1. What is REST API?
Answer
REST (Representational State Transfer) is an architectural style for building web services that communicate over HTTP. A REST API exposes resources through URLs and uses standard HTTP methods like GET, POST, PUT, PATCH, and DELETE.
Example
GET /api/orders
Returns all orders.
GET /api/orders/101
Returns Order 101.
Characteristics
Stateless communication
Client-Server architecture
Uniform interface
Cacheable responses
Uses HTTP methods and status codes
Supports JSON/XML (JSON is most common)
Real-time Example
In an e-commerce application:
Customer API
Order API
Payment API
Inventory API
Each exposes REST endpoints independently.
2. What are REST API Best Practices?
Answer
A well-designed REST API should follow these best practices:
Use nouns instead of verbs.
Good:
/api/ordersBad:
/api/getOrders
Use proper HTTP methods.
Return correct HTTP status codes.
Use API versioning (
/api/v1/orders).Validate request models.
Handle exceptions globally.
Implement authentication and authorization.
Support pagination and filtering.
Use asynchronous programming.
Document APIs using Swagger/OpenAPI.
Interview Tip
Mention Swagger, JWT, FluentValidation, API Versioning, and Global Exception Middleware.
3. Difference between PUT and PATCH?
Answer
| PUT | PATCH |
|---|---|
| Replaces the complete resource | Updates only specified fields |
| Client sends the entire object | Client sends only changed properties |
| Idempotent | Usually idempotent |
Example:
PUT
{
"Name":"John",
"Age":30
}
PATCH
{
"Age":31
}
4. How do you secure REST APIs?
Answer
I typically use:
JWT Authentication
OAuth2/OpenID Connect
Azure AD or Microsoft Entra ID
Role-Based Authorization
Claims-Based Authorization
HTTPS
CORS
Rate Limiting
Input Validation
API Gateway
Interview Scenario
"In one project, APIs were secured using JWT tokens issued by Azure AD. Each API validated the JWT, extracted claims, and authorized access based on user roles."
5. How do you improve REST API performance?
Answer
Several techniques:
Async programming (
async/await)Pagination
Projection (DTOs)
Database indexing
Response compression
Redis caching
Connection pooling
Minimize database round trips
Application Insights monitoring
Example
Instead of:
SELECT *
Use
SELECT Id,Name
using DTO projection.
6. Explain Idempotency.
Answer
Idempotency means performing the same operation multiple times should produce the same result.
Example:
Customer clicks "Pay" twice.
Without idempotency:
Two payments.
With idempotency:
Only one payment.
Implementation:
Idempotency Key
Unique Request ID
Duplicate Detection
7. Explain Microservices.
Answer
Microservices is an architectural style where an application is divided into small, independently deployable services. Each service owns a specific business capability and typically has its own database.
Example
Customer Service
Order Service
Payment Service
Inventory Service
Notification Service
Each service:
Own Database
Own Deployment
Independent Scaling
Independent Team
8. Microservices vs Monolithic
| Monolithic | Microservices |
|---|---|
| Single deployment | Independent deployments |
| One database | Database per service |
| Tight coupling | Loose coupling |
| Hard to scale | Scale individual services |
| Technology locked | Polyglot possible |
9. How do Microservices communicate?
Answer
Two ways:
Synchronous
REST API
gRPC
Used when immediate response is required.
Example
Order Service
↓
Customer Service
Asynchronous
Azure Service Bus
Kafka
RabbitMQ
Example
Order Created Event
↓
Inventory
↓
Email
↓
Analytics
↓
Invoice
10. What is API Gateway?
Answer
API Gateway is the single entry point for all client requests.
Responsibilities:
Authentication
Routing
Rate Limiting
Logging
SSL Termination
Caching
Examples:
Azure API Management
YARP
Ocelot
Event-Driven Architecture
11. What is Event-Driven Architecture?
Answer
Instead of services calling each other directly, services publish events. Other services subscribe and react independently.
Example
Order Created
↓
Service Bus Topic
↓
Inventory
↓
Email
↓
Invoice
↓
Analytics
Advantages
Loose coupling
Better scalability
Independent deployments
Easy integration
12. Queue vs Topic?
Queue
One producer
↓
One consumer
Topic
One producer
↓
Many subscribers
Example
Order Created
↓
Topic
↓
Email
↓
SMS
↓
Analytics
13. Explain Dead Letter Queue.
Answer
Messages that cannot be processed after retries move to the Dead Letter Queue (DLQ).
Reasons
Invalid message format
Max retries exceeded
Business validation failure
After fixing the issue, messages can be replayed.
14. Explain Idempotent Consumer.
Answer
Sometimes the same message is delivered twice.
Consumer should process it only once.
Methods
Store MessageId
Database unique constraint
Duplicate Detection
Unit Testing
15. What is Unit Testing?
Answer
Unit testing verifies a single class or method in isolation.
Frameworks
xUnit
NUnit
MSTest
Mocking
Moq
16. What should be mocked?
Mock
Repository
External APIs
Payment Gateway
Logger
Email Service
Don't mock
Business logic
17. Difference between Unit Test and Integration Test?
| Unit Test | Integration Test |
|---|---|
| Tests one class | Tests multiple components |
| Uses mocks | Uses real dependencies |
| Very fast | Slower |
| No database | Database allowed |
Azure Functions
18. What is Azure Function?
Answer
Azure Function is a serverless compute service that runs code in response to events.
Triggers
HTTP
Blob
Queue
Timer
Service Bus
19. Why Isolated Worker?
Answer
Microsoft recommends Isolated Worker because:
Supports .NET 8+
Better Dependency Injection
Independent runtime
Better middleware support
Future-proof
20. What is Cold Start?
Answer
In Consumption Plan, the first request after inactivity takes longer because the Function App needs to start.
Solutions
Premium Plan
Always Ready instances
Keep-alive pings
Azure Service Bus
21. Why Service Bus instead of REST?
REST
Immediate response
Service Bus
Reliable asynchronous messaging
Retry
Dead Letter Queue
Ordering
Transactions
22. Peek Lock vs Receive and Delete?
Peek Lock
Receive
↓
Process
↓
Complete
Safe
Receive and Delete
Deletes immediately
Risk of message loss
Azure Key Vault
23. What is Azure Key Vault?
Answer
Secure storage for
Secrets
Certificates
Encryption Keys
Never store
Connection Strings
Passwords
API Keys
inside appsettings.json.
Use Managed Identity.
Azure Blob Storage
24. What is Blob Storage?
Stores
Images
Videos
Documents
Backups
Supports
SAS Tokens
Versioning
Lifecycle Management
Geo-redundancy
Azure Queue Storage
25. Difference between Queue Storage and Service Bus?
| Queue Storage | Service Bus |
|---|---|
| Basic messaging | Enterprise messaging |
| Cheap | More features |
| No ordering guarantee | Sessions for ordering |
| No DLQ (same capabilities) | Dead Letter Queue |
| Simple retry | Advanced retry |
Application Insights
26. What does Application Insights monitor?
Requests
Exceptions
Dependencies
SQL queries
Performance
Availability
Distributed tracing
27. How do you troubleshoot a slow API?
Steps
Open Application Insights.
Check Response Time.
Check Dependency Calls.
Find slow SQL.
Check Exceptions.
Optimize.
Azure DevOps
28. Explain Pull Request Workflow.
Developer
↓
Feature Branch
↓
Commit
↓
Push
↓
Pull Request
↓
Code Review
↓
Build Validation
↓
Approval
↓
Merge
29. What do you check in Code Review?
Naming
SOLID
Exception Handling
Logging
Security
Performance
Unit Tests
Code Duplication
GitFlow
30. Explain GitFlow.
main
↓
develop
↓
feature branches
↓
release branch
↓
main
↓
hotfix
↓
main
↓
develop
31. Difference between Merge and Rebase?
Merge
Keeps history
Safe
Rebase
Cleaner history
Rewrites commits
Senior-Level Scenario Question
Question:
Design an Azure-based e-commerce system where an Order API receives 10,000 requests per minute. Orders should trigger payment processing, inventory updates, email notifications, invoice generation, and analytics. The system must remain available even if the Payment service is temporarily unavailable.
Answer (Interview):
"I would expose the Order API through Azure API Management or YARP and implement it using ASP.NET Core. Secrets like database connection strings and API keys would be stored in Azure Key Vault and accessed via Managed Identity. After validating and storing the order in SQL Server, the API would publish an OrderCreated event to an Azure Service Bus Topic. Services such as Inventory, Notification, Invoice, and Analytics would subscribe independently to the topic, enabling loose coupling and scalability. For the external Payment service, I would use Polly with Retry, Circuit Breaker, and Timeout policies to handle transient failures. Consumers would be idempotent by storing processed message IDs to prevent duplicate processing. Product images would be uploaded directly to Azure Blob Storage using SAS tokens, avoiding large file uploads through the API. Azure Functions (Isolated Worker) would process background tasks like invoice generation or image processing. Azure Application Insights would provide distributed tracing, dependency monitoring, exception tracking, and performance metrics. The solution would follow SOLID principles, use dependency injection, include xUnit-based unit tests and integration tests, and be deployed through Azure DevOps CI/CD with GitFlow branching and Pull Request approvals."
No comments:
Post a Comment