Q1. What type of relationship is defined as one resource existing only if another parent resource exist-for example, pages in a book?
Q2. Which URL pattern is recommended when working with one resource and a collection of resources?
Q3. When dealing with JSON web Tokens (JWTs), what is a claim?
Q4. Which REST constraint specifies that knowledge and understanding obtained from one component of the API should be generally applicable elsewhere in the API?
Q5. What would you enable to allow a browser on another site to make an AJAX request to your API?
Q6. APIs commonly use webhooks to
_. Q7. What is the underlying goal of all APIs?
Q9. What is the modern specification for describing an API?
OpenAPI Specification Q10. Which HTTP verb is normally used to update or create a resource in an API?
HTTP request methods Q11. What is one benefit of server-side caching in APIs?
Q12. Your API resource does no allow deletion, and a client application attempted to delete the resource. What HTTP response code should you return?
Response Codes Q13. What is OpenID Connect?
What is OpenID Connect? Q14. What is one benefit of GraphQl over REST approaches?
GraphQL vs. REST Q15. Which REST constraint specifies that there should be no shared context?
Q16. What purpose does a User-Agent serve?
Q17. If you were to add versioning by using the Accept and Content-Type header, what would be the correct format of the header value?
Reference Q18. What is one benefit that OAuth provides over an API key approach?
How to easily secure your APIs with API keys and OAuth Q19. The ability to execute the same API request over and over again without changing the resource’s state is an example of _.
Q20. What component can you use to wrap legacy architectures or protocols into a REST interface for easier consumption and integration?
Q21. What protection does a JSON Web Token (JWT) offer to mitigate tampering with its contents?
Q22. What OAuth term is used to represent permissions?
OAuth Scopes Q23. What additional type of token would you see when using OpenID Connect?
reference Q25. Which OAuth grant type can support a refresh token?
Reference: Q26. Using OAuth, what scope would you request for write access to the API?
Q27. Which property would you use to include subresources directly into a JSON document?
Q28. What is the best way to track SDK and version usage?
Q29. Which REST constraint allows for the presence of caching, routing, and other systems between the client and server?
Q30. Which content is best to include in your documentation?
Q31. What metric tracks overall availability for your API?
Q32. What is the recommended method and URL pattern for retrieving a specific user?
Q33. What is the purpose of a link relation?
Q34. When building SDKs, which languages should you support?
Q35. Which property would you use to include references to other resources in a JSON document?
Q36. What is OAuth?
Q37. What should your API documentation describe?
Q38. What is the purpose of an OAuth refresh token?
Understanding Refresh Tokens Q39. What is Time to First Hello World?
Q41. What component hides the distinctions or boundaries between various microservices from end-client applications?
Q42. The textbook approach to api versioning is to use
_. Q43. Which is the most secure method to transmit an API key?
Q44. Within Oauth, what component validates the user’s identity?
Q45. API traffic that is entirely internal to your organization is normally called _?
Q46. What is the best approach for requesting JSON instead of XML from an API?
Q47. When a user attempts to access a record that is not their own, which HTTP response code is the most appropriate?
Response Codes Q48. Which is a benefit of using an API gateway?
Q49. API testing must be treated as
_? Q50. Which HTTP verb is used in a CORS preflight request?
Cache Control Header Q52. What is the concept that allows an API client to explore an API via links embedded in payloads?
Q53. Which HTTP response code describes a new resource as created successfully?
Response Codes Q54. Which is an example of Code on Demand?
Code on Demand Q55. Which URL pattern should you follow for accessing a subresource attached to a specific resource?
Q57. Which HTTP verb is used to delete a resource?
Q58. Which verb is
not considered idempotent?
Idempotency Q59. Which REST constraint specifies that each request should stand on its own and not have a specific required order?
REST Architectural Constraints Q60. When you get a 429 code, what should you do next?
Q62. What is
not a method for API authentication or authorization? Q63. Which HTTP response code usually means the requested work is still processing and may or may not result in an error later?
Q64. When validating a JWT, what are some of the claims that you must confirm? (Select all that apply.)
A. The exp (expiration) has not passed.
B. The algorithm is sufficient.
C. The signature matches the payload.
D. The token was Base64 encoded.
E. The iss (issuer) is the auth server you expect.
F. There is a refresh token.
G. The cid (client ID) is the client you expect.
H. The token was encrypted.