InterviewStack.io LogoInterviewStack.io

RESTful API Design and HTTP Fundamentals Questions

Understanding REST architectural principles including resource-based URLs, proper HTTP methods (GET for safe retrieval, POST for creation, PUT for updates, DELETE for deletion), appropriate status codes (200 OK, 201 Created, 400 Bad Request, 404 Not Found, 500 Internal Server Error), and stateless communication patterns. Ability to design simple API endpoints following REST conventions.

HardTechnical
63 practiced
Enumerate how you would protect a public REST API from common attacks: SQL injection, command injection, cross-site scripting (XSS), CSRF, insecure direct object references (IDOR), mass-assignment, and parameter tampering. For each threat describe server-side controls, validation, header-based mitigations, and recommended authentication/authorization patterns.
MediumTechnical
82 practiced
In Node.js using Express, implement an idempotent POST handler for POST /charges that accepts an Idempotency-Key header. Describe how you would persist keys, handle concurrent requests using the same key, set TTLs for keys, and return the stored response to repeat callers. You may write pseudocode or real code to illustrate the key steps.
HardSystem Design
63 practiced
Design an API gateway for a microservices architecture exposing REST endpoints to external clients. Describe how the gateway will handle authentication and authorization, rate limiting, request routing and protocol translation (e.g., REST to gRPC), response caching, circuit breaking, and observability including tracing and metrics. Discuss the tradeoffs between a thin gateway and a fat gateway.
MediumSystem Design
71 practiced
Design a complete set of RESTful CRUD endpoints for a Book resource. For each endpoint include the HTTP method, canonical path, expected request body schema, success status codes, and a short example of the response body. Also include endpoints for nested reviews belonging to a book and how you would handle list pagination.
MediumTechnical
68 practiced
Design a standardized error response schema for a REST API that will be used by web and mobile clients. Include fields such as machine-readable error code, human-readable message, details for field errors, and a correlation id for debugging. Show an example JSON for a validation error and explain how to map these to HTTP status codes and logging practice.

Unlock Full Question Bank

Get access to hundreds of RESTful API Design and HTTP Fundamentals interview questions and detailed answers.

Sign in to Continue

Join thousands of developers preparing for their dream job.