REST APIs Beginner Quiz

30 questions on RESTful Principles.

Question 1: What does REST stand for in API design?

A. Remote Engine Storage Tool
B. Representational State Transfer — (correct answer)
C. Routing Execution System Task
D. Responsive Entity State Transfer

Explanation: REST (Representational State Transfer) is an architectural style for designing networked applications, relying on a stateless, client-server, cacheable communications protocol.

Question 2: Which HTTP method is commonly used to retrieve data from a server?

A. POST
B. DELETE
C. GET — (correct answer)
D. PATCH

Explanation: The GET method is used exclusively to request and retrieve data from a server without causing any side effects or modifying the resource.

Question 3: Which HTTP method is typically used to create a new resource on the server?

A. GET
B. POST — (correct answer)
C. PUT
D. HEAD

Explanation: The POST method is used to submit data to the specified resource, often causing a change in state or creating a new record on the server.

Question 4: What is the main difference between PUT and PATCH?

A. PUT is faster than PATCH
B. PUT creates data, while PATCH deletes data
C. PUT replaces an entire resource, while PATCH applies partial updates — (correct answer)
D. PUT is only used for images

Explanation: PUT is idempotent and replaces the entire resource representation. PATCH is used for partial modifications, updating only specific fields of the resource.

Question 5: What does a `404 Not Found` HTTP status code indicate?

A. The server crashed
B. The requested resource could not be found on the server — (correct answer)
C. The user is not authorized
D. The payload is too large

Explanation: A 404 status code means the server successfully communicated with the client, but the specific endpoint or resource requested does not exist.

Question 6: Which status code series indicates a successful request?

A. 1xx
B. 2xx — (correct answer)
C. 4xx
D. 5xx

Explanation: The 2xx class of status codes indicates that the client's request was successfully received, understood, and accepted (e.g., 200 OK, 201 Created).

Question 7: What format is most commonly used to send and receive data in modern REST APIs?

A. XML
B. HTML
C. JSON — (correct answer)
D. YAML

Explanation: JSON (JavaScript Object Notation) is the most widely used data format in REST APIs due to its lightweight nature, readability, and native parsing in web clients.

Question 8: What does a `500 Internal Server Error` indicate?

A. The client sent a bad request
B. The server encountered an unexpected condition that prevented it from fulfilling the request — (correct answer)
C. The endpoint does not exist
D. The API key is missing

Explanation: The 5xx series indicates server-side errors. A 500 status code means something went wrong internally on the server, such as an unhandled exception or database failure.

Question 9: Which component of an HTTP request specifies the data format being sent, such as `application/json`?

A. The URL
B. The Query String
C. The Request Body
D. The Content-Type Header — (correct answer)

Explanation: The Content-Type header tells the server what kind of data format is being sent in the request body so it can parse it correctly.

Question 10: What is an API endpoint?

A. The physical server machine
B. A specific URL where an API can be accessed by a client — (correct answer)
C. The database table
D. The browser's console

Explanation: An endpoint is a specific URL (like https://api.example.com/users) that represents a resource or collection of resources in a REST API.

Question 11: What is a path parameter in a REST URL?

A. Data appended after a question mark ?
B. A variable part of the URL path that points to a specific resource (e.g., /users/123) — (correct answer)
C. A hidden authentication token
D. A custom header

Explanation: Path parameters (like 123 in /users/123) are used to identify a specific resource within a collection.

Question 12: What is a query parameter in a REST URL?

A. A variable used for filtering, sorting, or pagination, appended after a ? symbol — (correct answer)
B. The main domain name
C. The HTTP method
D. The JSON body

Explanation: Query parameters (e.g., /users?role=admin&sort=asc) are key-value pairs at the end of a URL used to filter or customize the resource listing.

Question 13: What does the `401 Unauthorized` status code mean?

A. The server is overloaded
B. The client lacks valid authentication credentials for the requested resource — (correct answer)
C. The method is not allowed
D. The resource has been permanently deleted

Explanation: A 401 status indicates that the request requires user authentication, and the client either failed to provide it or provided an invalid token.

Question 14: What is a "stateless" architecture in the context of REST?

A. The server stores no session data about the client between requests — (correct answer)
B. The database has no tables
C. The API does not return any status codes
D. The client cannot store cookies

Explanation: In a stateless API, every request from the client must contain all the information the server needs to fulfill it. The server does not remember previous requests.

Question 15: What does CRUD stand for?

A. Create, Read, Update, Delete — (correct answer)
B. Compile, Run, Upload, Deploy
C. Copy, Rename, Undo, Drop
D. Connect, Route, Unify, Dispatch

Explanation: CRUD represents the four basic operations of persistent storage, which map directly to HTTP methods: POST (Create), GET (Read), PUT/PATCH (Update), and DELETE (Delete).

Question 16: What is the purpose of the `Accept` header in an HTTP request?

A. To authenticate the user
B. To tell the server which media types the client is willing to receive in the response — (correct answer)
C. To specify the size of the request body
D. To accept server cookies

Explanation: The Accept header is used for content negotiation. If a client sends Accept: application/json, the server knows to format the response as JSON.

Question 17: What does idempotence mean in REST API methods?

A. The method is encrypted securely
B. Making the same request multiple times produces the same result and side effects as making it once — (correct answer)
C. The method executes synchronously
D. The method is restricted to administrators

Explanation: Methods like GET, PUT, and DELETE are idempotent. Deleting a resource twice has the same resulting system state (it is gone) as deleting it once. POST is generally not idempotent.

Question 18: Which HTTP status code is most appropriate for a successfully created resource via a POST request?

A. 200 OK
B. 201 Created — (correct answer)
C. 204 No Content
D. 301 Moved Permanently

Explanation: The 201 Created status explicitly indicates that a request was successful and as a result, one or more new resources have been created on the server.

Question 19: What is the difference between `401 Unauthorized` and `403 Forbidden`?

A. They are exactly the same
B. 401 means unauthenticated (who are you?), while 403 means authenticated but lacking permissions (you can't do this) — (correct answer)
C. 401 is for servers, 403 is for clients
D. 403 means the endpoint doesn't exist

Explanation: A 401 error means you must log in. A 403 error means you are logged in, but your user role does not have the authorization rights to perform the requested action.

Question 20: In a RESTful URL naming convention, which is the best practice for retrieving a specific user?

A. /getUserById?id=123
B. /users/123 — (correct answer)
C. /api/123/user
D. /get_user/123

Explanation: REST conventions favor using plural nouns for resource collections (/users) and appending the unique identifier as a path parameter to target a specific resource (/users/123).

Question 21: What does a `204 No Content` response indicate?

A. The server crashed and sent an empty payload
B. The request succeeded, but the server does not need to return a response body (often used for DELETE) — (correct answer)
C. The client sent an empty request
D. The database is empty

Explanation: A 204 status is commonly returned after a successful DELETE or PUT request where the action was applied, but there is no additional data to send back to the client.

Question 22: What is CORS (Cross-Origin Resource Sharing)?

A. A database replication technique
B. A security mechanism that allows a server to indicate which domains other than its own are permitted to access its resources — (correct answer)
C. A JSON parsing library
D. A routing protocol

Explanation: Browsers block cross-origin AJAX requests by default. The server must return CORS headers (like Access-Control-Allow-Origin) to permit a web app on one domain to call an API on another.

Question 23: What is pagination in REST APIs?

A. Grouping API endpoints into folders
B. Dividing a large set of resource results into smaller, manageable chunks or pages — (correct answer)
C. Printing JSON to physical paper
D. Encrypting the request body

Explanation: Pagination (using query parameters like ?limit=10&offset=20 or ?page=3) prevents APIs from overwhelming clients and databases when returning large collections.

Question 24: What is API Rate Limiting?

A. Speeding up the server connection
B. Restricting the number of requests a client can make to an API within a specified time window to prevent abuse — (correct answer)
C. Pricing APIs based on data volume
D. Blocking users entirely

Explanation: Rate limiting protects APIs from brute-force attacks, DDoS, and excessive usage by capping requests (e.g., "100 requests per minute"). It often returns a 429 Too Many Requests status.

Question 25: What is the standard header used to pass a Bearer token for API authentication?

A. Token: Bearer <token>
B. Authentication: <token>
C. Authorization: Bearer <token> — (correct answer)
D. Security: Bearer <token>

Explanation: The Authorization header is the standard HTTP header used to pass credentials. For token-based auth like JWTs, the scheme Bearer is conventionally used.

Question 26: What is HATEOAS in advanced REST architecture?

A. Hypermedia As The Engine Of Application State, where responses include hyperlinks to related actions and resources — (correct answer)
B. A hashing algorithm for passwords
C. A database indexing strategy
D. A server-side caching layer

Explanation: HATEOAS allows clients to dynamically navigate an API by following links provided in the JSON response, much like a human navigates websites via HTML links.

Question 27: Why should API versioning (e.g., `/api/v1/users`) be implemented?

A. To make URLs look longer
B. To allow the API to evolve and introduce breaking changes without breaking existing clients — (correct answer)
C. To improve database speed
D. It is an outdated practice

Explanation: APIs evolve over time. Versioning (v1, v2) ensures that legacy clients continue functioning on older versions while new clients can consume the updated structure.

Question 28: If a client sends an HTTP POST request with a JSON body but forgets to set `Content-Type: application/json`, what status code might the server reasonably return if it cannot parse it?

A. 200 OK
B. 415 Unsupported Media Type or 400 Bad Request — (correct answer)
C. 404 Not Found
D. 502 Bad Gateway

Explanation: If the server strictly expects JSON but receives plain text or an unspecified format, it should reject it with a 415 Unsupported Media Type or 400 Bad Request depending on the framework.

Question 29: What does the `ETag` (Entity Tag) header provide in REST APIs?

A. A cryptographic signature for authentication
B. A mechanism for web cache validation, allowing clients to make conditional requests to save bandwidth — (correct answer)
C. A routing path
D. A database primary key

Explanation: An ETag is a hash of the resource. A client can send If-None-Match: <ETag>, and if the resource hasn't changed, the server returns 304 Not Modified with an empty body, saving bandwidth.

Question 30: When building a search endpoint that takes complex filtering parameters, what HTTP method is conventionally used if the parameters exceed the maximum URL length for a GET request?

A. DELETE
B. PUT
C. POST — (correct answer)
D. OPTIONS

Explanation: While GET is standard for retrieval, URLs have length limits. If a search query requires a massive JSON payload of filters, it is acceptable practice to use POST to send the query in the request body.

REST APIs Beginner Quiz

Test your knowledge with interactive questions.

Ready to test your skills?

You are about to start a comprehensive quiz containing questions covering RESTful Principles. You have 30 minutes to complete it.

Discussion (0)

Comments are reviewed before appearing.

No comments yet — be the first!

Featured

Browse All 21+ Subject Areas

Popular Topics

More Topics

Quick Links

Featured

Visual Algorithm Labs

Sorting Algorithms

Data Structures

Featured

Frontend Dev

Career Paths

Skill Tracks

Featured

The Future of Web Architecture in 2026

Categories

Community

Practice Quizzes

REST APIs Beginner Quiz

Ready to test your skills?

Correct!

Incorrect

Explanation

Quiz Navigator /

Current Score

Discussion (0)

Send Feedback / Bug

Feedback Submitted!