RESTful services Flashcards

1
Q

What does REST stand for?

A

REpresentational State Transfer

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

HTTP is considered stateless because…?

A

The request before or after this current request are executed independently and have no knowledge of each other.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

A GET command in a GET request is immediately followed by the…

A

resource location

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

The ? character in a GET request indicates…

A

the beginning of the parameters

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Parameters in a GET request are seperated by…

A

The & character

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is the code for an ‘ok’ response for a HTTP request?

A

200 OK

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is REST?

A

REST is a software architecture that can be followed while designing systems.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

With REST, you should provide every resource with what?

A

A unique ID (for example a URI).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Within REST architecture, you should link what together?

A

Resources, establishing relationships between the resources

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What kind of methods should be used when implementing REST?

A

Standard methods - such as HTTP / XML

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Resources can have multiple representations - what does this indicate?

A

Different application states

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

The communication in REST should use HTTP, what does this imply?

A

That it should be stateless

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What approach is used to separate user interface from data storage?

A

Client / Server

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

The client / server interaction is…

A

Stateless

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Servers host what?

A

Resources

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Clients consume what?

A

Resources

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Any information that can be named, can be a…

A

Resource

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

A resource has what associated with it?

A

A URI (identifier)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Any given resource can also have associated what?

A

Metadata

Such as media-type, last modified time etc

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

When accessing a resource, the resource identifier along with what is specified?

A

The action to be performed on the resource

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Actions are defined using HTTP what?

A

Verbs

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

What does the GET verb do?

A

Retrieves a resource identified by a URI

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

What does the POST verb do?

A

Sends a resource to the server, updates the resource in the location identified by the URI

(Post can be used to update the resource)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

What does the PUT verb do?

A

Sends a resource to the server, to be stored in the location identified by the URI - if the resource already exists, it is modified

(Creates the resource, starts the lifecycle)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

What does the DELETE verb do?

A

Deletes a resource identified by a URI

Ends the life cycle of the resource

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

What does the HEAD verb do?

A

Retrieves the metadata of a resource identified by the URI

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

What PHP function is most suited to sending / retrieving data via http?

A

curl

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

How do you init curl?

A

$client = curl_init($url);

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

How do you terminate a curl connection?

A

curl_close($client);

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

Does the file_get_contents function work with web redirects?

A

Yes - it will automatically follow redirects, rather than returning the redirect message itself.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

What configuration option is required to be on in order to use standard PHP file handling functions to do HTTP requests (such as file_get_contents)?

A

allow_url_fopen directive must be turned on in the php.ini file

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

What package might be useful if cURL is not available, and allow_url_fopen is not enabled on the webserver?

A

HTTP_Request2 - which is a PEAR package. PEAR packages are plain PHP, so as long as I can install a PHP file on the sever, it can be used.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

What function do you use to configure curl when it is initialised?

A

bool curl_setopt(resource $ch, int $option, mixed $value)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q

What does the option CURLOPT_RETURNTRANSFER do?

A

When set to true, it tells curl to return the data via the call to curl_exec (i.e. as a string return value)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
35
Q

What function would you use to load a url into a xml format via url?

A

SimpleXMLElement simplexml_load_file();

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
36
Q

What function can you use to load xml from a string (that has perhaps been obtained via curl)?

A

SimpleXMLElement simplexml_load_string();

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
37
Q

What function can you use to build a query string?

A

string http_build_query();

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
38
Q

If you are accessing a site that uses http basic auth, how would you modify your file_get_contents call to pass the username and password?

A
$url = "http://caino:supercool@www.example.com";
$file = file_get_contents($url);
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
39
Q

If you are using basic auth - what curl_options would allow you to pass the password and username to retrieve data?

A

curl_setopt($c, CURLOPT_USERPWD, ‘caino:superhaxor’);

(Same can be done by using CURLOPT_HTTPHEADER option and using a base64 encoded string to write the header with password and username in it).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
40
Q

How do you configure file_get_contents to not follow redirects?

A
$options = array('max_redirects' => 1);
$context = stream_context_create(array('http' => $options));
$file = file_get_contents($url, false, $context);
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
41
Q

What function do you use to create a new context?

A

stream_context_create()

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
42
Q

What is a stream context?

A

A set of parameters and wrapper specific options which modify or enhance the behavior of a stream.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
43
Q

cURL only follows redirects when?

A

When CURLOPT_FOLLOWLOCATION is enabled

curl_setopt($c, CURLOPT_FOLLOWLOCATION, true);

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
44
Q

How do you configure the maximum number of redirects for cURL?

A

curl_setopt($c, CURLOPT_FOLLOWLOCATION, true);

curl_setopt($c, CURLOPT_MAXREDIRS, 4);

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
45
Q

How would you write a file from the web to a local file using cURL?

A

$fh = fopen(“local-copy-of-html-file.html”, “w”) or die($php_errormsg);
$c = curl_init(“http://example.com/filelocation.html”);
curl_setopt($c, CURLOPT_FILE, $fh);
curl_exec($c);
curl_close($c);

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
46
Q

How could you get cURL to write to a callback function (i.e. for writing to a database)

A

curl_setopt($c, CURLOPT_WRITEFUNCTION, array($pageSaver, write));

// Where $pageSaver is an object, and write is the method
// it will pass on the curl object and the page data
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
47
Q

What is the fundamental unit of REST?

A

A resource

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
48
Q

Resources can be identified by two means, what are they?

A

URI - (Universal Resource Location) - Location

URN - (Universal Resource Name) - Name

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
49
Q

Is a URL a URI?

A

Yes

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
50
Q

Is a URI a URL?

A

Not necessarily, although it can be.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
51
Q

Why are URN’s different from URL?

A

URN’s are intended to be unique in both space and time - they should identify a resource in such a way that there is no ambiguity.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
52
Q

Why are URL’s different from URI’s?

A

URL’s can be URI’s, but a URI doesn’t necessarily have to be a URL. This is because they have different potential syntax.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
53
Q

What is the format of a URN?

A

urn::

Where nid is the namespace identifier, and nss is the namespace specific string.

Example:
urn:isbn:03432234235

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
54
Q

What is the standard format for a REST url?

A

/version/resource/key

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
55
Q

Can you process a REST request from the following URL?

www.cainmartin.net/v1/chickens/20

A

No - we don’t know what the HTTP method is, therefore we cannot process the request.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
56
Q

Some methods in a REST API must be safe, what is a safe method?

A

It doesn’t modify the resource (GET is a good example)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
57
Q

Some methods in a REST API must be idempotent, what is an idempotent method?

A

Calling an idempotent method many times is equivalent to calling it once.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
58
Q

What are the NON-SAFE methods?

A

POST, DELETE and PUT

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
59
Q

What are the idempotent methods?

A

GET, PUT, DELETE

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
60
Q

Which method is neither considered safe, or idempotent?

A

POST

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
61
Q

What HTTP feature is used to indicate status of a request?

A

HTTP status codes

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
62
Q

Which status codes are considered to be success?

A

The 200’s.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
63
Q

Which status codes are considered to be client errors?

A

The 400’s

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
64
Q

Which status codes indicate further action is required for the server to respond?

A

The 300’s

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
65
Q

What status codes indicate a server error?

A

The 500’s

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
66
Q

Is it okay for a resource to have different representations?

A

Yes - this is quite normal, i.e. it could be JSON, or XML, or HTML and PDF

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
67
Q

What $_SERVER variable is useful for determining where to route a REST request?

A

$_SERVER[‘REQUEST_METHOD’]

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
68
Q

If a client attempts to use a method which is not allowed, which HTTP response should you reply with?

A

405 - Method not allowed

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
69
Q

Do the following urls’ point to different resources?

http: //www.food.com/stuff/brocolli
http: //www.food.com/stuff/Brocolli

A

Yes - they point to different resources. Technically URL’s are case sensitive. (But most web servers will try to make the server behave like they are case insensitive, so in all likelihood will arrive at the same resource).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
70
Q

HTTP is a request and ….. protocol.

A

Response

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
71
Q

The request and response are handled in a …. HTTP transaction

A

single

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
72
Q

Because some methods are not safe, how do we deal with users being left on a page after a non-safe method, refreshing their browser?

A

One method is to do a redirect after successfully completing a post / or delete (or whatever safe method). This will redirect to a GET page. The GET may simply retrieve the result of the last unsafe command (i.e. a list of users, or confirmation number)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
73
Q

There is a name given to the practice of redirecting after a post - what is it called?

A

POST / REDIRECT / GET or PRG.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
74
Q

With a safe method (i.e. GET), there is a benefit to having the query string visible in the URL, what is it?

A

Users can bookmark the url with the query string embeded within it (which could be a search, or whatever). Because GET is both safe and idempotent, there is no issue with the user refreshing the page.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
75
Q

A full HTTP request message consists of what parts?

A

[method][url][http version]
[headers]
[body]

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
76
Q

What is the most common HTTP version seen in request headers as of today?

A

1.1 (with 2.0 on the horizon)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
77
Q

What is the only required header in HTTP 1.1?

A

host

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
78
Q

What header could be used to indicate it wants to accept the response in french?

A

Accept-Language: fr-FR

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
79
Q

When a header does appear it must…

A

obey the standards for that header

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
80
Q

What does the Referer header do?

A

When a user clicks a link - the client can send a link to the referring page in this header

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
81
Q

What does the User-Agent header do?

A

Contains information about the user agent / software making the request. Can often be used to determine which browser is making the request.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
82
Q

What does the Accept header do?

A

Describes the media types the user-agent is willing to accept, used for content negotiation.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
83
Q

What does the Cookie header do?

A

Contains cookie information

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
84
Q

What does the If-Modified-Since header do?

A

Will contain a date of when the user-agent last retrieved (and cached) the resource. The server only has to return the entire resource if it has been modified since that time.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
85
Q

Some headers can contain multiple values, how are they separated?

A

By commas usually
i.e.
Accept-Encoding: gzip,deflate,sdhc

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
86
Q

If you see / in an Accept header, what does this indicate?

A

That the client will ultimately accept any data - and will determine itself how to deal with it.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
87
Q

What parts / components does a http response contain?

A

[version][status][reason]
[headers]
[body]

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
88
Q

Which status codes are considered to be informational?

A

The 0-100’s.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
89
Q

Which redirect is usually used after a successful POST request to make the client retrieve data using GET? (i.e. after a user successfully logs into a system).

A

302 - Moved temporarily. The client should continue to use the original URL to obtain the resource

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
90
Q

If the server has encountered an error in the syntax of the request, what should it respond with?

A

400 (bad request)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
91
Q

If a user attempts to access a resource they don’t have permission for, what response should be returned?

A

403 (forbidden)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
92
Q

If a server is throttling requests due to heavy load - what response should be used to indicate this?

A

503 (Service Unavailable)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
93
Q

If a user sends a request to create a new user, but forgets to fill in a field, what response should the client receive?

A

200 OK.

The HTTP response and the clients requirements may be different. The HTTP connection occurred and completed successfully, so it should return 200. However, the response will contain information within it that indicates there was an error. NOTE: This is generally the case for web applications and not for web API’s and web Services.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
94
Q

Web API’s and Web services generally operate closer to…

A

the HTTP spec than web applications. This is evidenced in how they use HTTP codes - rather than returning 200 OK for a failed attempt to create a user, a web service/api may return 400 (bad request) with information in the body as to what went wrong. This is because the web service is likely returning XML / JSON not intended for direct human interpretation.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
95
Q

A server may include in the response the content type which is known as a ….

A

a MIME type

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
96
Q

What is an ETag (in a response header)?

A

A header which is related to caching / performance optimization. It is an identifier that will change when the underlying resource changes. Therefore comparing ETags is an efficient way of determining when a cached resource has become stale.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
97
Q

What does the ‘Connection: close’ header indicate?

A

That the connection to the server may not be persistent. Typical with inexpensive hosts like goDaddy.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
98
Q

A forward proxy is closer to…

A

the client - and the client may require some configuration to use it.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
99
Q

A reverse client is closer to…

A

the host - and is invisible to the client.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
100
Q

In HTTP 1.1, can a response with a 200 OK header be cached?

A

Yes

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
101
Q

What headers control how caching may be done?

A

Cache-control

Expires (although this is deprecated, still used)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
102
Q

What are the possible values of Cache-control header?

A

public - public proxy can cache it
private - only users browser can cache it
no-cache - no one can cache it
no-store - no caching, and also should store the data as it has sensitive information
max-age - gives a time to expire

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
103
Q

With HTTP, what are some options with storing state, given HTTP is a stateless protocol?

A

You can store state in hidden fields to be sent with the next request - good for short lived state tracking, like form filling progress.

You can store state on the server - PHP sessions.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
104
Q

What is the ‘fat url’ technique of tracking a user?

A

When cookies are not available, the server may write an identifier into the url (cookieless session essentially).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
105
Q

What does the HttpOnly flag do (as part of the set-cookie header)

A

Prevents JavaScript from modifying cookie data - useful to prevent XSS attacks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
106
Q

Why do cookies potentially interfere with caching?

A

Because cookies can be used to identify users, there could be security risks related to caching a cookie - therefore they should not be cached. So any response with a Set-Cookie header should not be cached (at the very least, not the headers).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
107
Q

In HTTPS what is encrypted?

A

Everything after the host name in the url, and all request and response traffic (including headers and body).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
108
Q

When we send a request to a server, the server usually responds with a document, this document is called a…

A

representation of the resource

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
109
Q

The concept of addressability says that every resource should have…

A

it’s own url

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
110
Q

In REST terms, the page that you are on represents the…

A

application state

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
111
Q

What is HATEOAS?

A

Acronym for - Hypermedia As The Engine Of Application State

Basically refers to ‘which page you are on’

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
112
Q

The value of the content-type header is known as the …….. of the body.

A

media type (or MIME type)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
113
Q

JSON must be served as… (what content-type)?

A

application/json

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
114
Q

If you receive a content type of “application/vnd.collection+json”, is it just JSON?

A

No - JSON is served using “application/json” - this indicates that it’s a collection+json, which is a standard for publishing searchable list of resources over the web.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
115
Q

If you have a content type collection+json, what formatting is required?

A

It must be a JSON object, and have an element called ‘collection’.

{ “collection”: { “items”: [{}, {}, {}]}}

The items within the item field must also be objects.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
116
Q

The collection+json standard requires a href field - what does that href point to?

A

The address used to retrieve a representation of the document.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
117
Q

What element of a collection+json document instructs the client as to how to build a message?

A

The template section

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
118
Q

In REST, a representation should describe…

A

A resources state

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
119
Q

What are two methods by which an API can provide multiple representations of the same content (i.e. a JSON format and an XML format)?

A

Client negotiation - i.e. the client uses the HTTP headers to distinguish amongst representations.
The second is to give the resource multiple urls, one for each representation.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
120
Q

If I send a http DELETE request, and I receive a 204 - no content reply, what does this mean?

A

The object was deleted, and the server has nothing more to say about it.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
121
Q

If I send a http DELETE request and I receive a 200 OK reply, what does this mean?

A

The object was deleted, but the server wants to give you further information about it.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
122
Q

If I send a HTTP DELETE request and I receive a 202 ACCEPTED reply, what could that mean?

A

The server has accepted the request for delete - but it will do it later.

123
Q

If the client tries to delete something using a DELETE request, but recieves a 404 NOT FOUND, or 410 GONE code, what does this mean?

A

It could not delete the object because it doesn’t exist. This is an error.

124
Q

What are the two jobs that post has?

A

Post to append - i.e. sending a request to a resource creates a new resource under it

Overloaded post (where post is used for things other than it’s intended purpose)

125
Q

What are the best response codes for a PATCH request?

A

The same as PUT and DELETE - 200 ok, 204 (no content) is fine.

126
Q

What does the OPTIONS verb do?

A

It requests a list of http methods the API supports from the server, it contains the “allow” header - which contains the list of options.

127
Q

What is the difference between a GET request and HEAD request?

A

HEAD request is only supposed to have the headers returned, without the body.

128
Q

Why can’t you trigger a DELETE or PUT request from the web browser?

A

HTML specs only allow get and post actions in a HTML form.

129
Q

If you post a GET request, is the data from any forms in the body?

A

No - it’s encoded in the URL.

130
Q

What kind of request does a HTML [a] tag describe?

A

A GET request

131
Q

What kind of request does a [img] HTML tag describe?

A

A GET request for one specific URL, which happens automatically in the background.

132
Q

What kind of request does a HTML [form] tag with a post method describe?

A

A POST request to one specific URL, with a custom entity body constructed by the client. The request is only made if the user triggers the control.

133
Q

What kindo f request does a HTML [form] tag with a GET method describe?

A

A GET request to a custom URL constructed by the client. The request is only made if the user triggers the control.

134
Q

How does the Fielding dissertation describe Hypermedia?

Hypermedia is defined by the presence of application control behaviour…

A

embedded within, or as a layer above, the presentation information.

135
Q

URI templates are defined in what RFC?

A

RFC 6570

136
Q

What is the difference between a URL and a URI?

A

All URL’s are URI’s, but all URI’s are not necessarily URL’s. For instance - a books ISBN is a URI - and would not make a very good URL as there is no associated protocol that would allow a computer to find it.

137
Q

You can’t get a representation without a…

A

URL

138
Q

What is a link header?

A

It is a HTTP header field that can be used to provide a URL to another resource. For instance, you could use it to provide the link to the next part of a multi-part document.

139
Q

Which HTTP methods make use of the link header?

A

LINK / UNLINK

140
Q

What are the four parts of a HTTP request?

A

The method
The target URL
The HTTP headers
The entity body

141
Q

HTML spec says that a html ‘a’ tag becomes what kind of request when clicked?

A

GET

142
Q

Why doesn’t a URI template make sense on it’s own?

A

Because it doesn’t define the HTTP method to be used - it requires additional information.

143
Q

What does the Content-Type header look like for a form when sent via HTTP POST?

A

application/x-www-form-urlencoded

144
Q

How could you change the behavior of a form, so that it is not URL ENCODED?

A

Use the enctype field on the form. i.e.

enctype=”text/plain”

145
Q

What kind of ‘promise’ does the HTML img tag make in regards to the response?

A

The resulting GET request will result in an image being returned.

146
Q

If you saw ‘rel=”edit”’ in a HTML link tag - what does that say about the resource?

A

It supports not only GET, but PUT and DELETE. i.e. editing of the resource.

147
Q

What kind of link is an “a” tag in HTML?

A

An outbound link - i.e. usually takes you off page. When activated, it usually replaces the current state with a new state.

148
Q

What kind of link is an “img” tag in HTML?

A

Embedded link. These kind of links do not change the clients application state, they augment it.

149
Q

The process of embedding one page in another page is called…

A

transclusion

150
Q

Name three other embedding links (other than img)?

A

frameset
script
link

151
Q

Why shouldn’t you use plain JSON to represent API’s?

A

Because it does not support hypermedia - you should always use a media type that supports hypermedia

152
Q

What is a link relation in the context of an API?

A

It is a string associated with a hypermedia control (like an xml tag named ‘link’) - it explains the change in application state (for safe requests) or resource state (for unsafe requests) that will happen if the client triggers the control.

153
Q

What body tracks the most useful link relations that can be used in REST applications?

A

IANA - Internet Assigned Numbers Authority

154
Q

Where are link relations registered (to avoid confusion)?

A

Generally in a media type.

155
Q

What are the two types of link relations?

A

Registered relation types, extension relation types.

156
Q

Registered relation types look like short strings (i.e. prev, next) - but extension relation types look like…

A

URL’s.

157
Q

How would you define an extension relation?

A

You can use your domain - i.e. http://www.cainmartin.net/whatever

  • this could never have a conflict with someone elses extension, since you own the domain.
158
Q

If a user visited the URL of an extension relation, what should they see?

A

A human readable explanation of the extension.

159
Q

Can your link relations have the same names as those in the IANA registry?

A

No - they should not conflict.

160
Q

What are the two steps in bridging the semantic gap when designing a domain specific API?

A

Write down the application semantics in a human readable specification

Register one or more IANA media types for the design.

161
Q

How does a client developer determine how to utilise your domain specific API?

A

They can search the IANA for a media type in the registry.

They can read the human readable specification.

162
Q

A collection is a resource that lists other resources by…

A

linking to them

163
Q

An individual resource within a collection is sometimes called a…

A

item or entry, or member of the collection

164
Q

In a collection+JSON file, the format contains items, of which each item may contain a link field. Within the link field - is a key/value pair ‘render’. If render is set to ‘image’, what does this mean?

A

The link should be rendered as an embedded image.

165
Q

In a collection+JSON file, the format contains items, of which each item may contain a link field. Within the link field - is a key/value pair ‘render’. If render is set to ‘link’, what does this mean?

A

The image should be rendered as an outbound link.

166
Q

In order to write data to an API, (given collection+JSON format) how do you determine the format of the data?

A

Use the write template which is part of the collection format.

167
Q

How do you add to a collection given the Collection+JSON standard?

A

The standard says that you can add to the collection by sending a POST request to the collection (i.e. to it’s href attribute).

168
Q

Given a very large collection, what is one way a collection+JSON can deal with this, without sending a large set back to the client?

A

Send a query / search template

169
Q

In Collection+JSON, the search templates for a collection are stored in which slot?

A

The queries slot

170
Q

What media type represents ATOM publishing?

A

application/atom+xml

171
Q

If you check an API’s media type and get application/json, what does this say about collection resources?

A

Absolutely nothing - as the JSON standard does not specify anything about collections.

172
Q

If the API is using application/json, what does this say about the api?

A

It is a new / flat standard, and the only way to determine how it works is to check the documentation.

173
Q

The defining characteristics of a collection is it’s behaviour under…

A

HTTP POST, unless the collection is read only - a client can create a new entry by using POST.

174
Q

What do the collection standards say about HTTP PUT or PATCH?

A

Nothing, but in general PUT is used to update a resource and this based on the HTTP standard. This is also supported by Collection+JSON, AtomPub, and OData. PUT is how clients change the state of any HTTP resource.

175
Q

What do the collection standards say about HTTP DELETE?

A

None of the three big collection standards specify how a collection should respond to DELETE. Some applications implement DELETE by deleting the collection, others delete the collection and every resource listed as part of the collection. However, an individual ITEMs response to delete is the same as the HTTP standard - i.e. you delete it.

176
Q

Does collection+JSON have any specific support for pagination?

A

No - it just assumes you know about prev/next links (which are sent as part of the links)

177
Q

How could you add pagination support to a collection+JSON format?

A

You could use the IANA generic link relations (next/prev/first/last) - which are registered with IANA, and use them in the links field - with links that match.

178
Q

AtomPub has no support for ‘search’ - what is the assumption?

A

That you will plug in your own open standard, such as OpenSearch if required.

179
Q

What is the major difference between an item in Collection+JSON and an AtomPub entry (equivalent of an item)?

A

An item in Collection+JSON does not have a fixed format, in that it could represent anything - however, AtomPub is designed around news feeds, and so it represents very clearly and quite rigidly a news item.

180
Q

If AtomPub is fairly rigid in terms of it’s definition of an item, how is it that Google can use it for almost anything (including representations of cells in a spreadsheet)?

A

AtomPub is quite extensible, and allows for additional application semantics to be added.

181
Q

Can HTML be used for an API format?

A

Yes - it works quite well, as it has a very flexible structure, and application semantics can be added to the format via class, rel attributes (among others).

182
Q

What is the problem with making up your own semantics for HTML in an API format?

A

There is no documentation on what those semantics mean - the user would have to find documentation on them.

183
Q

What is one way to add extra semantics to HTML?

A

Use a microformat

184
Q

What is a microformat?

A

A web-based approach to publishing formats that can be used to add extra semantics to existing standards (HTML)

185
Q

What is a common way to utilise an existing recognised data format?

A

Take an existing format - i.e. vCard, or Maze+HTML and then convert it to html.

186
Q

What is microdata?

A

Microdata is a refinement of the Microformat idea for HTML5

187
Q

What HTML5 attributes were introduced specifically for the purpose of representing application semantics?

A
itemprop,
itemscope,
itemtype,
itemid,
itemref
188
Q

In HTML5, which of the microdata attributes are used like the way a microformat uses the class attribute?

A

itemprop

189
Q

What does the itemscope attribute indicate?

A

It is a boolean property that indicates that the tag it is attached too contains microdata.

190
Q

What does the itemtype attribute used for?

A

It is a microdata attribute that is used to tell the client where to go to find out what the microdata means.

191
Q

Where would the itemtype attribute typically be used?

A

At the top of the microdata section of the document - usually alongside the itemscope attribute.

<div>
  <div>
     <div>Title</div>
  </div>
</div>
192
Q

What is the one benefit that a microformat has over a microdata?

A

Microdata cannot define the contents of the rel attribute - it can only define the values of the itemprop elements.

193
Q

What is the issue with using a HTML link as way of changing application state?

A

HTML links only support GET - but changing application state is not a SAFE action.

194
Q

How would I use HTML to change application state (given that standard hypermedia links represent GET actions which are supposed to be safe actions)?

A

You can use a FORM - with a POST method.

195
Q

What is the problem with using a HTML FORM element when using Microformats?

A

The button that triggers a HTML FORM does not support REL attributes - so we have no way of presenting application semantics to indicate what the link is for. (But they do support itemprop and class - so there is a way around this!)

196
Q

What is the difference in thinking of items as resources as opposed to hypermedia when it comes to documenting the design?

A

When thinking of resources, we would document the API endpoints / urls - as hypermedia we would think about state transitions, i.e. a switch is a resource, in a hypermedia API we would concentrate on what you can do with the switch, not about the switch itself.

197
Q

What limits does HTML4 have when serving an API?

A

The available hypermedia controls can describe all of HTTPs’ methods.
Forms in HTML can only build entity-bodies in two different formats - x-www-form-urlencoded (for basic key/value pairs) or multipart/form-data for key-value pairs plus file uploads).
HTML4 does not distinguish between numbers and strings (unlike json)
HTML4 does not define a way to deal with dates (unlike json)

198
Q

Does HTML5 solve some of the limitations of HTML4 when serving API’s?

A

Some of them - but not all.
HTML5 defines a time tag
You can use HTML5’s meter tag to define a number (sometimes)
HTML5 has some new attributes for embedding links - but none are very useful for API’s.
HTML5 STILL can’t trigger PUT or DELETE http actions.

199
Q

What is an alternative format to HTML when creating API’s?

A

HAL - Hypertext Application Language

200
Q

What are the two primary concepts that HAL defines?

A

Links and Resources

201
Q

The resource tag in HAL indicates what?

A

That the contents is a HTTP resource

202
Q

What is the difference between a HAL link and a HTML link?

A

HAL links are completely generic hypermedia control. HTML implies certain HTTP verbs based on link type (i.e. <a> is a GET request). HAL has only one hypermedia control - but it can control anything (i.e. PUT, GET, DELETE).</a>

It can trigger ANY http request at all.

203
Q

What is the major issue with HAL and Hypermedia links?

A

There is no machine readable information that indicates how a hypermedia control should be used - i.e. you have to include human readable documentation to indicate what the REL attribute should be doing?

HAL has no way of conveying protocol-semantics in a machine readable way.

204
Q

How is the method of use of the Hypermedia link indicated in the HAL language?

A

It uses the REL attribute - but there are no defined reserved keywords.

205
Q

What is Siren?

A

Siren is a general hypermedia format using JSON. It is designed to represent abstract groupings it calls entities. An entity may be a HTTP resource with it’s own URL, but it does not have to be.

206
Q

What makes Siren more useful than HAL and HTML?

A

Siren has an ‘actions’ component that allows the explicit declaration of the method that should be used with that resource. I.e. “method”: “POST”

207
Q

One of the fielding constraints is “Self describing…”

A

“messages”. The server shouldn’t have to guess what a HTTP request means, and the client shouldn’t have to guess what a response means.

208
Q

What does RFC 6906, ‘profile’ link relation specify?

A

It’s a type of link relation that represents a profile - a way of telling a client about the application semantics.

209
Q

What does the following indicate?
HTTP/1.1 200 OK
Content-Type: application/json
Link: https://dev.twitter.com/docs;rel=”profile”

A

This is a response header that indicates that there is additional semantics on top of the json. This is indicated by the ‘profile’ relation.

210
Q

Is it possible to link the profile to the media type directly in a HTTP response?

A

Yes - but only if the standard allows it. For example, the following is illegal:

application/json;profile=”http://example.com/profile”

According to RFC4288 - you can only add the profile parameter on any random type - it has to support it, and JSON makes no mention of supporting the profile parameter.

(NOTE: application/collection+json DOES allow profile paramter).

211
Q

What hypermedia types currently allow for the profile parameter?

A

Collection+JSON, JSON-LD, HAL, XHTML (but not HTML)

212
Q

If you want to link a profile to a HTTP response header, and you aren’t using one of the media types that support ‘profile’ parameters, what should you do?

A

Use the link header instead.

213
Q

HTML5 microdata has an attribute that allows links to profiles - what is that attribute?

A

itemtype

< div itemscope itemtype=”http://schema.org/Person”>

214
Q

The itemtype attribute of HTML5 microdata links to a profile - what does the profile do?

A

Provides an application semantics on top of the HTML5 microdata layer.

215
Q

HTML4 also has a method for linking to a profile - what is it?

A
216
Q

What does a profile contain?

A

Human readable prose that explains the use of the API.

217
Q

What is the benefit of using a full featured hyper-media format - even when you could just provide a profile?

A

The profile only needs to include information about the application semantics, as the protocol semantics are already known.

218
Q

Protocol sematics deal with…

A

HTTP requests

219
Q

Application semantics refer to…

A

things in the real world

220
Q

As the API designer you are responsible for documenting all of your link relations…

A

ahead of time, in a profile document, or in the definition of a custom media type (the only exception are those link relations taken from IANA).

221
Q

If you use extension link relations (the ones that look like URL’s) - what should they do?

A

If someone puts that link into a web browser, it should lead to an explanation of that link relation.

222
Q

Can link relations result in ‘unsafe’ resource changes?

A

Yes - for instance a ‘flip’ relation, could indicate a switch is to be flipped - using a POST request. This would probably result in a change of state, and is therefore unsafe. It is however, completely valid.

223
Q

What is a semantic descriptor?

A

It is a magic string that is used to identify a field in a way that relates back to a microformat or profile. i.e.

< span class=”fn”>Jenny</span>
< span itemprop=”name”>Jenny</span>
{ “name”: “Jenny” }

All three of these are different ways to identify a name - fn is the hCard microformat way to describe a name for CSS. The microformat Person method is demonstrated second, followed by JSON twitter format.

224
Q

In a Siren entity, is the class of the entity a semantic descriptor?

A
yes, as is name of the entities properties.
"class": ["person"],
"properties": { "name" : "Jenny" }
...
}
225
Q

In ad-hoc json it’s cusomary to see semantic descriptors used as…

A

object keys

226
Q

In ad-hoc XML documents, tag names often correspond to semantic descriptors (i.e.
< person>
< name>Foomanchoo< /name>

Why is not recommended to design API’s using adhoc JSON or XML?

A

Because they are only conventions, a client cannot rely on that being the same in other situations.

227
Q

What is XMDP?

A

A microformat for explaining microformats.

228
Q

Why is it fair to say that most modern API’s don’t use microformats?

A

Most modern API’s are written using JSON or XML - microformats are a HTML feature, which is not often used these days.

229
Q

What is the benefit of the ALPS’s profile format?

A

The same format can describe the application semantics of many different document formats (i.e. JSON, SIREN, etc).

230
Q

What is JSON-LD?

A

JSON for Linked Data - another API format

231
Q

If you know that state transitions will be handled by an end user, and not an automated machine, you don’t need embedded documentation - true or false?

A

False - the point of an API is that users will use it as they see fit - it’s not possible to know how everyone will use the API.

232
Q

What are the two different use cases for profiles vs embedded human readable documentation in hypermedia representations?

A

Profiles allow developers to write smart clients, Text embedded in a representation allows a human being to to use an application through a client that faithfully renders representations.

233
Q

How can you improve the performance of an API?

A

Provide a cache in front of the API / reverse proxy.

234
Q

What HTTP headers are relevant when telling a cache how to long to cache the data?

A

Cache-Control: max-age=N
or
Expires

235
Q

Why can’t the header of a http request be trusted?

A

It can be created very simply using curl or any other library - and is therefore prone to compromise.

236
Q

How do you build a query string to be added to a url for use in a GET request?

A
$url = "http://www.example.com/get_pages";
$data = array("page" => 1, "numofpages" => 10);
$url = $url . http_build_query($data);
237
Q

What does the function stream_context_create do?

A

When creating POST requests using stream functions (i.e. file_get_contents), you have to provide a context. Create an array of data providing context, and pass to the function - this will format the data in a way that the stream can understand.

$options = array(
“http” => array(
“method” => “POST”,
“header” => “Content-Type: application/etc…”,
“content” => http_build_query($data)
)
);

$page = file_get_contents($url, false, stream_context_create($options));

NOTE: http_build_query is working on an array, same format as if you were doing a GET request.

238
Q

If you are not accessing GET or POST data, (say a non-standard verb) - how do you access that in PHP?

A

You can obtain it from “php://input”

$_PUT = array();
if($_SERVER[‘REQUEST_METHOD’] == ‘PUT’) {
parse_str(file_get_contents(‘php://input’), $_PUT);
}

NOTE: DO NOT FORGET THE SECOND argument to parse_str - otherwise they will be extracted as local variables. Danger William Robinson.

239
Q

How can you determine what request method was used on the server?

A

$_SERVER[“REQUEST_METHOD”] == ‘PUT’

240
Q

Is the header ‘Cookie’ sent with the request or the response?

A

Request - ‘Set-Cookie’ is sent with the response.

241
Q

What is WURFL?

A

The Wireless Universal Resource File - a file that is used to match HTTP Request headers to the profile of the HTTP client (i.e. mobile / desktop etc.)

242
Q

When it is appropriate to use WURFL?

A

Typically when you need to determine the platform (perhaps for display purposes) - for API’s it’s better to just let the client request a format type via the request headers - and provide it.

243
Q

What header can you use to tell a server what kind of content the client can handle?

A

Accept:

i.e.

Accept: text/html, application/xhtml+xml

244
Q

What must you consider when reading a Accept header?

A

Accept: text/html, application/xhtml+xml

Each element is it’s own entity, and the order that they are sent indicates the order of preference.

245
Q

Using Accept / Content-Type headers together to understand what to send and how to decode it is called what?

A

Content negotiation

246
Q

What does the ‘q’ value in an accept header mean?

A

It indicates the level of preference for that particular content type. It’s default is one, sometimes you will see in a Accept-Language: en-GB, en-US;q=0.8

247
Q

How would you use HTTP Auth to secure a web service?

A

Arrange the username and password into format username:password. Base64 encode the result.
Send the data in the header:
Authorization: Base (the base 64 encoded string)

Make sure you are using HTTPS

248
Q

Can ‘unofficial’ headers be used with HTTP?

A

yes - but they must be prefixed with X-

249
Q

When a user first reaches a page - what is the order of transactions involved in setting up cookies?

A
  1. Request arrives, without cookies
  2. Response is made, with cookies
  3. Next request arrives, with cookies
  4. Response is made, with cookies (any updates, or not)
  5. Repeat steps 2-3 ad infinitum
250
Q

When a client first visits a site, are there cookies?

A

No - not until a reply is made containing the cookies to be written.

251
Q

How would you set a value of a cookie “visited” to true?

A

setcookie(“visited”, true);

252
Q

How would you set a cookie value via PHP’s curl library?

A

curl_setopt($ch, CURLOPT_COOKIE, “visted=true”);

253
Q

Are session cookies the same as PHP cookies?

A

No - it is possible to use cookies in an API - but PHP session cookies is not that normal. It is more typical of an API to stateless and self contained.

But normally you wouldn’t use cookies of any type - API’s (RESTful ones anyway) typically have their state set by the client - and the API is just there to get it done. Using cookies makes this difficult.

254
Q

What are some good reasons to use JSON for a data format?

A

It’s lightweight, can be compressed well, doesn’t take up much room so is good for ‘over the wire’ or mobile applications. Simple, well established format.

Useful to use when information about the exact data format is not critical and the effort needed to decode it must stay light.

255
Q

When using JSON to send data, what is the difference in handling an array with keys and values and an object with properties?

A

Nothing - they will appear on the other end exactly the same.

256
Q

Why should you keep any tokens files that you may use for securing an API in a separate file?

A

To prevent it from leaking publicly (it can be placed somewhere that can’t be reached).

257
Q

When should you use XML over JSON?

A

XML is very good for being able to pass detailed information, and also supports information about the type of data.

258
Q

What method of creating XML in php is the most common?

A

SimpleXML since it is well documented, however it can’t do everything - so DOM is sometimes used. There are conversion functions available - so a mix of the two is common.

259
Q

Why might one choose to use XMLReader, XMLWriter and XMLParser over SimpleXML or DOM?

A

While complicated, these options have the advantage of not having to load the entire documenting in memory at once.

260
Q

What is an RPC API?

A

A Remote Procedure Call API. RPC may use a the url string to encode a method parameter in which to notify the application which procedure to call. (NOTE THIS IS DIFFERENT TO TRUE XML-RPC)

261
Q

What is XML-RPC?

A

Similar to RPC - i.e. a Remote Call Procedure -but the information on what to call and how to do it is passed in the body as a POST request

262
Q

Given a class that returns (some form of) data - what is the simplest way to present that as an RPC API?

A

Just use a class to wrap it - the class will respond to input and call the appropriate methods, based on URL parameters.

263
Q

Is there a difference between XML over RPC and XML-RPC?

A

Yes, XML-RPC is a very tight specification, whereas XML over RPC is simply any method that you use to send XML over an RPC style call.

Same with JSON over RPC and JSON-RPC

264
Q

What is WSDL?

A

Web Services Description Language

A file that provides a machine readable definition of a web service, how to call it, what parameters it expects etc.

265
Q

What tool can be used to browse a SOAP service?

A

soapUI

266
Q

When is REST better than SOAP?

A

When you don’t have to directly map a set of objects to a client. It can be very costly to send information about the objects back and forth - avoid in situations where a mobile has to use the API at all costs.

267
Q

Can SOAP be used without WSDL?

A

Yes - it’s referred to as “non-wsdl mode”

268
Q

If a client has a SOAP WSDL file, what is the simplest way to get some data?

A

Use SoapClient();

$client = new SoapClient(‘http://api.example.com/soap2/?wsdl&v=latest’);

$countries = $client->getCountryList();
var_dump($countries);

269
Q

Are WSDL files usually created by hand?

A

No - while they can be, they are complicated. There are many tools for this - Eclipse has it, and there is a PHP tool called WSDLCreator

270
Q

What is one gotcha with SOAP and WSDL files when using PHP?

A

PHP is dynamically typed, but some languages are not. WSDL is intended to contain type information - so it’s possible you will get some mismatches. This is why many servers will use very generic types such as strings.

271
Q

Are SOAP and REST protocols?

A

SOAP is a protocol, while REST is more of s philosophy.

272
Q

What status code is often used when creating a new resource in REST?

A

201

273
Q

What feature can you implement to prevent users hitting the system to frequently.

A

Rate limiting

274
Q

What is ‘leaking information’ in the context of an API?

A

If a user without permission requests a resource, but is given a status code that indicates the resource exists, but they don’t have permission - they now know that the resource is there - a status should be sent that gives not more information than is required.

275
Q

Why is editing a record in REST a multiple step process?

A

First you need to get the record using GET, then update it, then return it using PUT to it’s original API. REST deals with the representation of records, so the whole record must be fetched.

276
Q

A REST record update is not an atomic operation (in that something can happen to the resource between the GET and the PUT), what is one ‘high level’ idea to deal with that?

A

Use the Last-Modified header or an ETag (ETag may not be totally appropriate?) - to determine when it was last modfied.

277
Q

If it seems like overkill to GET an entire resource (user for example) just to update one field (email for example), what is an alternative?

A

You could create a sub resource (or use PATCH). For example, you could create a URI that just references an email resource of the user.

/user/42/email

278
Q

Why is it problematic to use the PATCH verb?

A

Not all hardware supports the PATCH verb - so it may not be transmitted.

279
Q

Why is using CURL to debug API’s a good idea?

A

It removes the chance that the error is from the client. If the error goes away when using curl, then the client is probably at fault.

280
Q

What is one major caveat of using debug output such as var_dump when debugging API’s?

A

If the client is expecting JSON or XML, this could cause an issue.

281
Q

Where are error logs normally written?

A

This is specified by the error_log directive in php.ini

282
Q

How do you log an error to the PHP error log file?

A

error_log(“This is an error”);

283
Q

How would you log an error to a specific file?

A

error_log(“This is an error”, 3, “log.txt”);

NOTE: 3 means file
0 - PHP’s system log
1 - Send by email to the address in the destination parameter
2 - no longer in use
3 - to a file
4 - Send message directly to SAPI message handler

284
Q

If your API has functional features, what can be the biggest challenge in naming the API endpoints in a RESTful system?

A

REST apis should represent everything as a resource. But RESTful resources should not contain verbs - when an API uses functional features, this implies verbs.

285
Q

Why are user stories useful in determining what data to send with each request?

A

Because it may not be clear as to how much data to send for each request. For example, in a blog system, do I only send a short digest of the blog body, or do I send all of it. Do I provide the user with flags they can set to specify how much of the data to send? Do I send the Author along with the body, what about the comments?

286
Q

In an API, every customisable option should also have…

A

a default

287
Q

In the name of consistency, an API that returns an array of results should return what when there are no results or one result?

A

an empty array, or a single element array. Always return the same type - consistency

288
Q

Rather than passing error status codes back and forth up the application stack, what is one technique we could use to send consistent error messages back to the client?

A

Use an exception handler - use PHP’s set_exception_handler to specify a function that will deal with uncaught exceptions. Then make sure it knows how to render the error in the correct format (probably defined through the content negotiation stage).

289
Q

In an API that uses an MVC architecture, the first part of the url will describe what, and the second parameter will describe what?

A

The first will describe the location of the code (i.e. the controller) and the second will describe the method (action in MVC parlance) to call.

290
Q

What term is used when describing the act of handing off data to a renderer (it’s not specific to renderers).

A

Dispatch or dispatching

291
Q

What is a heartbeat method?

A

A simple method that responds when requested to indicate that the API is alive and where you expect it to be.

292
Q

What is the process of giving your database temporary test data called?

A

Seeding.

293
Q

Why should you never use production data when developing an API?

A

You could accidentally send emails out to the list, or affect real data. Don’t do it - use dummy data.

294
Q

When determining what actions will be required in an API, does every action require a corresponding endpoint?

A

No - some actions will just be parameters to existing endpoints.

295
Q

What is one of the downsides to using endpoints to retrieve a resource using an auto-increment id?

A

People using your API will know how many items are in your database - which may not be something you want to divulge.

296
Q

If you can retrieve a specific ‘place’ with the following endpoint..
GET /places/x
What is the danger with the following delete request?
DELETE /places

A

This would indicate you want to delete all places, and it’s an endpoint that should probably be avoided.

297
Q

When could PUT be used to create a resource over POST?

A

When you know the full URL and the result is going to be idempotent. i.e.

PUT /images/1/image HTTP 1.1

Because we’ve specified the full URL (including id and image) - the act of uploading this multiple times will have the exact same result. This is idempotent.

298
Q

Is it better to use singular or plural end points?

A

In the case of ‘user’
/user/x will return a single user identified by x
/user should return all users. You could use /users - but this is not necessarily scalable, you may also run across words that either don’t have a plural form or have unusual plural forms creating design issues for the endpoints. (i.e. opportunity vs opportunities)

It’s probably best to stick with plural for all cases.
/opportunities/1 - Get the opportunity with id 1
/opportunties - Get all opportunities

299
Q

Is this considered RESTful?

POST /users/5/send-message http 1.1

A

No - it is using a VERB in the url.

300
Q

If we aren’t putting verbs in the URL, where do the verbs come from?

A

The HTTP method.

301
Q

If your API had the following endpoint to send a message, how would you change your API to accommodate sending multiple messages to many users?

POST /cainmartin/messages HTTP 1.1

A

You could create a messages end point that accepts many messages:

POST /messages HTTP 1.1

302
Q

When we are coding a RESTful application, how do we map resources to code?

A
Through a controller. There should be one controller per type of resource. i.e. 
CategoriesController
EventsController
UsersController 
etc.
303
Q

Is it okay to use the “automagical” route handlers in frameworks like CodeIgniter to handle RESTful routing?

A

In general no - they create a lot of issues that may not be obvious immediately. Plus in a framework like Laravel, you could manually define the routes in routes.php and it becomes self documenting.