Our experts have gathered these REST API MCQs through research, and we hope that you will be able to see how much knowledge base you have for the subject of REST API by answering these 60+ multiple-choice questions.
Get started now by scrolling down!

1: What type of relationship is defined as one resource existing only if another parent resource exist-for example, pages in a book?

A.   Partial

B.   Dependent

C.   Associative

D.   Linked

A.   /companies/{id} and/company

B.   /company/{id} and/companies

C.   /companies/{id} and/companies

D.   /company/{id} and/company

3: When dealing with JSON web Tokens (JWTs), what is a claim?

A.   Data in the token

B.   Ownership

C.   A permission

D.   And integer

4: Which REST constraint specifies that knowledge and understanding obtained from one component of the API should be generally applicable elsewhere in the API?

A.   Uniform Interface

B.   Client-Server

C.   Stateless

D.   Chacheable

5: What would you enable to allow a browser on another site to make an AJAX request to your API?





6: APIs commonly use webhooks to _.

A.   Notify other systems of an event

B.   Catch error faster

C.   Improve error logging

D.   Log additional data

7: What is the underlying goal of all APIs?

A.   To add new technologies to an organization's infrastructure.

B.   To share features and functionality with other system.

C.   To move infrastructure to the cloud.

D.   To appease the latest digital transformation effort.

8: Which is a common command-line tool for using or exploring an API?

A.   Bash

B.   Curl

C.   Ssh

D.   PowerShell

9: What is the modern specification for describing an API?

A.   OpenAPI (Swagger)



D.   OAuth

10: Which HTTP verb is normally used to update or create a resource in an API?





11: What is one benefit of server-side caching in APIs?

A.   Mobile app work better.

B.   It improves uptime.

C.   It offers better security.

D.   It reduce load on servers.

12: Your API resource does no allow deletion, and a client application attempted to delete the resource. What HTTP response code should you return?

A.   409 Conflict

B.   400 Bad Request

C.   406 Not Acceptable

D.   405 Method Not Allowed

13: What is OpenID Connect?

A.   An identify layer on top of OAuth 2.0

B.   The new name for SAML 3.0

C.   A modern replacement for API keys

D.   An SSO competitor for OAuth 2.0

14: What is one benefit of GraphQl over REST approaches?

A.   Flexible querying/responses

B.   More stable APIs

C.   Compatible with more gateways

D.   More secure by default

15: Which REST constraint specifies that there should be no shared context?

A.   Stateless

B.   Client-Server

C.   Uniform Interface

D.   Cacheable

16: What purpose does a User-Agent serve?

A.   It identifies the user ID.

B.   It identifies the client application or SDK.

C.   It identifies if the API should expect a user authentication.

D.   It identifies if the API should accept microservice traffic.

17: If you were to add versioning by using the Accept and Content-Type header, what would be the correct format of the header value?

A.   Application/json

B.   Application/json_version2

C.   Text/html

D.   Application/vnd.myapp.v2+json

18: What is one benefit that OAuth provides over an API key approach?

A.   A token is encrypted.

B.   A token is encoded.

C.   A token is scoped to the use case.

D.   A token can be shared between systems.

19: The ability to execute the same API request over and over again without changing the resource's state is an example of _.

A.   Stateless architecture

B.   Idempotency

C.   A uniform interface

D.   Cacheability

20: What component can you use to wrap legacy architectures or protocols into a REST interface for easier consumption and integration?

A.   API proxy

B.   API gateway

C.   OpenAPI

D.   OAuth authorization server

21: What protection does a JSON Web Token (JWT) offer to mitigate tampering with its contents?

A.   Transport over SSL

B.   Encrypted payload

C.   A signature

D.   Encoded payload

22: What OAuth term is used to represent permissions?

A.   Token

B.   Scope

C.   Claim

D.   Back channel

23: What additional type of token would you see when using OpenID Connect?

A.   ID token

B.   Refresh token

C.   Access token

D.   Auth code token

24: What should you add to a Cache-Control response header to specify that a response should not be stored in an intermediary cache?

A.   No-proxy

B.   Client-only

C.   Restricted

D.   Private

25: Which OAuth grant type can support a refresh token?

A.   Authorization Code Grant

B.   Client Credentials Grant

C.   Implicit Grant

D.   Authentication Grant

26: Using OAuth, what scope would you request for write access to the API?

A.   It varies from API to API.

B.   Admin

C.   Write

D.   Read-write

27: Which property would you use to include subresources directly into a JSON document?

A.   _embedded

B.   Resources

C.   Subresources

D.   _links

28: What is the best way to track SDK and version usage?

A.   Tracking downloads

B.   Accept headers

C.   User agents

D.   Polling users

29: Which REST constraint allows for the presence of caching, routing, and other systems between the client and server?

A.   Layered System

B.   Stateless

C.   Client-Server

D.   Cacheable

30: Which content is best to include in your documentation?

A.   Your tech stack

B.   Reasoning for your naming schema

C.   Your mission statement

D.   Sample code

31: What metric tracks overall availability for your API?

A.   Response Time

B.   Time to First Hello World

C.   TTL

D.   Uptime

A.   GET /user/{id}

B.   GET /users/{id}

C.   GET /user?id={id}

D.   GET /users?id={id}

A.   To describe relationships between resources or actions

B.   To describe subresources related to the current one

C.   To link two resources together

D.   To describe a resource and its purpose

34: When building SDKs, which languages should you support?

A.   Java, Javascript, and .NET

B.   And you can support

C.   PHP, Python, and Go

D.   The languages that your target users use

35: Which property would you use to include references to other resources in a JSON document?

A.   Resources

B.   _embedded

C.   Subresources

D.   _links

36: What is OAuth?

A.   An authorization framework for granted delegated access

B.   An approach to single sign-on for APIs

C.   A method for API authentication

D.   HTTP Basic Authentication 2.0

37: What should your API documentation describe?



C.   Common use cases

D.   Your tech stack

38: What is the purpose of an OAuth refresh token?

A.   To share user profile information

B.   To update an API configuration

C.   To keep a web session active

D.   To retrieve an access token

39: What is Time to First Hello World?

A.   How long it takes for a developer to do something with your API

B.   How long it takes to start a new programming language

C.   How long it takes to install your SDK

D.   How long it takes to read your documentation

40: Which response header tells the client and intermediaries that the response is not to be cached anywhere?

A.   Cache-State: none

B.   Expires:-1

C.   Cache-Control: no-cache

D.   Cache-Control: no-store

41: What component hides the distinctions or boundaries between various microservices from end-client applications?

A.   API gateway

B.   API logging

C.   A layered system

D.   API proxy

42: The textbook approach to api versioning is to use _.

A.   Common knowledge

B.   URLs

C.   No versioning

D.   The Accept header

43: Which is the most secure method to transmit an API key?

A.   URL parameter

B.   Authorization header

C.   Base64 encoding

D.   Basic Auth

44: Within Oauth, what component validates the user's identity?

A.   Client

B.   Not specified

C.   Authorization server

D.   Resource server

45: API traffic that is entirely internal to your organization is normally called _?

A.   Inbound traffic

B.   North-south traffic

C.   Internal traffic

D.   East-west traffic

46: What is the best approach for requesting JSON instead of XML from an API?

A.   Add .json to the URL.

B.   APIs do not use XML.

C.   Use the Content-Type header.

D.   Use the Accept header.

47: When a user attempts to access a record that is not their own, which HTTP response code is the most appropriate?

A.   403

B.   404

C.   401

D.   405

48: Which is a benefit of using an API gateway?

A.   HTTP verbs

B.   JSON payloads

C.   HTTP response codes

D.   Rate limiting/throttling

49: API testing must be treated as _?

A.   Red team testing

B.   White box testing

C.   Blue box testing

D.   Black box testing

50: Which HTTP verb is used in a CORS preflight request?

A.   PUT


C.   GET