### 1. What is a Web API?

An interface exposed over HTTP that lets software programs communicate by sending requests (e.g., GET/POST) and receiving structured responses (e.g., JSON). It abstracts a system’s data/functions so other apps can use them.


### 2. How does a Web API differ from a web service?

“Web service” is an older, broader term (often SOAP/XML over HTTP). “Web API” commonly means RESTful/HTTP APIs using JSON. All REST APIs are web services, but not all web services are modern RESTful Web APIs.


### 3. What are the benefits of using Web APIs in software development?

##### ● Reuse and integration of services/data
##### ● Faster development via clear contracts
##### ● Language/platform independence
##### ● Scalability (clients/servers evolve independently)
##### ● Ecosystem growth (partners, third-party apps)


### 4. Explain the difference between SOAP and RESTful APIs.

##### ● Protocol vs Style: SOAP is a protocol (strict XML, WSDL); REST is an architectural style (resources + HTTP).
##### ● Format: SOAP = XML; REST = JSON/XML/others.
##### ● Complexity: SOAP heavier (WS-*), REST is simpler.
##### ● Use cases: SOAP favors enterprise, transactional, standardized security; REST suits web/mobile, high scale.

### 5. What is JSON and how is it commonly used in Web APIs?

JavaScript Object Notation—lightweight text format for structured data. Most Web APIs serialize responses and accept requests in JSON because it’s compact and language-agnostic.

### 6. Can you name some popular Web API protocols other than REST?

SOAP, GraphQL, gRPC, WebSockets (for realtime), XML-RPC, OData.

### 7. What role do HTTP methods (GET, POST, PUT, DELETE, etc.) play in Web API development?

They map to actions on resources:

● GET read, POST create/unsafe actions, PUT replace, PATCH partial update, DELETE remove, HEAD/OPTIONS metadata and capabilities.

### 8. What is the purpose of authentication and authorization in Web APIs?

##### ● Authentication: verify who the caller is (identity).
##### ● Authorization: verify what the caller is allowed to do (permissions). Protects data and enforces access control

### 9. How can you handle versioning in Web API development?

####  ● URI versioning (/v1/…),
##### ● Header versioning (Accept: application/vnd.example.v2+json),
##### ● Query param versioning (less common). Keep versions parallel, document deprecations, minimize breaking changes.

### 10. What are the main components of an HTTP request and response in the context of Web APIs?

##### ● Request: method, URL, headers, body, query params, cookies.
##### ● Response: status line (code + reason), headers, body (payload), cookies.

### 11. Describe the concept of rate limiting in the context of Web APIs.

Restrict how many requests a client can make in a time window (e.g., 100/minute) to protect availability, prevent abuse, and control costs. Communicate via headers like Retry-After, X-RateLimit-*.

### 12. How can you handle errors and exceptions in Web API responses?

Use proper HTTP status codes, consistent error bodies (code, message, details, correlation id), don’t leak internals, log server-side, and return validation errors clearly (e.g., field-level messages).

### 13. Explain the concept of statelessness in RESTful Web APIs.

Each request contains all information needed; the server stores no client session state. Benefits: scalability, reliability, easy load-balancing. Any state is kept client-side or in durable stores (e.g., DB, cache keyed by token).

### 14. What are the best practices for designing and documenting Web APIs?

Resource-oriented URIs, consistent naming, use correct methods/codes, pagination/filtering, idempotency for PUT/DELETE, versioning strategy, security (TLS/OAuth), good docs (OpenAPI/Swagger), examples, SDKs.

### 15. What role do API keys and tokens play in securing Web APIs?

#### ● API keys: identify the calling app; basic access control/quotas.
#### ● Tokens (e.g., OAuth 2.0 access tokens, JWTs): represent authenticated user/app with scopes/claims used for fine-grained authorization.

### 16. What is REST, and what are its key principles?

Representational State Transfer—an architectural style using HTTP for resource-based interactions. Principles: client-server, stateless, cacheable, uniform interface, layered system, (optionally) code-on-demand.

### 17. Explain the difference between RESTful APIs and traditional web services.

Traditional web services (often SOAP) are contract-heavy, XML-centric, rigid. RESTful APIs are resource-centric, leverage HTTP semantics, are lighter weight, and commonly use JSON

### 18. What are the main HTTP methods used in RESTful architecture, and what are their purposes?

GET (read), POST (create/action), PUT (full replace), PATCH (partial update), DELETE (remove), HEAD (headers only), OPTIONS (capabilities).

### 19. Describe the concept of statelessness in RESTful APIs.

No server session; each request is self-contained. Enables horizontal scaling and failure isolation.

### 20. What is the significance of URIs (Uniform Resource Identifiers) in RESTful API design?

URIs uniquely identify resources. Good design is hierarchical, noun-based, predictable, and avoids verbs (e.g., /users/{id}/orders).

### 21. Explain the role of hypermedia in RESTful APIs. How does it relate to HATEOAS?

Responses include links that tell the client what it can do next (discoverability). Example: returning an order with links to cancel or pay. It decouples clients from hardcoded flows.

### 22. What are the benefits of using RESTful APIs over other architectural styles?

Simplicity, web-native semantics, caching, scalability, broad tooling, easier learning curve, flexibility in formats.

### 23. Discuss the concept of resource representations in RESTful APIs.

The representation (JSON/XML/etc.) of a resource’s current state sent over the wire. The same resource can have multiple representations (full vs summary).

### 24. How does REST handle communication between clients and servers?

Via stateless HTTP requests/responses using standard methods, URIs, headers, status codes, and media types. Caching and proxies can be layered in.

### 25. What are the common data formats used in RESTful API communication?

JSON (dominant), XML, form-urlencoded, multipart/form-data (files), CSV, YAML (rare for payloads), protobuf/MessagePack (sometimes).

### 26. Explain the importance of status codes in RESTful API responses.

They communicate outcomes quickly to clients: 2xx success, 3xx redirection, 4xx client errors (bad input/auth), 5xx server errors. Enables robust, predictable handling.

### 27. Describe the process of versioning in RESTful API development.

Define policy (when to bump), choose strategy (URI/header), maintain changelog, support parallel versions, publish deprecation timelines, add tests for each version, provide migration guides.

### 28. How can you ensure security in RESTful API development? What are common authentication methods?

##### ● Always use HTTPS/TLS.
##### ● AuthN/AuthZ: API keys, OAuth 2.0 (client credentials, auth code + PKCE), JWTs, mTLS.
##### ● Additional: scopes/roles, input validation, rate limiting, CORS, CSRF defense (where relevant), logging/monitoring, secret rotation.

### 29. What are some best practices for documenting RESTful APIs?

Use OpenAPI (Swagger), include request/response schemas,
examples, error models, auth instructions, rate limits, pagination rules, webhooks, change log, and quick-start snippets/SDKs.

### 30. What considerations should be made for error handling in RESTful APIs?

Consistent schema, meaningful messages, localization where needed, unique error codes, mapping exceptions to correct HTTP codes, idempotent retries for safe ops, correlation IDs, and avoid sensitive data leakage.

### 31. What is SOAP and how does it differ from REST?

Simple Object Access Protocol—XML-based protocol with strict envelopes, actions, and optional WS-* standards. Differs by being heavier, contract-driven (WSDL), strongly standardized, and transport-agnostic (often HTTP).

### 32. Describe the structure of a SOAP message.

Envelope (root) → optional Header (metadata, security, transactions) → Body (request/response payload) → optional Fault (errors).

### 33. How does SOAP handles communication between clients and servers ? 

Exchanges XML envelopes over a transport (commonly HTTP). Uses SOAPAction, WSDL for contract, and WS-* standards for reliability, transactions, and security.

### 34. What are the Advantages and disadvantages of using SOAP-based web services ?

####  ● Pros: Strong contracts, built-in error model, WS-Security/reliability, good for enterprise transactions.
##### ● Cons: Verbose XML, steeper learning curve, slower over networks, less friendly to browsers/mobile.

### 35. How does SOAP ensures security in web service communication ?

WS-Security: message-level signing, encryption, timestamps, tokens (SAML), plus transport security (TLS). Supports end-to-end security across intermediaries.

### 36. What is Flask, and what makes it different from other web frameworks?

A lightweight (micro) Python web framework. Minimal core, Jinja2 templating, Werkzeug toolkit; add features via extensions. Great for APIs, prototypes, and microservices compared to heavyweight, batteries-included frameworks.

### 37. Describe the basic structure of a Flask application .

####  ● app.py (create Flask(__name__), define routes)
##### ● templates/ (Jinja2 HTML files)
####  ● static/ (CSS/JS/images)
####  ● Optional: blueprints/, config.py, extensions/, tests/, requirements.txt.

### 38. How to install Flask on your local machine.

Create/activate a virtual environment, then:
##### pip install Flask
Run a simple app with flask run or python app.py.

### 39. Explain the concept of routing in Flask.

Mapping URLs to Python functions (view handlers) using decorators like
#### @app.route("/users", methods=["GET"]).
The function returns a response (string/JSON).

### 40. What are Flask templates, and how are they used in web development ?

HTML files using Jinja2 syntax ({{ }} for variables, {% %} for logic). They render dynamic content server-side:
#####  return render_template("profile.html", user=user)