Web Api Security C# Interview Questions

How Are Requests Mapped To Action Methods In Web Api

Cors Issue In Web Api

This is a very important Web API question from an interview point of view. CORS stands for Cross-Origin Resource Sharing. CORS resolve the same-origin restriction for JavaScript. The same Origin means that JavaScript can only make AJAX call to the web pages within the same origin.

To enable CORS in Web API you must install CORS nuget package using Package Manager Console.Now open WebAPIConfig.cs file

Then add EnableCors attribute to the Controller class and define the origin

Who Can Use Or Consume Web Api

Any client which supports HTTP verbs such as GET, PUT, DELETE, POST etc., can use or consume Web API. Web API services don’t need any configuration, so it is very easy to consume them by any client. Even portable devices like mobile devices can easily consume them, and it is surely the biggest advantages of this technology.

How Are Different Http Status Codes Categorized

All HTTP status codes are categorized into five classes. These include

1xx It indicates that the server has received a certain request and the process is continuing.
2xx It indicates that the request was successful and accepted.
3xx It indicates that the request has been redirected and its completion will require further action or steps.
4xx It indicates that the request for the web page cannot be reached as either it is unavailable or has bad syntax.
5xx It indicates that the server was unable to complete a certain request even though the request seems valid.

What Are The Different Http Methods Used In Web Api

Though there are a variety of HTTP verbs or methods, the most important and frequently used ones are GET, PUT, POST and DELETE.

GET It is used to retrieve information of the resource at a specified URI.

PUT The PUT method is used to update the values of a resource at a specified URI.

POST POST method is used to create a new request and send data to the respective server.

DELETE This method is used to remove the current resource at a specified URI.

The functionality of these HTTP verbs can be summed up using the acronym CRUD in which each letter corresponds to different action

C stands for Create or POST

R stands for Read or GET

U stands for Update or PUT

D stands for Delete or DELETE

Other less frequently used HTTP verbs or methods as per the requirement include

HEAD This method works the same way as the GET method and is primarily used to transfer the header section.

OPTIONS This method helps identify and describe the communication option for a specific resource.

CONNECT It is used to establish two-way communication between the server and the desired destination with the help of a given URI.

TRACE This method is used for diagnostic purposes to invoke a loop-back message along the target path and use that data for testing.

Recommended Reading: What Are Some Questions You Get Asked At An Interview

Introduction To Web Api

Web API is the Microsoft open source technology for developing REST services based on HTTP protocol. ASP.Net Web API is based on .Net framework and used for building, consuming HTTP based services. .Net 4.0 and above supports Web API. Web API uses JSON.Net library to serialize JSON objects.

The advantage of Web API is that it can be consumed by a wide range of clients like a web browser and mobile applications.

What Do You Understand By Basic Http Authentication

Basic HTTP Authentication is a mechanism that is used for user authentication. Here, users are authenticated through the service in which the client passes username and password in the HTTP Authorization request headers. The credentials are formatted as the string “username:password,” based on encoded.

You May Like: How To Schedule A Job Interview

Seven Web Api Interview Questions And Answers

Here are some common questions you may encounter in a Web API interview:

What is Web API?

What is the difference between Web API and WCF?

Has Web API replaced WCF?

What are some of the differences between Web API and MVC?

What is REST?

Can you name six constraints specified by the REST architectural pattern?

What Is The Commonly Observed Http Response Status Code

Top 50 API Testing interview questions and Answers | Web Services testing Interview Questions

There are many HTTP codes that are visible and others that are not visible at first but can be observed by the administrator using browser extensions or certain tools. Identifying and rectifying these errors is crucial to enhance the user experience and optimize search engine ranking over the web.

Here are the most commonly seen HTTP status codes at a glance

Status code 200 request is ok.
Status code 201 Created
Status code 404 Not found
Status code 500 Internal server error
Status code 502 Bad gateway
Status code 503 Service Unavailable

You May Like: How To Make Resume For Job Interview

Whats The Difference Between Ui And Api Testing

This question checks that youre familiar with the different types of software testing. It also shows that you know when to use each. Consider all differences before providing an answer.

Example: UI, or user interface, testing focuses on examining the graphical interface of an application, such as how the user can interact with its elements. API testing, on the other hand, sets up a mode of communication between two software systems, allowing them to share sub-routines and functions.

How Users Utilize The Facilities Provided By Soap

PutAddress: It is used to enter an address in the webpage and has an address instance on the SOAP call.
PutListing: It is used to allow the insertion of a complete XML document into the web page. It receives the XML file as an argument and transports the XML file to XML parser liaison, which reads it and inserts it into the SOAP call as a parameter.
GetAddress: It is used to get a query name and gets the result that best matches a query. The name is sent to the SOAP call in the form of text character string.
GetAllListing: It is used to return the full list in an XML format.

Also Check: Delta Airlines Ramp Agent Interview Questions

Api Interview Questions And Answers To Ace The Interview

When applying for an Application Programming Interface software engineering job, you may need to demonstrate that you have a firm grasp of API, as well as API testing, SOAP and REST. As with any interview, its important to prepare answers ahead of time to ensure that you effectively communicate the skills and knowledge necessary for the job. This is especially true when interviewing for a technical position.

In this article, we list 20 API interview questions, describe why employers may ask you these questions and provide sample answers to help you prepare for a successful interview.

What Is Web Api Versioning And Why Is It Used

Web API Versioning is a technique in which Web API is arranged to cope with the business changes, and the API will not impact the client that is using/consuming the existing API. As we know, multiple clients can consume the Web API at a time, so Web API versioning is necessary and required as the business grows, and business requirement changes with the time.

You May Like: What Is An Open Interview

What Are Resources And Uris

URI is a string of characters used to identify a resource on the internet either by location or by name, or by both. URI stands for Uniform Resource Identifier.

URI is used to identify resources, for example, in the real world assume there is a person named Test Person who lives in 403, Test City, World. We can find that person by address or by name or by both.

URI can be categorized into 2 as URL and URN

URN: Uniform Resource Name
URL: Uniform Resource Locator

URI is used to send requests to the server. This can be achieved with the help of both URN and URL. Using URN is inefficient, as there can be many resources with the same name. So the most widely used method is URL. URL consists of two required components The Protocol & The Domain.

Look at the following URL:

Web Api Interview Questions And Answers For Experienced Candidates

15. Explain error handling in Web API.

Web API offers various error handling classes:

HttpResponseException: Returns the HTTP status code mentioned in the exception Constructor.
HttpError: Returns the meaningful error code to the client using the HttpResponseMessage.
Exception filters: Caches the unhandled exceptions or errors generated in Web API and are useful when the controller action method throws the unhandled error.

16. Explain MVC and how its different from Web API.

MVC stands for Model, View, and Controller. Developers generally use it for developing model user interfaces. MVC keeps the data and the display separate and enables the developers to modify both without impacting each other.

The following points describe how MVC and Web API differ:

MVC is commonly used for developing applications that return both data and views. On the other hand, Web API generates HTTP services effortlessly that returns only data, and not view.
MVC uses action names to perform the tracing. Web API uses the HTTP services actions to perform the tracing.
The Web API returns the information in JSON, XML, and other formats. MVC returns the data in JSON format only.
Web API supports self-hosting and negotiation, while MVC does not.
The Web API helps create the RESTful services using the .Net Framework, while MVC does not support it.

17. How can you host Web API?

You can host Web API using self-hosting and IIS hosting.

Read Also: What Is A Spark Hire Interview

Most Frequently Asked Web Api Interview Questions

A Web API is an application programming interface for the Web. API is some kind of interface that has a set of functions that allow programmers to access specific resources/features or data of an application, operating system, or other services.

Web API is based on true REST Principles and can be accessed over HTTP protocol. It is a concept and not a technology. We can build Web API using different technologies such as Java, .NET, etc.

Web API is the most frequent topic for the interview today. In this article, we will see the most frequently asked Web API Interview Questions.

Interview Questions and Answers

Below are the Most Common Interview Questions based on the Web API:

Q01. What are the REST Principles?

Q02. What is the difference between REST and RESTful?

Q03. What are the RESTful Services?

Q04. What is REST API? How it is different from RESTful Services?

Q05. What are the advantages of using REST in Web API?

Q06. What is SOAP? What are the advantages of SOAP?

Q07. What is the difference between REST and SOAP?

Q08. What is the difference between Web API and WCF Services?

Q09. What is Web API? What are the advantages of Web API?

Q10. What is the Web API Request Life Cycle?

Q11. What are the different HTTP Verbs?

Q12. What is HTTP protocol and how it is different from HTTPS?

Q13. How can you enable HTTPS in Web API?

Q14. What is the difference between MVC and Web API?

Please watch How View Engine finds the View in MVC video here.

What Is The Major Obstacle Users Faced When Using Soap

API & WebServices Testing Interview Questions & Answers – Part 2

When using SOAP, users often see the firewall security mechanism as the biggest obstacle. This block all the ports leaving few like HTTP port 80 and the HTTP port used by SOAP that bypasses the firewall. The technical complaint against SOAP is that it mixes the specification for message transport with the specification for message structure.

Also Check: How To Prepare For Facebook Product Manager Interview

What Is The Difference Between Xml And Json

XML is an acronym for eXtensible Markup Language and is designed to store and send data. JSON is an acronym for JavaScript Object Notation and is used to store and transfer data when data is sent from a server to a web page.

Except for storing data in a specific format, XLM does not do much whereas JSON is a lightweight and easy to understand format for storing data, widely used in JavaScript.

What Are The Primary Challenges Of Api Testing

While you can keep your answer positive, be honest about the aspects of API testing that you find most challenging. Try not to focus on overly negative or challenging experiences. Your answer can also convey an intimate knowledge of the software.

Example: I find selecting and combining parameters and sequencing calls to be the most challenging parts of API testing.

Don’t Miss: How To Practice Case Interviews

What Is Uri What Is The Main Purpose Of Rest

URI stands for Uniform Resource Identifier. It is a string of characters designed for unambiguous identification of resources and extensibility via the URI scheme.

The purpose of a URI is to locate a resource on the server hosting of the web service.

A URIs format is < protocol> ://< service-name> /< ResourceType> /< ResourceID> .

Web Api Interview Questions And Answers

If youre interviewing for a job as a web developer, you may be asked questions to test your knowledge of Web API . Understanding the types of questions youll be asked and preparing your answers in advance may help you appear more confident and knowledgeable during your interview. In this article, we offer seven common Web API interview questions and sample answers to help you prepare for your next interview.

Related: Top 6 Common Interview Questions and Answers

Jenn, an Indeed Career Coach, breaks down the intentions behind employer’s questions and shares strategies for crafting strong responses.

Recommended Reading: How To Interview Brokers For Real Estate

What Are The Various Approaches Available For Developing Soap Based Web Services

There are two different methods available for developing SOAP-based web services, which are explained below:

Contract-first approach: the contract is first defined by XML and WSDL, and then Java classes are derived from the contract.
Contract-last approach: Java classes are first defined, and then the contract is generated, which is normally the WSDL file from the Java class.

Contract-first method is the most popular approach.

Q: What Is The Difference Between Hasrole And Hasauthority Ans:

Spring roles are authorities with the ROLE_prefix. Another thing to understand of it is that roles are meant for broad sets of permissions, whereas authorities are meant for finer-grained management. However, that is only one possible usage. The developer is in charge of the actual implementation. In this tutorial, authorities are used to map to authorization groups.

The crucial thing to remember is that in order to use hasRole, the authority name in the claim must begin with ROLE_. You might, for example, use hasRole if you created a ROLE ADMIN group and added your user to it.

Don’t Miss: How To Reject An Interview

What Are Differences Between Api Testing And Ui Testing

API enables communication between two separate software systems. A software system implementing an API contains functions or subroutines that can be executed by another software system.
On the other hand, UI testing refers to testing graphical interface such as how users interact with the applications, testing application elements like fonts, images, layouts etc. UI testing basically focuses on look and feel of an application.

What Are Some Important Characteristics Of A Soap Envelope Element

Top 10 OWASP Vulnerabilities for API Security Explained! – API Cybersecurity 101

SOAP message has a root Envelope element
Envelope is an obligatory part of the SOAP message.
If an envelope includes a header element, it should not contain more than one.
Envelope version will change if the SOAP version changes.
The SOAP envelope is indicated by the prefix ENV and the envelope element.
The optional SOAP encoding is also specified using a namespace and the optional encoding style element.

Also Check: What Questions To Ask A Company During An Interview

What Is Httpconfiguration In Web Api

It is considered as the main class that includes different properties with help of which one can override the default behavior of Web API. Some properties are given below:

DependencyResolver: It sets or gets a dependency resolver for dependency injection.
Services: It gets web API services.
ParameterBindingRules: It gets a collection of rules for how parameters should be bound.
MessageHandlers: It sets or gets message handlers.
Formatters: It sets or gets media-type formatters.

Q: What Is Oauth2 Grant Type Ans:

An grant is a credential representing the resource owner’s authorization used by the client to obtain an access token. This specification defines four grant types:

The flow shown in above Figure includes the following steps:

The resource owner provides the client application with it’s username and password.

The Client Application requests an access token from the Authorization Server by passing credentials received from the resource owner.

The Authorization Server authenticates the client by validating the resource owner credentials. Once Validation is successful and if request is valid, it sends an access token.

Client sends the received access token to Resource Server to access the resource end point.

Resource Server validates the access token by calling Authorization Server.

If the token is valid, resource server return the requested resource to Client.

Also Check: When Should I Send Thank You Email After Interview

What Is The Difference Between Web Api And Wcf In C#

Answer:

WCF offers request-reply, one-way, or duplex while Web API is by default request-reply only.

WCF is used for developing SOAP-based services whereas Web API is used for both SOAP-based and RESTful services.

WCF does not offer any support for MVC features whereas Web API supports MVC features.

WCF supports HTTP, UDP, and custom transport protocol whereas Web API supports only HTTP protocol.

WCF offers Text, MTOM, and Binary Encoding support whereas Web API supports the UTF-8 encoding format.

WCF supports message queues, message security, duplex communication, transaction whereas Web API doesnt support.

WCF stands for Windows Communication Foundation whereas API stands for Application Program Interface.