Practice & Assessment
Test your understanding of API Design Fundamentals
Multiple Choice Questions
6Which HTTP method is idempotent but NOT safe?
A client sends a valid JSON body, but the email field violates your uniqueness constraint. Which status code is most appropriate?
Which API versioning strategy breaks HTTP caching most severely?
A JWT is issued with a 24-hour expiry. An admin revokes the user 2 hours after issuance. What happens to the JWT for the remaining 22 hours?
Which field in RFC 7807 Problem Details is intended to be machine-readable for client branching logic?
Your API needs server-to-server authentication with no user involvement. Which mechanism fits best?
Coding Challenges
1Build a versioned REST API with RFC 7807 error responses
Using Node.js/Express, implement a /v1/users endpoint supporting GET (list), POST (create), and GET /v1/users/:id. POST must validate that email is present and unique, returning 409 on duplicate and 422 with field-level errors on missing fields. All error responses must conform to RFC 7807 with type, title, status, detail, and errors array fields. Input: JSON body with name and email. Output: 201 with Location header on success, appropriate 4xx with problem+json body on failure. Estimated time: 25-30 minutes.
Mini Project
Mini URL Shortener API
Build a versioned REST API at /v1/links that creates short URLs (POST), redirects on GET /:code with 302, and returns 404 with RFC 7807 error body when the code does not exist. Implement API key authentication via Authorization header. POST requires a valid URL body field, returning 422 if missing or invalid and 401 on missing key. Store links in memory. Include GET /v1/links to return all links created by the authenticated API key. Use correct status codes: 201 on create with Location header, 204 on DELETE, 403 on wrong key. Apply all module concepts: resource naming, versioning, status codes, error format, and authentication.