Week 1: Introduction to REST APIs

Meta Android Developer Professional Certificate

Complete Coursera Answers & Study Guide

Enroll in Coursera Meta Android Developer Professional Certification


Get to know RESTful API development.

Learning Objectives

  • Identify the key characteristics, benefits and uses of REST API, states and resources.
  • Create routes with the correct naming conventions.
  • Explain the principles of authentication in a REST API.
  • Differentiate between authentication and authorization.
  • Explain the API request lifecycle.


1. Which of the following configuration options in Insomnia were used in this Exercise? Choose all that apply.

  • Creating a GET request. (CORRECT)
  • Creating a POST request with Form Data. (CORRECT)
  • Creating a POST request with JSON Data. (CORRECT)
  • Creating a Base Environment.

That’s correct! You learned how to create a GET request using Insomnia. 

That’s correct! You learned how to create a POST request for sending form data using Insomnia. 

That’s correct! You learned how to send a JSON object as an output using Insomnia. 

2. Using the Filter response body option in Insomnia, which of the following filters can be used to obtain the month field [“july”] as the output when used over the JSON object below? Choose all that apply.

    "title": "Lord of the Rings",
    "author": "JRR Tolkien",
    "published" : {
        "year": 1954,
        "month": "july",
        "day" : 29
  • $.json.month
  • $.json.published.”month”
  • $[json][published][month] (CORRECT)
  • $.json.published.[month] (CORRECT)

That’s correct! The filter used will be able to access the value of the month property and return the desired result.

That’s correct! The filter used will be able to access the value of the month property and return the desired result.

3. Which of the following JSON objects will return a valid JSON output that is not null while making a POST request.

  • { “title”: “Lord of the Rings” } (CORRECT)
  • { “title”: Lord of the Rings }
  • { title: “Lord of the Rings” }
  • { “title”: “Lord of the Rings” ,}

That’s correct! This is a correct format that will produce the JSON output.

4. You’ve learned that an HTTP request has a body and a header. What information does the HTTP request header contain?  Select all that apply.

  • Form data passed to the web server
  • HTTP version type, for example 1.1 or 2.0
  • HTTP request headers can contain cookies, user-agents and referrers (CORRECT)
  • Extra information that helps the server make decisions on how to present the content (CORRECT)

That’s correct. These are all examples of information that helps servers decide how to process an HTTP request.

That’s correct. The HTTP request header is a core part of every HTTP request and contain vital information for the server.

5. An API is only RESTful if it complies with which constraints? Select all that apply.

  • The API infrastructure should be layered (CORRECT)
  • The API should be stateless (CORRECT)
  • The API should use client-server architecture (CORRECT)
  • The API should deliver code on demand (CORRECT)
  • Every API should support all HTTP methods
  • The API should be cacheable (CORRECT)

That’s right! The entire system architecture must be able to split into multiple layers. And you should be able to add or remove a layer any time. 

Correct! The state of a RESTful API is only saved on the client machine, not the server.

That’s right! There should be a server that is serving the resources, and there should be a client who consumes them. 

That’s right! Although this is not always a requirement. It is considered an optional constraint.

That’s right! RESTful APIs can be saved by a web browser, or a server, or any system.

6. The naming convention of this API is correct: https://little.lemon/orders/{orderId}/customer-details

  • True  (CORRECT)
  • False

That’s correct. In this case, the variable is the order ID so it should be in camelCase and wrapped in curly braces. It is also good that “customer” and “details” has a hyphen in between the words and not an underscore or space. Further, the hierarchical relationship between the objects is specified with forward slashes.

7. In this video you learned about tools for API development. Which of the following statements are true? Check all that apply.

  • Curl, Postman and Insomnia are cross-platform tools to test and debug your APIs (CORRECT)
  • Curl has a graphical version
  • Postman has a web version (CORRECT)
  • You can use Insomnia from mobile

That’s correct. While Curl only offers the command line version, it is available in all major operating systems. Similarly, Postman and Insomnia are also available for Windows, macOS and Linux.

That’s correct. Postman offers a web version that you can use without installing its desktop client.


1. Why is communicating over HTTPS more secure than HTTP? 

  • Both client- and server-side are encrypted but decryption is not performed. 
  • Encryption and decryption are performed both on the client- and server-side. (CORRECT)
  • There is only server-side encryption and client-side encryption.
  • There is client-side encryption and server-side decryption.

Correct! HTTPS is secure which means that there is encryption for data exchanged both at client- and server-side which can also be decrypted. 

2. Which of the following HTTPS methods is used to partially update data?

  • POST
  • GET
  • PUT

Correct! PATCH is used to partially updating a resource.

3. Which of the following HTTP status codes inside the response header indicate server-side errors?

  • 500-599 (CORRECT)
  • 100-199
  • 400-499
  • 300-399

Correct! The status codes mentioned are used to indicate server-side errors to the client inside the response headers.

4. RESTful APIs are considered to be stateless. What this means is the state is saved ________.

  • on neither the client- nor server-side
  • only with the client  (CORRECT)
  • both on client and server
  • only on the server

Correct! The server does not contain any state of the API client making the request and cannot identify who is making the request. 

5. Which of the following can be a layer in the RESTful API communication system that data encounters while being passed between the client and server? Select all that apply.

  • Load balancer (CORRECT)
  • Firewall (CORRECT)
  • Headers

Correct! Load balancers help in the efficient distribution of network traffic before the requests from client reach the server. 

Correct! Firewalls are security systems over the network that help control and monitor the network traffic between the client and server based on security rules. 


1. The abuse of API calls made by an end-user can be managed and restricted by means of:

  • Caching
  • Rate-limiting (CORRECT)
  • Monitoring
  • Versioning

Correct! Rate-limiting limits the number end-user can call your API in a period of time such as per minute, hour or day. 

2. While monitoring API endpoints for indicators such as latency and response time, which of the following HTTP status codes can be used to identify potential problems early on? Select all that apply.

  • 100-199
  • 200-299
  • 400-499 (CORRECT)
  • 500-599 (CORRECT)

Correct! Status codes 400-499 imply client-side errors that can give an early indication of delays caused by potential problems. 

Correct! Status codes 500-599 imply server-side errors that can provide an early indication of delays caused by potential problems.

3. SSL certificates ensure that the API calls coming to a specific vendor website such as Little Lemon are coming from their own website and mobile app. 

  • True
  • False (CORRECT)

Correct! SSL certificates are used to encrypt data and help serve data over HTTPS instead of HTTP. Signed URLs ensure that the API calls coming to a specific vendor website such as Little Lemon are coming from their own website and mobile app.

4. Which of the following HTTP status codes suggest authentication and authorization errors while communicating data over HTTP? Select all that apply.

  • 402 (CORRECT)
  • 404
  • 401 (CORRECT)

Correct! The 402 – Forbidden error is raised when the credentials are valid, but the client does not have the privilege to perform the action. 

Correct! The 401 – Unauthorized error is raised when the username and password credentials do not match the records available within the server. 

5. The SSL in SSL certificates, commonly known for being used in secure communications stand for:

  • Secure Socket Layer (CORRECT)
  • Security Socket Layer
  • Secure Secret Layer
  • Socket Secure Layer

Correct! Secure Socket Layers encrypt your data and generate certificates to enable communication over HTTPS.

6. In this video, you learned about best practices when it comes to REST APIs. Which one of the following is a good practice you should follow? 

  • You should maintain several versions of your API
  • You should implement caching for your APIs  (CORRECT)

That’s correct. Caching help your API perform better and helps to reduce the load on the server.

7. What authentication mechanism gives third parties limited access to a specific resource for a brief period of time?

  • Secure Socket Layer (SSL) (CORRECT)
  • Signed URLs
  • HTTP encryption of end-points
  • Firewall applications

That’s correct. Signed URLs give someone limited access to a specific resource for a brief period of time.

8. In this video you learned about the importance of access control when it comes to APIs. Indicate which of the following statements are true. Check all that apply.

  • You should make your privileges as specific as possible. (CORRECT)
  • A role is a collection of privileges and a privilege is whether you are allowed to do a specific task. (CORRECT)
  • Authentication and authorization are the same.

That’s correct. You want a role to be made up of detailed and specific privileges that suit the role so that only the right people have access to sensitive information.

That’s correct. One role can consist of only one privilege or several ones. Whereas a privilege determines whether you are authorized to perform a specific task.


1. What are the benefits of using pipenv? Choose all that apply.

  • It creates a virtual environment for your project (CORRECT)
  • It manages the dependencies (CORRECT)
  • It makes your project more secure
  • It makes your project run faster

That’s correct. Pipenv automatically creates a virtual environment and installs all the dependencies inside it. 

That’s correct. Using pipenv you can manage the dependencies for your project. 

2. What is the default port number used by Django webserver?

  • 8000 (CORRECT)
  • 443
  • 8001

That’s correct. 8000 is the default port number used by the Django webserver when you apply this command python runserver inside a Django project directory. 

3. What does the following command do? 

  • python startapp
  • It creates a Django project
  • It creates a new Django app (CORRECT)
  • It installs Django 

That’s correct. You can use this command inside a Django project to create a new Django app following the application name. If your app name is LittleLemonAPI, then you will have to apply this command python startapp LittleLemonAPI

4. Authentication and authorization are the same thing. 

  • True
  • False (CORRECT)

That’s correct. Authentication and authorization are different things, and they play a very important role in securing your project. Authentication checks if the user can enter the system, and authorization checks if the authenticated user has the appropriate privilege to perform a task. 

5. Which of the following HTTP status codes are used to indicate client-side and server-side errors? Choose all that apply.

  • 201 – Created
  • 301- Moved Permanently
  • 403 – Forbidden (CORRECT)
  • 404 Not Found  (CORRECT)
  • 503 – Service Unavailable (CORRECT)

That’s correct. This code is used when client credential like the username and password, or the token is not valid. 

That’s correct. This code is used when someone requests a non-existing item.

That’s correct. This code is used when the server is down or cannot handle the request due to overloading. 

6. What are the valid Accept headers for requesting XML content? Choose all that apply.

  • application/xml (CORRECT)
  • application/xml-content
  • code/xml
  • text/xml (CORRECT)
  • application/x-xml

That’s correct. A client can send the Accept: application/xml header to request XML content from the server. 

That’s correct. This is a valid header for requesting XML content from the server.

7. What can lead to data corruption in an API project? Choose all that apply.

  • Lack of caching
  • Lack of authorization (CORRECT)
  • Lack of authentication (CORRECT)
  • Lack of throttling
  • Lack of data validation and sanitization (CORRECT)

That’s correct. The lack of a solid authorization layer can lead any user with a valid authentication token to access any API endpoints and they will be able to modify the data.

That’s correct. Without authentication anyone can get in and modify the data.

That’s correct. Incorrect or malformed data may be stored in the database without proper data validation. Lack of sanitization can create security threats which can also corrupt the data. 

8. Which of the following statements are valid for Insomnia? Choose all that apply.

  • It’s a REST API Client (CORRECT)
  • Insomnia can send different types of payloads (CORRECT)
  • Insomnia has a mobile client
  • Insomnia has a command line tool
  • Insomnia is cross-platform (CORRECT)

That’s correct. You can use Insomnia to make HTTP requests.

That’s correct. While making an API call, you can send different types of payloads like JSON, Form URL Encoded Data using Insomnia. 

That’s correct. You can download Insomnia for multiple operating systems like Windows, macOS and Linux. 

9. Which of the following API clients/tools has both web and desktop versions?

  • Insomnia   
  • Curl
  • Postman (CORRECT)

That’s correct. Postman comes with a desktop app and offers a web version that can be used in your browser to make API calls.

10. What is the purpose of renderer classes in DRF?

  • Quickly scaffold a CRUD API project 
  • Convert serialized data to display as HTML, XML and JSON  (CORRECT)
  • Convert model instance to native Python data types  

That’s correct. DRF comes with a few built-in renderer classes to convert serialized data and display it in various formats. You can also use third-party renderers in DRF.



Subscribe to our site

Get new content delivered directly to your inbox.

Liking our content? Then, don’t forget to ad us to your BOOKMARKS so you can find us easily!