Q1. What type of relationship is defined as one resource existing only if another parent resource exist-for example, pages in a book?

Q3. When dealing with JSON web Tokens (JWTs), what is a claim?

Q4. Which REST constraint specifies that knowledge and understanding obtained from one component of the API should be generally applicable elsewhere in the API?

Q5. What would you enable to allow a browser on another site to make an AJAX request to your API?

Q6. APIs commonly use webhooks to _.

Q7. What is the underlying goal of all APIs?

Q8. Which is a common command-line tool for using or exploring an API?

Q9. What is the modern specification for describing an API?

OpenAPI Specification

Q10. Which HTTP verb is normally used to update or create a resource in an API?

HTTP request methods

Q11. What is one benefit of server-side caching in APIs?

Q12. Your API resource does not allow deletion, and a client application attempted to delete the resource. What HTTP response code should you return?

Response Codes

Q13. What is OpenID Connect?

What is OpenID Connect?

Q14. What is one benefit of GraphQl over REST approaches?

GraphQL vs. REST

Q15. Which REST constraint specifies that there should be no shared context?

Q16. What purpose does a User-Agent serve?

Q17. If you were to add versioning by using the Accept and Content-Type header, what would be the correct format of the header value?


Q18. What is one benefit that OAuth provides over an API key approach?

How to easily secure your APIs with API keys and OAuth

Q19. The ability to execute the same API request over and over again without changing the resource’s state is an example of _.

Q20. What component can you use to wrap legacy architectures or protocols into a REST interface for easier consumption and integration?

Q21. What protection does a JSON Web Token (JWT) offer to mitigate tampering with its contents?

Q22. What OAuth term is used to represent permissions?

OAuth Scopes

Q23. What additional type of token would you see when using OpenID Connect?

Q24. What should you add to a Cache-Control response header to specify that a response should not be stored in an intermediary cache?


Q25. Which OAuth grant type can support a refresh token?


Q26. Using OAuth, what scope would you request for write access to the API?

Q27. Which property would you use to include subresources directly into a JSON document?

Q28. What is the best way to track SDK and version usage?

Q29. Which REST constraint allows for the presence of caching, routing, and other systems between the client and server?

Q30. Which content is best to include in your documentation?

Q31. What metric tracks overall availability for your API?

Q34. When building SDKs, which languages should you support?

Q35. Which property would you use to include references to other resources in a JSON document?

Q36. What is OAuth?

Q37. What should your API documentation describe?

Q38. What is the purpose of an OAuth refresh token?

Understanding Refresh Tokens

Q39. What is Time to First Hello World?

Q40. Which response header tells the client and intermediaries that the response is not to be cached anywhere?

Q41. What component hides the distinctions or boundaries between various microservices from end-client applications?

Q42. The textbook approach to api versioning is to use _.

Q43. Which is the most secure method to transmit an API key?

Q44. Within Oauth, what component validates the user’s identity?

Q45. API traffic that is entirely internal to your organization is normally called _?

Q46. What is the best approach for requesting JSON instead of XML from an API?

Q47. When a user attempts to access a record that is not their own, which HTTP response code is the most appropriate?

Response Codes

Q48. Which is a benefit of using an API gateway?

Q49. API testing must be treated as _?

Q50. Which HTTP verb is used in a CORS preflight request?

Q51. Which response header will tell the client that the response is cached for 1 minute ?

Cache Control Header

Q53. To create a new resource, what HTTP response code should you receive?

Response Codes

Q54. Which is an example of Code on Demand?

Code on Demand

Q55. Which URL pattern should you follow for accessing a subresource attached to a specific resource?

Resource Naming

Q56. Which REST constraint essentially prohibits the use of cookies?

Q57. Which HTTP verb is used to delete a resource?

Q58. Which verb is not considered idempotent?


Q59. Which REST constraint specifies that each request should stand on its own and not have a specific required order?

REST Architectural Constraints

Q60. When you get a 429 response code, what should you do next?

Q61. When exploring record sets, what is the best approach for pagination?

Q62. What is not a method for API authentication or authorization?

Q63. Which HTTP response code usually means the requested work is still processing and may or may not result in an error later?

Q64. When validating a JWT, what are some of the claims that you must confirm? (Select all that apply.)

A. The exp (expiration) has not passed.
B. The algorithm is sufficient.
C. The signature matches the payload.
D. The token was Base64 encoded.
E. The iss (issuer) is the auth server you expect.
F. There is a refresh token.
G. The cid (client ID) is the client you expect.
H. The token was encrypted.

Q65. API traffic that enters and leaves your organization is normally called _?

North-South vs East-West Traffic

Q66. Which OAuth grant type is appropriate for mobile apps?

OAuth 2.0 for Native and Mobile Apps

Q67. Which datetime format is the easiest or most predictable to parse and process?

The 5 laws of API dates and times

Q68. Which header is not used in cache management?

Cache-Control Expires Etag Rate limiting your RESTful API

Q69. A client application uses a filter or a search in your API correctly but there are zero results. What is the best response code?

Response Status Codes

Q70. Which HTTP verb is normally used to retrieve or create a resource in an API?

Q71. To create a new resource, what HTTP response code should you receive?

HTTP request methods

Q72. You are developing a RESTful API for a new project on GitHub. Security is a top priority, and you want to ensure that only authorized users can access specific endpoints. Which of the following mechanisms should you use to achieve this goal?