Monday, 13 July 2026

Azure

1. What is REST API?

Answer

REST (Representational State Transfer) is an architectural style for building web services that communicate over HTTP. A REST API exposes resources through URLs and uses standard HTTP methods like GET, POST, PUT, PATCH, and DELETE.

Example

GET /api/orders

Returns all orders.

GET /api/orders/101

Returns Order 101.

Characteristics

  • Stateless communication

  • Client-Server architecture

  • Uniform interface

  • Cacheable responses

  • Uses HTTP methods and status codes

  • Supports JSON/XML (JSON is most common)

Real-time Example

In an e-commerce application:

  • Customer API

  • Order API

  • Payment API

  • Inventory API

Each exposes REST endpoints independently.


2. What are REST API Best Practices?

Answer

A well-designed REST API should follow these best practices:

  • Use nouns instead of verbs.

    • Good: /api/orders

    • Bad: /api/getOrders

  • Use proper HTTP methods.

  • Return correct HTTP status codes.

  • Use API versioning (/api/v1/orders).

  • Validate request models.

  • Handle exceptions globally.

  • Implement authentication and authorization.

  • Support pagination and filtering.

  • Use asynchronous programming.

  • Document APIs using Swagger/OpenAPI.

Interview Tip

Mention Swagger, JWT, FluentValidation, API Versioning, and Global Exception Middleware.


3. Difference between PUT and PATCH?

Answer

PUTPATCH
Replaces the complete resourceUpdates only specified fields
Client sends the entire objectClient sends only changed properties
IdempotentUsually idempotent

Example:

PUT

{
 "Name":"John",
 "Age":30
}

PATCH

{
 "Age":31
}

4. How do you secure REST APIs?

Answer

I typically use:

  • JWT Authentication

  • OAuth2/OpenID Connect

  • Azure AD or Microsoft Entra ID

  • Role-Based Authorization

  • Claims-Based Authorization

  • HTTPS

  • CORS

  • Rate Limiting

  • Input Validation

  • API Gateway

Interview Scenario

"In one project, APIs were secured using JWT tokens issued by Azure AD. Each API validated the JWT, extracted claims, and authorized access based on user roles."


5. How do you improve REST API performance?

Answer

Several techniques:

  • Async programming (async/await)

  • Pagination

  • Projection (DTOs)

  • Database indexing

  • Response compression

  • Redis caching

  • Connection pooling

  • Minimize database round trips

  • Application Insights monitoring

Example

Instead of:

SELECT *

Use

SELECT Id,Name

using DTO projection.


6. Explain Idempotency.

Answer

Idempotency means performing the same operation multiple times should produce the same result.

Example:

Customer clicks "Pay" twice.

Without idempotency:

Two payments.

With idempotency:

Only one payment.

Implementation:

  • Idempotency Key

  • Unique Request ID

  • Duplicate Detection


7. Explain Microservices.

Answer

Microservices is an architectural style where an application is divided into small, independently deployable services. Each service owns a specific business capability and typically has its own database.

Example

Customer Service

Order Service

Payment Service

Inventory Service

Notification Service

Each service:

  • Own Database

  • Own Deployment

  • Independent Scaling

  • Independent Team


8. Microservices vs Monolithic

MonolithicMicroservices
Single deploymentIndependent deployments
One databaseDatabase per service
Tight couplingLoose coupling
Hard to scaleScale individual services
Technology lockedPolyglot possible

9. How do Microservices communicate?

Answer

Two ways:

Synchronous

  • REST API

  • gRPC

Used when immediate response is required.

Example

Order Service

↓

Customer Service

Asynchronous

  • Azure Service Bus

  • Kafka

  • RabbitMQ

Example

Order Created Event

↓

Inventory

↓

Email

↓

Analytics

↓

Invoice

10. What is API Gateway?

Answer

API Gateway is the single entry point for all client requests.

Responsibilities:

  • Authentication

  • Routing

  • Rate Limiting

  • Logging

  • SSL Termination

  • Caching

Examples:

  • Azure API Management

  • YARP

  • Ocelot


Event-Driven Architecture


11. What is Event-Driven Architecture?

Answer

Instead of services calling each other directly, services publish events. Other services subscribe and react independently.

Example

Order Created

↓

Service Bus Topic

↓

Inventory

↓

Email

↓

Invoice

↓

Analytics

Advantages

  • Loose coupling

  • Better scalability

  • Independent deployments

  • Easy integration


12. Queue vs Topic?

Queue

One producer

One consumer


Topic

One producer

Many subscribers

Example

Order Created

↓

Topic

↓

Email

↓

SMS

↓

Analytics

13. Explain Dead Letter Queue.

Answer

Messages that cannot be processed after retries move to the Dead Letter Queue (DLQ).

Reasons

  • Invalid message format

  • Max retries exceeded

  • Business validation failure

After fixing the issue, messages can be replayed.


14. Explain Idempotent Consumer.

Answer

Sometimes the same message is delivered twice.

Consumer should process it only once.

Methods

  • Store MessageId

  • Database unique constraint

  • Duplicate Detection


Unit Testing


15. What is Unit Testing?

Answer

Unit testing verifies a single class or method in isolation.

Frameworks

  • xUnit

  • NUnit

  • MSTest

Mocking

  • Moq


16. What should be mocked?

Mock

  • Repository

  • External APIs

  • Payment Gateway

  • Logger

  • Email Service

Don't mock

Business logic


17. Difference between Unit Test and Integration Test?

Unit TestIntegration Test
Tests one classTests multiple components
Uses mocksUses real dependencies
Very fastSlower
No databaseDatabase allowed

Azure Functions


18. What is Azure Function?

Answer

Azure Function is a serverless compute service that runs code in response to events.

Triggers

  • HTTP

  • Blob

  • Queue

  • Timer

  • Service Bus


19. Why Isolated Worker?

Answer

Microsoft recommends Isolated Worker because:

  • Supports .NET 8+

  • Better Dependency Injection

  • Independent runtime

  • Better middleware support

  • Future-proof


20. What is Cold Start?

Answer

In Consumption Plan, the first request after inactivity takes longer because the Function App needs to start.

Solutions

  • Premium Plan

  • Always Ready instances

  • Keep-alive pings


Azure Service Bus


21. Why Service Bus instead of REST?

REST

Immediate response

Service Bus

Reliable asynchronous messaging

Retry

Dead Letter Queue

Ordering

Transactions


22. Peek Lock vs Receive and Delete?

Peek Lock

Receive

Process

Complete

Safe


Receive and Delete

Deletes immediately

Risk of message loss


Azure Key Vault


23. What is Azure Key Vault?

Answer

Secure storage for

  • Secrets

  • Certificates

  • Encryption Keys

Never store

Connection Strings

Passwords

API Keys

inside appsettings.json.

Use Managed Identity.


Azure Blob Storage


24. What is Blob Storage?

Stores

  • Images

  • Videos

  • Documents

  • Backups

Supports

  • SAS Tokens

  • Versioning

  • Lifecycle Management

  • Geo-redundancy


Azure Queue Storage


25. Difference between Queue Storage and Service Bus?

Queue StorageService Bus
Basic messagingEnterprise messaging
CheapMore features
No ordering guaranteeSessions for ordering
No DLQ (same capabilities)Dead Letter Queue
Simple retryAdvanced retry

Application Insights


26. What does Application Insights monitor?

  • Requests

  • Exceptions

  • Dependencies

  • SQL queries

  • Performance

  • Availability

  • Distributed tracing


27. How do you troubleshoot a slow API?

Steps

  1. Open Application Insights.

  2. Check Response Time.

  3. Check Dependency Calls.

  4. Find slow SQL.

  5. Check Exceptions.

  6. Optimize.


Azure DevOps


28. Explain Pull Request Workflow.

Developer

Feature Branch

Commit

Push

Pull Request

Code Review

Build Validation

Approval

Merge


29. What do you check in Code Review?

  • Naming

  • SOLID

  • Exception Handling

  • Logging

  • Security

  • Performance

  • Unit Tests

  • Code Duplication


GitFlow


30. Explain GitFlow.

main

↓

develop

↓

feature branches

↓

release branch

↓

main

↓

hotfix

↓

main

↓

develop

31. Difference between Merge and Rebase?

Merge

Keeps history

Safe

Rebase

Cleaner history

Rewrites commits


Senior-Level Scenario Question

Question:

Design an Azure-based e-commerce system where an Order API receives 10,000 requests per minute. Orders should trigger payment processing, inventory updates, email notifications, invoice generation, and analytics. The system must remain available even if the Payment service is temporarily unavailable.

Answer (Interview):

"I would expose the Order API through Azure API Management or YARP and implement it using ASP.NET Core. Secrets like database connection strings and API keys would be stored in Azure Key Vault and accessed via Managed Identity. After validating and storing the order in SQL Server, the API would publish an OrderCreated event to an Azure Service Bus Topic. Services such as Inventory, Notification, Invoice, and Analytics would subscribe independently to the topic, enabling loose coupling and scalability. For the external Payment service, I would use Polly with Retry, Circuit Breaker, and Timeout policies to handle transient failures. Consumers would be idempotent by storing processed message IDs to prevent duplicate processing. Product images would be uploaded directly to Azure Blob Storage using SAS tokens, avoiding large file uploads through the API. Azure Functions (Isolated Worker) would process background tasks like invoice generation or image processing. Azure Application Insights would provide distributed tracing, dependency monitoring, exception tracking, and performance metrics. The solution would follow SOLID principles, use dependency injection, include xUnit-based unit tests and integration tests, and be deployed through Azure DevOps CI/CD with GitFlow branching and Pull Request approvals."



No comments:

Post a Comment