc. A client can use content negotiation (Accept ot Content-Type) to request different representations of the same resource.

17
Q

Resource identifiers

A

REST APIs use Uniform Resource Identifiers (URIs) to address resources. REST API designers should create URIs that convey a REST API’s resource model to the potential clients of the API. When resources are named well, an API is intuitive and easy to use. If done poorly, that same API can be challenging to use and understand. Creating URIs for resources you should follow the principale (the best practice) described lower in this document.

18
Q

Application state

A

Application state is server-side data that servers store to identify incoming client requests, their previous interaction details, and current context information. It is important to understand the difference between the application state and the resource state. Both are completely different things.

19
Q

Stateless

A

Statelessness means that every HTTP request happens in complete isolation. When the client makes an HTTP request, it includes all information necessary for the server to fulfill the request. The server never relies on information from previous requests from the client and doesn’t store state about the client session on the server-side. If any such information is important then the client will send that as part of the current request. REST statelessness means being free from the application state.

20
Q

REST API endpoint

A

An endpoint is one end of a communication channel. When an API interacts with another system, the touchpoints of this communication are considered endpoints. For APIs, an endpoint can include a URI of a server or service. Each endpoint is the location from which APIs can access the resources they need to carry out their function. APIs work using ‘requests’ and ‘responses.’ When an API requests information from a web application or web server, it will receive a response. The place that APIs send requests and where the resource lives, is called an endpoint.

21
Q

Idempotence

A

An idempotent method is a method that can be called many times without different outcomes. It would not matter if the method is called only once, or ten times over. NOTE: POST is neither safe nor idempotent.

22
Q

Safety

A

The concepts of ‘idempotent methods’ and ‘safe methods’ are often confused. A safe method does not change the value that is returned, it reads – but it never writes. Safe methods are HTTP methods that do not modify resources. For instance, using GET or HEAD on a resource URI, should NEVER change the resource.

23
Q

HTTP PUT vs HTTP PATCH

A

The HTTP PATCH request method applies partial modifications to a resource. A PATCH request is considered a set of instructions on how to modify a resource. Contrast this with PUT; which is a complete representation of a resource. A PATCH is not necessarily idempotent, although it can be. Contrast this with PUT; which is always idempotent. The word “idempotent” means that any number of repeated, identical requests will leave the resource in the same state. For example if an auto-incrementing counter field is an integral part of the resource, then a PUT will naturally overwrite it (since it overwrites everything), but not necessarily so for PATCH. The PATCH body should not just be a modified part of the resource, but in some kind of patch language like JSON Patch or XML Patch. PATCH (like POST) may have side-effects on other resources so it is not safe.

24
Q

HATEOAS (Hypermedia as the Engine of Application State)

A

HATEOAS is a constraint of the REST application architecture. HATEOAS keeps the REST style architecture unique from most other network application architectures. The term “hypermedia” refers to any content that contains links to other forms of media such as images, movies, and text. REST architectural style let us use the hypermedia links in the API response contents. It allows the client to dynamically navigate to the appropriate resources by traversing the hypermedia links. Navigating hypermedia links is conceptually the same as browsing through web pages by clicking the relevant hyperlinks to achieve a final goal. For example, the given below JSON response may be from an API like HTTP GET http://api.domain.com/management/departments/10

25
Q

REST architectural constraints

A

. Client-Server
REST application should have a client-server architecture. This constraint essentially means that client applications and server applications MUST be able to evolve separately without any dependency on each other. A client should know only resource URIs, and that’s all. A Client requests resources and is not concerned with data storage, which remains internal to each server, and server holds the resources and is not concerned with the user interface or user state. They can evolve independently. Client doesn’t need to know anything about business logic and server doesn’t need to know anything about frontend UI.

  1. Uniform Interface
    It is a key constraint that differentiate between a REST API and Non-REST API. It suggests that there should be an uniform way of interacting with a given server irrespective of device or type of application (website, mobile app). There are four guidelines principle of Uniform Interface are:

Resource-Based: Individual resources are identified in requests. For example: API/users.
Manipulation of Resources Through Representations: Client has representation of resource and it contains enough information to modify or delete the resource on the server, provided it has permission to do so. Example: Usually user get a user id when user request for a list of users and then use that id to delete or modify that particular user.
Self-descriptive Messages: Each message includes enough information to describe how to process the message so that server can easily analyses the request.
Hypermedia as the Engine of Application State (HATEOAS): It need to include links for each response so that client can discover other resources easily.
3. Stateless
The restriction is called Statelessness if the server does not store any data about the client session on the server-side. It means that the necessary data\state to handle the request is contained within the request itself and server would not store anything related to the client session. The server will not store anything about the latest HTTP request the client made. It will treat every request as new. No client context shall be stored on the server between requests. No session, no history. The client is responsible for managing the state of the application. In REST, the client must include all information for the server to fulfill the request whether as a part of query params, headers or URI. For making REST API stateless, Even authentication/authorization details of the client should not be stored on the server side. Provide authentication credentials with each request. Statelessness enables greater availability since the server does not have to maintain, update or communicate that client session state. There is a drawback when the client need to send too much data to the server so it reduces the scope of network optimization and requires more bandwidth.

  1. Cacheable
    In order to provide a better performance, the applications are often made cacheable. Every response should include whether the response is cacheable or not and for how much duration responses can be cached at the client side. Client will return the data from its cache for any subsequent request and there would be no need to send the request again to the server. A well-managed caching partially or completely eliminates some client–server interactions, further improving availability and performance. But sometime there are chances that user may receive stale data To prevent it, the cached data needs to be updated each time the data is getting updated server side.
  2. Layered System
    This constraint tells that the architecture of the application can be layered, without letting the client know about it. An application architecture needs to be composed of multiple layers. Each layer doesn’t know any thing about any layer other than that of immediate layer and there can be lot of intermediate servers(layers) between client and the end server. Intermediary servers may improve system availability by enabling load-balancing and by providing shared caches.
  3. Code on demand (optional)
    It is an optional feature. According to this, servers can also provide executable code to the client. The examples of code on demand may include a UI widget rendering code or client-side scripts such as JavaScript/Python.
26
Q

Understanding REST in Spring

A

The Spring framework supports two ways of creating RESTful services:

using MVC with ModelAndView
using HTTP message converters
The ModelAndView approach is older and much better documented, but also more verbose and configuration heavy. The new approach, based on HttpMessageConverter and annotations, is much more lightweight and easy to implement. Configuration is minimal, and it provides sensible defaults for what you would expect from a RESTful service.

Let’s consider how to build REST application using Spring Web framework step by step.

27
Q

Rest Controllers

A

Let’s consider how to build REST controllers using Spring Web framework. Spring REST controllers are annotated with @RestController. The annotation includes the @RestController and @ResponseBody annotations, and as a result, simplifies the controller implementation:

28
Q

HATEOaS

A

HATEOAS (Hypermedia as the Engine of Application State) is a constraint of the REST application architecture. A hypermedia driven REST API provides information to help to navigate through the API dynamically. This is done by passing hypermedia links with the responses. HATEOAS is a fundamental concept to create Discoverable REST APIs.

The Spring framework provides the HATEOAS library that you can use to easily create REST representations that follow the principle of HATEOAS (Hypertext as the Engine of Application State).