VL api ?s

What is an API?

An API is an interface that lets two pieces of software communicate

What is the client in an API interaction?

The client is the system making the request

What is the server in an API interaction?

The server receives requests

What is an endpoint?

An endpoint is a specific URL and HTTP method combination

What is a resource in REST API design?

A resource is the main object being acted on

How should REST endpoints usually be named?

Use nouns instead of verbs

Why use plural nouns in REST endpoints?

Plural nouns like /units or /test-results represent collections of resources and are a common REST convention.

What is a good endpoint for getting one unit by serial number?

GET /units/{serial_number}

What is a good endpoint for creating a unit?

POST /units

What is a good endpoint for updating a unit's status?

PATCH /units/{serial_number}/status

What is a good endpoint for getting a unit's history?

GET /units/{serial_number}/history

What is a good endpoint for uploading test results?

POST /test-results

What is a good endpoint for dashboard summary data?

GET /dashboard/summary

What is the difference between /units and /units/{id}?

/units usually refers to the collection of units; /units/{id} refers to one specific unit.

What is the difference between a collection endpoint and an item endpoint?

A collection endpoint works with many resources

What is a nested route?

A route that shows a relationship between resources

When should you use a nested route?

Use a nested route when the child resource clearly belongs to the parent

When should you avoid deeply nested routes?

Avoid routes like /factories/1/lines/2/stations/3/units/4/results because they become hard to maintain and use.

What is the difference between query parameters and request body?

Query parameters usually filter or modify retrieval; request body usually contains data to create or update.

When should filters go in query parameters?

Use query parameters for filtering lists

When should data go in the request body?

Use request body for creating or updating resources

What is filtering in an API?

Filtering lets clients request only matching records

What is sorting in an API?

Sorting lets clients choose result order

What is pagination in an API?

Pagination splits large result sets into smaller pages

Why is pagination important?

It prevents huge responses

What is offset-based pagination?

Pagination using page/limit or offset/limit

What is cursor-based pagination?

Pagination using a cursor token pointing to the next set of results; better for large or frequently changing datasets.

When is offset pagination okay?

It is okay for small or moderate datasets where records are not changing too rapidly.

When is cursor pagination better?

It is better for large datasets

What should a paginated response include?

It should include data plus metadata like page

What is a typical paginated response shape?

{ "data": [...]

What is response shape consistency?

APIs should return responses in predictable formats so clients can handle them easily.

Why is consistent response format important?

It makes frontend and integration code simpler

What is a good success response for creating a resource?

Return 201 Created and the created resource or its ID.

What should POST /units return after creating a unit?

It should return 201 Created with the new unit data

What should PATCH /units/{serial}/status return?

It should return 200 OK with the updated unit or status transition result.

What should DELETE usually return?

It can return 204 No Content if deletion succeeded and no body is needed.

What does HTTP 204 mean?

The request succeeded but there is no response body.

What does HTTP 422 mean?

Unprocessable Entity; the request format is valid but semantic validation failed

What does HTTP 429 mean?

Too Many Requests; the client exceeded a rate limit.

What does HTTP 503 mean?

Service Unavailable; the server or dependency is temporarily unavailable.

When would you use 400 vs 422?

Use 400 for malformed/missing input; use 422 for well-formed input that fails business validation.

When would you use 409 Conflict?

Use 409 when the request conflicts with current state

What is a good error response shape?

{ "error": { "code": "INVALID_STATUS"

Why include machine-readable error codes?

They let clients handle errors programmatically instead of parsing human text.

Why avoid exposing stack traces in API responses?

Stack traces can leak implementation details and security-sensitive information.

What should be logged for API errors?

Request ID

What is a request ID?

A unique identifier assigned to a request so logs can be traced across services.

Why are request IDs useful?

They make debugging easier by connecting logs from the same request.

What is authentication?

Authentication verifies identity

What is authorization?

Authorization checks what an authenticated user or service is allowed to do.

What is the difference between 401 and 403?

401 means not authenticated; 403 means authenticated but not allowed.

What is an API key?

A secret token used by a service or client to authenticate API requests.

When might a test station use an API key?

A manufacturing test station might use an API key or device token to upload test results securely.

What is a bearer token?

A token sent in the Authorization header

What is JWT?

A JSON Web Token is a signed token that can carry identity/claims for authentication or authorization.

What is session-based authentication?

The server stores login state in a session and the browser sends a session cookie with requests.

What is token-based authentication?

The client sends a token

What is role-based access control?

Permissions are based on roles such as operator

What roles might exist in a manufacturing internal tool?

Operator

Why use separate service accounts for integrations?

They allow least-privilege permissions and easier auditing for machine-to-machine API calls.

What is least privilege in API design?

Give each user or service only the minimum permissions needed.

What is input validation?

Checking that request data has required fields

What fields should be validated when uploading test results?

serial_number

What is business rule validation?

Validation based on workflow rules

What is schema validation?

Checking that JSON/request data matches the expected structure and data types.

What is a required field?

A field that must be present for the API to process the request

What is type validation?

Checking that fields have the correct type

What is range validation?

Checking numeric values are within acceptable limits

What is enum validation?

Checking a value belongs to a fixed set

Why validate on backend even if frontend validates?

Frontend validation improves UX

What is idempotency in API design?

A retry-safe design where repeated identical requests do not create duplicate side effects.

Which HTTP methods are usually idempotent?

GET

Is GET idempotent?

Yes. Repeating a GET should not change server state.

Is POST idempotent by default?

No. Repeating POST /test-results could create duplicates unless you design idempotency.

Is PATCH idempotent?

It depends on the operation. Setting status to testing can be idempotent; incrementing a counter is not.

What is an idempotency key?

A unique client-provided key that lets the server recognize retries of the same operation.

Where can an idempotency key be sent?

In a request header like Idempotency-Key or in the request body.

How would idempotency work for test uploads?

The server stores the idempotency_key with the result. If the same key arrives again

What is an upsert?

An operation that inserts a row if it does not exist or updates it if it does.

When might you use upsert in integrations?

When syncing records from another system where the same record may be processed more than once.

What is a retry?

Trying a failed request again

When is retrying safe?

Retrying is safe when the operation is idempotent or protected by an idempotency key.

When is retrying dangerous?

Retrying non-idempotent operations can create duplicates or repeated side effects.

What is exponential backoff?

A retry strategy that waits longer after each failure

What is a timeout?

A maximum wait time before giving up on a slow request.

Why are timeouts important?

They prevent clients or servers from hanging forever when a dependency is slow or unavailable.

What is a circuit breaker?

A reliability pattern that temporarily stops calling a failing service to prevent cascading failures.

What is a dependency in API design?

Another service/database/API that your endpoint relies on.

What is graceful degradation?

Continuing to provide partial functionality when one dependency fails.

How could a dashboard degrade gracefully?

Show last known data with a stale warning if live refresh fails.

What is API latency?

The time between a client sending a request and receiving a response.

What is API throughput?

The number of requests an API can handle per unit time.

What is payload size?

The amount of data sent in a request or response.

Why reduce payload size?

Large payloads increase latency

How can you reduce API response payload size?

Return only needed fields

What is field selection?

Allowing clients to request specific fields

What is overfetching?

Returning more data than the client needs.

What is underfetching?

Returning too little data so the client must make many extra requests.

What is N+1 API problem?

A client makes one request for a list and then one request per item for details