ASP.NET Core Web API Interview Questions

This post of interview question covers basic to advance level of ASP.Net Core Web API Interview Questions and will help you to prepare for the interviews. Please check my previous Interview questions set of ASP.NET Core Interview Questions.

Here we discuss the most asked interview questions of

• Web API Basics
• ASP.NET Core Web API
• Authentication & Authorization
• Microservices

Web API Basics

What is ASP.NET Web API?

ASP.NET Web API is a framework provided by Microsoft with which we can easily build HTTP services that can reach a broad of clients, including browsers, mobile, IoT devices, etc. ASP.NET Web API provides an ideal platform for building RESTful applications on the .NET Framework.

What is MVC? Write difference between MVC and Web API?

MVC (Model, View, and Controller) is basically an application design model that comprises three interconnect parts I.e., model, view, and controller. It allows coders to factor out different components of the application and update them more easily. It is mostly used for developing model user interfaces. Its main purpose is to display patterns in structure for keeping display and data separate to enable both of them to change without affecting others.

What is the difference between ASP.NET Web API and WCF?

WCF (Windows Communication Foundation): It is a framework used for developing SOAP (Service-oriented applications). This framework is used for developing, configuring, and deploying, or implementing network-distributed services. 

Web API: It is an application programming interface for both web browsers and web servers. Browser API simply extends or increases the functionality of web browsers whereas Server API simply extends or increases the functionality of web server.

Why to choose Web API over WCF?

Web API is considered the best choice over WCF because of the following reasons:

• Web API uses all features of HTTP such as URIs, request/response headers, caching, versioning, various content formats, etc.
• One does not have to define or explain any extra config setting for different devices in Web API.
• Web API uses different text formats including XML because of which it is faster and more preferred for lightweight services.
• Web API also supports MVC features whereas WCF does not support MVC features.
• Web API provides more flexibility as compared to WCF.
• Web API uses standard security like token authentication, basic authentication, etc., to provide secure service whereas WCF uses WS-I standard to provide secure service. 

What is the RESTful API?

Web service APIs that comply with REST(Representational State Transfer) principles are called RESTful APIs. You can define the RESTful APIs using:

• A base URI – Unique resource identifier.
• HTTP methods – GET, PUT, POST, PATCH, DELETE mapped with CRUD operations.
• A media type for data – used to exchange the information using data formats such as JSON (JavaScript Object Notation) and XML.

In order to make API to be RESTful, it has to adhere the around 6 constraints that are mentioned below:

1. Client and Server Separation: Server and Clients are clearly isolated in the RESTful services.
2. Stateless: REST Architecture is based on the HTTP Protocol and the server response can be cached by the clients, but no client context would be stored on the server.
3. Uniform Interface: Allows a limited set of operation defined using the HTTP Verbs. For eg: GET, PUT, POST, Delete etc.
4. Cacheable: RESTful architecture allows the response to be cached or not. Caching improves performance and scalability.
5. Code-On-Demand
6. Layered System

What is difference between REST API and RESTful API?

REST API:  It is basically an architectural style that makes productive use of existing technology and protocols of the web. It is a set of rules that developers need to follow when they develop their API or services that are scalable. It is used with HTTP protocol using its verbs such as GET, DELETE, POST, PUT. 
RESTful API: It is simply referred to as web services executing such as architecture.

Difference between SOAP APIs and RESTful APIs?

SOAP(Simple Object Access Protocol) APIs provide built-in security, error handling, and transaction compliance which makes them heavier as compared to REST APIs. SOAP APIs work well in distributed environments and SOAP uses XML message format. It works mostly with HTTP and RPC (Remote Procedure Call).

REST (Representational State Transfer):  It is a new and improved form of web service. It describes the architectural style of networked systems. It does not require greater bandwidth when requests are sent to the server. It just includes JSON message.

Which .NET Framework supports ASP.NET Web API?

Web API Version 1.0 of ASP.NET Web API is introduced in .NET Framework 4. After that, all the later versions of the .NET Framework supports the ASP.NET Web API.

Can we consume ASP.NET Web API in applications created using other than .NET?

Yes, we can consume ASP.NET Web API in the applications created using another language than .NET but that application must have access/supports to the HTTP protocol.

What is the difference between ASP.NET MVC application and ASP.NET Web API application?

ASP.NET MVC is used to create a web application which returns both data as well as View whereas Web API is used to create HTTP based Services which only returns data not view. In an ASP.NET MVC application, requests are mapped to Action Methods whereas in the ASP.NET Web API request is mapped to Action based on the Action Verbs.

What are the new features introduced in ASP.NET Web API 2.0?

• Attribute Routing
• CORS (Cross-Origin Resource Sharing)
• OWIN (Open Web Interface for .NET) self-hosting
• IHttpActionResult
• Web API OData
• Secure ASP.NET Web API using OAuth 2.0

Can we return View from Web API?

No, Web API does not return View but they return the data. APIController is meant for returning the data. So, if you need to return a view from the controller class, then make sure to use or inherit the Controller class.

Does ASP.NET Web API replace the WCF?

No, ASP.NET Web API didn’t replace WCF Service as it is only used for creating RESTful Service i.e. non-SOAP based service.

Explain media type formatters

Media type formatters are classes that are responsible for serialization data. Here, serialization generally means a process of translating data into a format that can be transmitted and reconstructed later.  Because of serializing request/response data, Web API can understand request data format in a better way and send data in a format that the client expects. It simply specifies data that is being transferred among client and server in HTTP response or request. 

Web API supports which protocol?

Web API generally supports only HTTP protocol. 

Which of the following Open-source libraries is used by WEB API for JSON serialization?

Json.NET library is generally used by Web API for JSON serialization. 

What is XML and JSON?

XML (Extensible Markup Language): 

• It is especially designed to store and transport data.
• It is similar to HTML but is more flexible than HTML because it allows users to create their own custom tags.
• It is used for representing structured information such as documents, data, configuration, etc.

JSON (JavaScript Object Notation): 

• It is a lightweight format designed to store and transport data.
• It is easier to understand and is a standard text-based format used for representing structured data based on JavaScript object syntax.
• It is faster and easier to use. 

What behaviors does the ApiController attribute provide?

When you apply ApiController attribute on a controller class in a web API application, It allows you to take the benefit of below opinionated, API-specific behaviors.

• Attribute based routing requirement
• Model validation errors can automatically trigger HTTP 400 responses
• Binding source parameter inference – which includes the attributes such as [FromBody], [FromForm], [FromHeader], [FromQuery], [FromRoute] and [FromServices].
• Multipart/form-data request inference
• Problem details for error status codes

What are Web API filters?

Filters are basically used to add extra logic at different levels of Web API framework request processing.  Different types of Web API filters are available as given below:

• Authentication Filter: It handles authentication and authenticates HTTP requests. It also helps to authenticate user detail. It checks the identity of the user.
• Authorization Filter: It handles authorization. It runs before controller action. This filter is used to check whether or not a user is authenticated. If the user is not authenticated, then it returns an HTTP status code 401 without invoking the action.
• AuthorizeAttribute is a built-in authorization filter provided by Web API.
• Action Filter: It is attributing that one can apply to controller action or entire controller. It is used to add extra logic before or after controller action executes. It is simply a way to add extra functionality to Web API services.
• Exception Filter: It is used to handle exceptions that are unhandled in Web API. It is used whenever controller actions throw an unhandled exception that is not HttpResponseException. It will implement an “IExceptionFilter” interface.
• Override Filter: It is used to exclude specific action methods or controllers from the global filter or controller level filter. It is simply used to modify the behavior of other filters for individual action methods.

Who can consume Web API?

A large range of clients such as browsers, mobile devices, iPhone, etc., include or consume web API. It is also good for using along native applications that require web services but not SOAP support. It can also be consumed by any client that supports HTTP verbs such as GET, DELETE, POST, PUT.

What is Request Verbs or HTTP Verbs?

In RESTful service, we can perform all types of CRUD (Create, Read, Update, Delete) Operation. In REST architecture, it is suggested to have a specific Request Verb or HTTP verb on the specific type of the call made to the server. Popular Request Verbs or HTTP Verbs are mentioned below:

• HTTP Get: Used to get or retrieve the resource or information only.
• HTTP Post: Used to create a new resource on the collection of resources.
• HTTP Put: Used to update the existing Response
• HTTP Delete: Used to Delete an existing resource.

What are HTTP Status Codes?

HTTP Status Code Is 3-digit integer in which the first digit of the Status-Code defines the class of response. Response Header of each API response contains the HTTP Status Code. HTTP Status Codes are grouped into five categories based upon the first number.

Some of the commonly seen HTTP Status Codes are:

What is Parameter Binding in ASP.NET Web API?

When Web API calls a method on a controller, it must set the values for the parameters, this particular process is known as Parameter Binding. By Default, Web API uses the below rules in order to bind the parameter:

• FromUri: If the parameter is of “Simple” type, then Web API tries to get the value from the URI. Simple Type includes .Net Primitive type like int, double, etc., DateTime, TimeSpan, GUID, string, any type which can be converted from the string type.
• FromBody: If the parameter is of “Complex” type, then Web API will try to bind the values from the message body.

What is Content Negotiation in Web API?

Content Negotiation is the process of selecting the best representation for a given response when there are multiple representations available. Two main headers which are responsible for the Content Negotiation are:

Content-Type

Accept : The content-type header tells the server about the data, the server is going to receive from the client whereas another way to use Accept-Header, which tells the format of data requested by the Client from a server. In the below example, we requested the data from the server in JSON format.

What is Media-Type Formatter in ASP.NET Web API?

Media-Type formatter is an abstract class from which JsonMediaTypeFormatter (handle JSON format) and XmlMediaTypeFormatter (handle XML format) class derived from. Media-Type formatter are classes responsible for serializing the response data in the format that the client asked for.

What is the use of Authorize Attribute?

Web API provided a built-in authorization filter, i.e. Authorize Attribute. This filter checks whether the user is authenticated or not. If not, the user will see 401 Unauthorized HTTP Status Code.

How Web API Routes HTTP request to the Controller ASP.NET MVC?

In ASP.NET Web API, HTTP request maps to the controller. In order to determine which action is to invoke, the Web API framework uses a routing table.

In How many ways we can do Web API Versioning?

We can do Web API Versioning in the following ways:

• URI
• Query String Parameter
• Custom Header Parameter
• Accept Header Parameter

What is Exception handling?

Exception handling is a technique to handle runtime error in the application code. In multiple ways we can handle the error in ASP.NET Web API, some of them are listed below:

• HttpResponseException
• HttpError
• Exception Filters etc.

How to disable automatic HTTP 400 responses in Web API?

You can disable the automatic trigger of HTTP 400 responses by setting SuppressModelStateInvalidFilter to ‘True’ in Startup.ConfigureServices as below.

 services.AddControllers()
    .ConfigureApiBehaviorOptions(options =>
    {
    options.SuppressModelStateInvalidFilter = true;
    });

Explain the controller action return types that ASP.NET Core web API provides

ASP.NET Core Web API offers the following return types for controller action methods.

• A Specific Type – An action method can return any primitive data type like string or any custom object.
• IActionResult type – It is used when you are expecting multiple ActionResult return types such as ‘NotFoundResult’, ‘OkObjectResult’, ‘BadRequestResult’ from an action method.
• ActionResult<T>It allows you to return a type that derives from ActionResult type or some specific type like string.

How to handle errors in Web API?

Web API generally provides greater flexibility in terms of handling errors. Exception handling is a technique that is used to handle run-time errors in application code. One can use HttpResponseException, HttpError, Exception filters, register exception filters, Exception handlers to handle errors.

Exception filter can be used to identify unhandled exceptions on actions or controllers, exception handlers can be used to identify any type of unhandled exception application-wide, and HttpResponseException can be used when there is the possibility of an exception.

How to register an exception filter globally?

One can register exception filter globally using following code

GlobalConfiguration.Configuration.Filters.Add (new MyTestCustomerStore.NotImplExceptionFilterAttribute());

What is the use of HttpResponseMessage?

It is used to set response values such as header and status control. It simply allows us to work with HTTP protocol. It represents HTTP response messages that encapsulate data and status code. 

public HttpResponseMessage GetEmployee(int id) 
{     
     Employee emp = EmployeeContext.Employees.Where(e => e.Id == id).FirstOrDefault(); 
     if (emp != null) 
      { 
               return Request.CreateResponse<Employee>(HttpStatusCode.OK, emp);     
      }     else     
      { 
               return Request.CreateErrorResponse(HttpStatusCode.NotFound, "Employee Not Found"); 
      } 
}

What do you mean by Caching and What are its types?

Caching is basically a technique or process of storing data somewhere or in the cache for future requests. The cache is a temporary storage area. Caching keeps all frequently or recently accessed files or data in the cache memory and accesses them from the cache itself rather than actual address of data or files. The cache interface simply improves the storage mechanism for request/response object pairs that are being cached.

Advantages of Caching:

• It is considered the best solution to ensure that data is served where it is needed to be served that too at a high level of efficiency which is best for both client and server.
• It delivers web objects faster to the end-user.
• It reduces load time on the website server.
• It leads to faster execution of any process.
• It decreases network costs.

Types of Caching:
There are basically three types of caching as given below:

• Page Caching
• Data Caching
• Fragment Caching

What are the main return types supported in ASP. Net Web API?

It supports the following return types:

• HttpResponseMessage
• IHttpActionResult
• Void
• Other types such as string, int, etc. 

What is ASP.NET Web API routing?

Routing is the most important part of ASP.NET Web API. Routing is a way how Web API matches a URI to an action. It is basically a process that decides which action and controller should be called. The controller is basically a class that handles all HTTP requests. All public methods of controllers are basically known as action methods or just actions. Whenever a Web API framework receives any type of request, it routes that request to action. 

There are basically two ways to implement routing in Web API as given below:
Convention-based routing: Web API supports convention-based routing. In this type of routing, Web API uses route templates to select which controller and action method to execute. 

Attribute-based routing: Web API 2 generally supports a new type of routing known as attribute routing. As the name suggests, it uses attributes to define routes. It is the ability to add routes to the route table via attributes.

How to secure ASP.NET Web API?

Web API has become key to programming web-based interactions. It can be accessed by anyone who knows the URL. Therefore, they have become targets for hackers. One needs to secure Web API by controlling Web API and by deciding who can and who cannot have access to Web API. There are basically two ways or techniques that make our Web API more secure. 

Authentication: It is a process that helps to identify and check users by their credentials such as password, username, etc. To have access to the web API, firstly user credentials are needed to be passed in the request header. If user credentials are not passed into the request header, then the server returns 401 status code (unauthorized). The best authentication to be used is OAuth 2.0. 

Authorization: It is a process that helps to decide whether or not a user has access to perform an action. Authorization filters are used to implement authorization.

What are Exception filters in ASP.NET Web API?

Exception filter is generally used to handle all unhandled exceptions that are generated in web API. It implements IExceptionFilters interface. It is the easiest and most flexible to implement. This filter is executed whenever the controller method throws any unhandled exception at any stage that is not an HttpResponseExecption exception. 

Which .NET framework supports ASP.NET Web API?

.NET Framework 4.0 generally supports the first version of ASP.NET Web API. After that, .NET Framework 4.5 supports the latest version of web API i.e., ASP.NET Web API 2.

What is HttpConfiguration in Web API?

It is considered as the main class that includes different properties with help of which one can override the default behavior of Web API. Some properties are given below:

• DependencyResolver: It sets or gets a dependency resolver for dependency injection.
• Services: It gets web API services.
• ParameterBindingRules: It gets a collection of rules for how parameters should be bound.
• MessageHandlers:  It sets or gets message handlers.
• Formatters: It sets or gets media-type formatters.

Can we return View from ASP.NET Web API method?

No, we cannot return the view from the ASP.NET Web API method. ASP.NET web API develops HTTP services that provide raw data or information. ApiController in ASP.NET MVC application only renders data that is serialized and sent to the client. One can use a controller to provide normal views. 

What is content negotiation in ASP.Net Web API?

Content negotiation is basically a process of selecting the best representation from multiple representations that are available for a given response. It simply allows one to choose rather than negotiate content that one wants to get in response. It is performed at the server-side. In simple words, it chooses the best media type for matters to return a response to an incoming request. 

Difference between HTTP GET vs HTTP Post?

HTTP (HyperText Transfer Protocol) simply manages request-response between client and server. It works as a request-response protocol between client and server. 

HTTP GET: This method is used to get information or data from a respective server at a specified URL.

Example: 
GET/RegisterStudent.asp?user=value1&pass=value2

HTTP POST: This method is used to send data or information to respective servers. 

Example:
POST/RegisterStudent.asp HTTP/1.1 

What is CORS in Web API?

CORS (Cross-Origin Resource Sharing) is basically a mechanism that allows one to make requests from one website to another website in a browser that is normally not allowed by another policy called SOP (Same Origin Policy). It supports secure cross-origin requests and data transfers among clients or browsers and servers. Here, cross-origin request means requests coming from different origins. CORS simply resolves the same-origin restriction for JavaScript. One can enable CORS for web API using the respective web API package or OWIN middleware.

Name method that validates all controls on page?

Page.Validate()

What parameters can be passed in the URL of API?

Context keys, documents keys, or anything that initiates API to hit the exact end-point are few parameters that one can pass in the URL to define the complete end-point.  

What is the use of DelegatingHandler?

DelegatingHandler is used to develop a custom Server-Side HTTP Message Handler in ASP.NET Web API. It is used to represent Message Handlers before routing in Web API. 

Web API uses which library for JSON serialization?

Json.NET library is used by Web API for JSON serialization. 

Explain method to handle error using HttpError in Web API?

CreateErrorResponse is an extension method that can be used in Web API controller methods to return error codes and error messages. It creates an HttpError object and then wraps it inside an HttpResponseMessage object.

How to unit test Web API?

Using Web API tools like Fiddler, we can perform unit testing in Web API. Fiddler is basically a free debugging proxy for any browser that can be used to compose and execute various HTTP requests to Web API and check HTTP response. It is simply used for testing restful web services. It allows one to inspect and check both incoming and outgoing data to monitor and modify requests and responses before the browser receives them.

How to handle JSON Patch requests in an ASP.NET Core web API?

JSON Patch support in ASP.NET Core web API is based on Newtonsoft.Json and requires the Microsoft.AspNetCore.Mvc.NewtonsoftJson NuGet package. To enable JSON Patch support:

• Install the Microsoft.AspNetCore.Mvc.NewtonsoftJson NuGet package.
• Call AddNewtonsoftJson. For example:

var builder = WebApplication.CreateBuilder(args);

builder.Services.AddControllers()
    .AddNewtonsoftJson();

var app = builder.Build();

app.UseHttpsRedirection();

app.UseAuthorization();

app.MapControllers();

app.Run();

AddNewtonsoftJson replaces the default System.Text.Json-based input and output formatters used for formatting all JSON content.

How will you format response data in ASP.NET Core Web API?

ASP.NET Core MVC supports formatting response data, using specified formats or in response to a client’s request.

Some action result types are specific to a particular format, such as JsonResult and ContentResult. Actions can return results that always use a specified format, ignoring a client’s request for a different format. For example, returning JsonResult returns JSON-formatted data and returning ContentResult returns plain-text-formatted string data.

[HttpGet]
public IActionResult Get() =>
    Ok(_todoItemStore.GetList());

Explain the custom formatters

ASP.NET Core MVC supports data exchange in Web APIs using input and output formatters. Input formatters are used by Model Binding. Output formatters are used to format responses.

Use a custom formatter to add support for a content type that isn’t handled by the built-in formatters.

For more details visit this link.

What is OpenApi?

The OpenAPI Specification, now on v3.1.0, is essentially a set of best practices that refer to versioning, formatting, document structure, schema, and so on in the context of APIs, with the aim of building consistency and reliability.

What is Swagger?

Swagger is a set of open source tools for writing REST-based APIs. It simplifies the process of writing APIs by notches, specifying the standards & providing the tools required to write beautiful, safe, performant & scalable APIs.

In today’s software realm, there are no systems running online without exposing an API. We have moved from monolithic systems to microservices. And the whole design of microservices is laid on REST APIs.

Is there Any Difference Between Swagger & the Open API?

OpenAPI is the specification & Swagger is the implementation of the specification. Just like, JPA is the specification & Hibernate is the implementation.

Swagger provides the tools for implementing the OpenAPI specification. Today OpenAPI is adopted by the big guns in the industry, contributing to it at the same time, evolving the API development process.

What is the difference between Postman & Swagger?

Postman is also an API testing solution just like Swagger. It started as a chrome app & now offers pretty much majority of the features required to develop & test APIs.

It’s been a while I’ve used Postman. Did use it a couple of years back when I was integrating the Facebook login with Spring social in an e-commerce project.

Swagger, on the other hand, is a suite of open source & commercial tools. It created the OpenAPI specification.

What is Rate Limiting? How will you implement it in the Web API?

The term Rate-Limiting refers to the broader concept of restricting the request traffic to an API endpoint at any point in time. Throttling is a particular process of applying rate-limiting to an API endpoint.

There are other ways an API endpoint can apply rate-limiting. One such way is the use of Request Queues. This process queues the incoming requests. It then serves them to the API endpoint at a rate that the API can process gracefully.

Why do we need Rate Limiting?

• Rate Limiting helps us to protect against malicious bot attacks. For example, a hacker can use bots to make repeated requests to an API endpoint. Due to the number of repeated requests, resulting in will be service unavailable for others. This is called as the Denial of Service (DoS) attack. So, the rate limiting helps us from the DoS attack.
• Another use of the rate limiting is to regulate traffic to the API.

We can implement the rate limiting using below ways,

• Using a Custom Middleware
• Using the AspNetCoreRateLimit NuGet Package