.NET Web API

Question 1

What is different between REST API and RESTful API?

Answer 1

REST (Representation State Transfer) API:
It is an architectural style that makes use of existing web technologies and protocols. It is a set of rules that developers need to follow when they develop their API or services that are scalable. It is used with HTTP protocol using its verbs such as GET, DELETE, POST, PUT.

RESTful API:
It is simply referred to as web services executing such as architecture.

Question 2

What are the advantages of using Rest in Web API?

Answer 2

REST is very important and beneficial in Web API because of the following reasons:

• It allows less data transfer between client and server.
• It is easy to use and lightweight.
• It provides more flexibility.
• It also handles and controls various types of calls, returning various data formats.
• It is considered best for using it in mobile apps because it makes less data transfer between client and server.
• It uses simple HTTP calls for inter-machine communication rather than using more complex options like CORBA, COM+, SOAP, or RPC.*

Question 3

Web API supports which protocol?

Answer 3

Web API generally supports only HTTP protocol.

Question 4

What are Web API filters?

Answer 4

Filters are used to add extra logic at different levels of Web API framework request processing.

• Authentication Filter:
• Authorization Filter:
• Action Filter:
• Exception Filter:
• Override Filter:

Question 5

Who can consume Web API?

Answer 5

It can also be consumed by any client that supports HTTP verbs such as GET, DELETE, POST, PUT.

Question 6

Web API sends which HTTP response for all uncaught exceptions?

Answer 6

HTTP.500 - INTERNAL SERVER ERROR

Question 7

What is the difference between ApiController and Controller?

Answer 7

ApiController: It is used to return any type of data to the client.

Controller: Must return ActionResult, typical of Views

Question 8

What is Caching and what are its types?

Answer 8

Caching is a technique or process of storing data somewhere or in the cache for future requests. The cache is a temporary storage area. Caching keeps all frequently or recently accessed files or data in the cache memory and accesses them from the cache itself rather than actual address of data or files. The cache interface simply improves the storage mechanism for request/response object pairs that are being cached.

• Page Caching
• Data Caching
• Fragment Caching

Question 9

What is ASP.NET Web API routing?

Answer 9

Routing is a process of mapping requests to the resources that handle the request.

Convention-based routing:
Web API supports convention-based routing. In this type of routing, Web API uses route templates to select which controller and action method to execute.

Attribute-based routing:
Web API 2 generally supports a new type of routing known as attribute routing. As the name suggests, it uses attributes to define routes. It is the ability to add routes to the route table via attributes.

Question 10

Explain basic ASP.NET Web API security?

Answer 10

Web API can be accessed by anyone who knows the URL. Therefore, it can become a target for hackers. One needs to secure Web API by controlling who can and who cannot have access to Web API.

Authentication:
It is a process that helps to identify and check users by their credentials such as password, username, etc. To have access to the web API, firstly user credentials are needed to be passed in the request (authorization) header in the form of user/pass or bearer token. If user credentials are not passed into the request header, then the server returns 401 status code (unauthorized). The most popular authentication scheme is OAuth 2.0.

Authorization:
It is a process that helps to decide whether or not a user has access to perform an action. Authorization filters are used to implement authorization.

Question 11

What is the difference between OAuth2 and JWT?

Answer 11

OAuth 2.0 is a protocol, e.g. specifies how tokens are transferred whereas JWT is a token format. OAuth can, and often does use JWT as its token format.

JSON Web Token:
* a JWT is a JSON based security token format which is a base64 url-encoded string used as a means of transferring secure content between two applications. They are used to secure request data in Web APIs. These are included in Authorization HTTP headers as part of the bearer authentication scheme.

• A JWT token is composed of a header, a payload, and a signature and has the format: header.payload.signature
• A JWT is digital signed by the server to it cannot be manipulated by clients or middleware
• The client should not store the bearer token inside localstorage as this would expose the token to any script running on the client. The client should implement an HttpOnly cookie

OAuth2:
* OAuth is not an API or a service: it’s an open standard for authorization that anyone can implement

• OAuth is a standard that apps can use to provide client applications with “secure delegated access”. In other words, its a way to allow users to login using 3rd party credentials (facebook, Google, etc) without giving those 3rd parties your password. OAuth works over HTTPS and authorizes devices, APIs, servers, and applications with access tokens rather than credentials.

Question 12

What are Exception filters in ASP.NET Web API?

Answer 12

Exception filter is generally used to handle all unhandled exceptions that are generated in web API. It implements IExceptionFilters interface. It is the easiest and most flexible to implement. This filter is executed whenever the controller method throws any unhandled exception at any stage that is not an HttpResponseExecption exception.

Question 13

What are the Http verbs?

Answer 13

POST: Create new record; returns 201, 409 (conflict), or 404 (not found)
GET: Read; large lists, pagination, sorting; returns 200 (Ok), 404 (not found or invalid id)
PUT: Update/Replace; returns 405 (not allowed), 200 (Ok), 204 (no content), 404 (not found or invalid id)
PATCH: Update/Modify: returns 405 (not allowed), 200 (Ok), 204 (no content), 404 (not found or invalid id)
DELETE: Delete: returns 405 (not allowed), 200 (Ok), 404 (not found or invalid id)

Question 14

What is CORS in Web API?

Answer 14

CORS (Cross-Origin Resource Sharing) is a mechanism that allows one to make requests from one website to another website in a browser that is normally not allowed by another policy called SOP (Same Origin Policy). It supports secure cross-origin requests and data transfers among clients or browsers and servers. Here, cross-origin request means requests coming from different origins. CORS simply resolves the same-origin restriction for JavaScript.

Question 15

Explain the Http Lifecycle from end to end

Answer 15

1. You initiate a connection specifying a url to connect to
2. An HTTP Request is created that contains a verb and a path and a set of custom headers like authorization (bearer token).
3. The Request is sent to the Server
4. The Server reads the Request and takes action based on the verb, path, and header data received
5. The Server generates an HTTP Response to the Request.
6. The server sends the Response back to the client browser.
7. Your client receives and processes response as dictated by the application.

Question 16

Assume you have a long running action in a Web API endpoint, what is the best way to prevent unwanted network latency?

Answer 16

Make the operation asynchronous and return a HTTP/1.1 202 Accepted response that include the location/path of an endpoint where the consumer can check the status of the operation.

Question 17

Suppose you have large binary files or images to transmit from the webapi over http to a client. What is the best way to prevent latentcy, bottlenecking, or reponse times when transferring the data?

Answer 17

Implement a HEAD request which will return metadata about the file such as it type and byte length. The client can then split the request into multiple requests by specifying a byte Range to get per request and reconstruct the bytes locally.

Request:
HEAD https://adventure-works.com/products/10?fields=productImage HTTP/1.1

Response:
HTTP/1.1 200 OK
Accept-Ranges: bytes
Content-Type: image/jpeg
Content-Length: 4580

Request 2:
GET https://adventure-works.com/products/10?fields=productImage HTTP/1.1
Range: bytes=0-2499

Response 2:
HTTP/1.1 206 Partial Content
Accept-Ranges: bytes
Content-Type: image/jpeg
Content-Length: 2500
Content-Range: bytes 0-2499/4580

Question 18

Describe a typical API design pattern

Answer 18

1. Consumers send a request to an endpoint (typically a controller)
2. The Controller passes the request to a Service Layer
3. The Service Layer passes the request to a repository layer (which knows how to work with the Domain model)
4. The Repository layer communicates directly with the persistence data platform

Question 19

Explain synchronous and asynchronous endpoints in NET Core WebApi

Answer 19

.NET implements a new threading pattern called async/await which reduces the complexity of working with threads.

For synchronous operations, when a request is made to the API, a thread from the process thread pool will handle the request. If the code makes an I/O call, such as a database or file system call, the thread will be blocked until the I/O operation is fully completed. The blocked thread can’t be used for anything else, it is stuck waiting on the blocking call to finish. When new requests come in to the API they must be spawned on new threads.

For asynchronous operations, when a request is made to the API, a thread from the process thread pool will handle the request, as with synchronous calls. The difference is that when a blocking I/O call is being awaited upon, the thread will be returned to the pool to service new incoming requests.

Question 20

Explain Roles, Claims, and Policies

Answer 20

Roles are a grouping of permissions shared by members of the role. Effectively all members share the same set of rights. A claim is an individual permission associated with an identity. A policy is a group of claims.