REST HTTP
17 interview questions and answers in the REST HTTP section.
Questions in this section
- What is REST?
- What does Stateless mean in REST context?
- What are the main HTTP methods used in REST?
- What is the difference between PUT and PATCH?
- What is idempotency?
- Which HTTP methods are idempotent?
- Why GET and DELETE are idempotent?
- Is POST idempotent?
- What HTTP status codes do you know?
- What is the difference between 401 and 403?
- What is RESTful API design?
- How to properly name REST endpoints?
- Should you use verbs in URL?
- What is HATEOAS?
- How to organize REST API versioning?
- What is Content-Type header?
- What is Accept header?
Study navigator
17 questions for Middle Java Developer interview preparation.
All Questions
| # | Question | Difficulty |
|---|---|---|
| 1 | What is REST | ⭐ |
| 2 | What does Stateless mean in REST context | ⭐ |
| 3 | What are the main HTTP methods used in REST | ⭐ |
| 4 | What is the difference between PUT and PATCH | ⭐⭐ |
| 5 | What is idempotency | ⭐⭐ |
| 6 | Which HTTP methods are idempotent | ⭐⭐ |
| 7 | Why GET and DELETE are idempotent | ⭐⭐ |
| 8 | Is POST idempotent | ⭐⭐ |
| 9 | What HTTP status codes do you know | ⭐⭐ |
| 10 | What is the difference between 401 and 403 | ⭐⭐ |
| 11 | What is RESTful API design | ⭐⭐ |
| 12 | How to properly name REST endpoints | ⭐⭐ |
| 13 | Should you use verbs in URL | ⭐⭐ |
| 14 | What is HATEOAS | ⭐⭐⭐ |
| 15 | How to organize REST API versioning | ⭐⭐ |
| 16 | What is Content-Type header | ⭐ |
| 17 | What is Accept header | ⭐⭐ |
Topic Dependency Map
┌──────────────────────────────────────────┐
│ REST BASICS (1-3) │
│ 1. What is REST │
│ 2. Stateless │
│ 3. HTTP methods │
└──────────────────┬───────────────────────┘
│
┌──────────────────────────┼──────────────────────────┐
▼ ▼ ▼
┌───────────────┐ ┌───────────────┐ ┌────────────────────┐
│ IDEMPOTENCY │ │ STATUS CODES │ │ API DESIGN │
│ (4-8) │ │ (9-10) │ │ (11-15) │
│ 4. PUT vs │ │ 9. Status codes│ │ 11. RESTful design │
│ PATCH │ │ 10. 401 vs 403 │ │ 12. Endpoints │
│ 5. Idempotency │ │ │ │ 13. Verbs in URL │
│ 6. Which methods│ │ │ │ 14. HATEOAS │
│ 7. GET/DELETE │ │ │ │ 15. Versioning │
│ 8. POST │ │ │ │ │
└───────────────┘ └────────────────┘ └────────┬───────────┘
│
▼
┌────────────────────┐
│ HEADERS (16-17) │
│ 16. Content-Type │
│ 17. Accept │
└────────────────────┘
Recommended Study Order
Junior Level (weeks 1-2)
| Step | Topic | Files | Goal |
|---|---|---|---|
| 1 | REST basics | Q1, Q2 | What is REST, Stateless |
| 2 | HTTP methods | Q3 | GET, POST, PUT, PATCH, DELETE |
| 3 | Status codes | Q9, Q10 | 2xx, 4xx, 5xx, 401 vs 403 |
| 4 | Headers | Q16, Q17 | Content-Type, Accept |
Middle Level (weeks 3-4)
| Step | Topic | Files | Goal |
|---|---|---|---|
| 1 | Idempotency | Q5, Q6, Q7, Q8 | What, which methods, why |
| 2 | PUT vs PATCH | Q4 | Full replacement vs partial |
| 3 | API design | Q11, Q12 | Resources, naming, Richardson Maturity |
| 4 | Verbs and HATEOAS | Q13, Q14 | When acceptable, what is HATEOAS |
| 5 | Versioning | Q15 | URL, headers, sunset policy |
Senior Level (weeks 5-6)
| Step | Topic | Files | Goal |
|---|---|---|---|
| 1 | Richardson Maturity Model | Q11 (Senior) | Levels 0-3, when REST is excessive |
| 2 | Idempotency-Key pattern | Q8 (Senior) | Retry safety, distributed systems |
| 3 | HATEOAS trade-offs | Q14 (Senior) | Affordances, payload overhead, when to skip |
| 4 | Content negotiation | Q16, Q17 (Senior) | q-values, graceful degradation, MIME types |
| 5 | API versioning strategies | Q15 (Senior) | Expand & Contract, canary releases, deprecation |
Key Connections Between Topics
Topic: REST Basics
Q1 (REST) → Q2 (Stateless) → Q3 (HTTP methods)
Key connections:
- Q1 <-> Q2: Stateless is one of 6 REST constraints
- Q2 <-> Q9: Stateless requires JWT/token in every request -> status codes 401/403
Topic: Idempotency
Q5 (Idempotency) → Q6 (Which methods) → Q7 (GET/DELETE) → Q8 (POST)
Key connections:
- Q5 <-> Q6: Safe methods are always idempotent
- Q7 <-> Q8: GET/DELETE are idempotent, POST is not (but can be made so via Idempotency-Key)
Topic: API Design
Q11 (RESTful design) → Q12 (Endpoints) → Q13 (Verbs) → Q14 (HATEOAS) → Q15 (Versioning)
Key connections:
- Q11 <-> Q12: Resource-oriented approach -> plural nouns, not verbs
- Q12 <-> Q13: Verbs are acceptable for complex operations (cancel, approve)
- Q14 <-> Q15: HATEOAS helps with versioning (client follows links, doesn’t hardcode URLs)
Cheat Sheet: What to Know for Each Level
Junior
- REST = set of constraints (Stateless, Uniform Interface, Resources)
- GET = read, POST = create, PUT = replace, PATCH = update part, DELETE = delete
- 200 = OK, 201 = Created, 400 = Bad Request, 401 = Unauthenticated, 403 = Forbidden, 404 = Not Found, 500 = Server Error
- Stateless = server doesn’t remember client between requests
Middle
- Idempotency: repeated call = same result. GET/PUT/DELETE are idempotent, POST is not
- PUT replaces the resource entirely, PATCH updates partially
- 401 = who are you? (no token), 403 = not allowed (no permissions)
- Richardson Maturity Model: Level 0 (RPC) -> Level 1 (Resources) -> Level 2 (HTTP methods) -> Level 3 (HATEOAS)
- Content-Type = request body format, Accept = preferred response format
Senior
- HATEOAS affordances: server hints available actions to client via links
- Idempotency-Key: UUID in header for safe retry of POST requests
- Media Type Versioning is closer to REST spirit, but URL versioning is more practical
- Expand & Contract: migration strategy without downtime
- Protobuf is 3-10x faster than JSON, but harder to debug
- Negative Caching: caching 404/403 to protect against brute-force
File Format
Each file contains:
- Junior Level — basic understanding, simple analogies, examples
- Middle Level — internals, common pitfalls, practical examples
- Senior Level — deep dive, edge cases, production experience, monitoring
- Interview Cheat Sheet — key points, frequent questions, red flags, related topics