Week 1: Introduction to REST APIs


Complete Coursera Answer & Study Guide


Get to know RESTful API development.

Learning Objectives

  • Explain different HTTP methods, status codes and responses.
  • Identify the key characteristics, benefits and uses of REST API, states and resources.
  • Create routes with the correct naming conventions.
  • Explain the principles of authentication in a REST API.
  • Differentiate between authentication and authorization.
  • Explain the API request lifecycle.


1. Which of the following configuration options in Insomnia were used in this Exercise? Choose all that apply.

  • Creating a GET request.  (CORRECT)
  • Creating a POST request with JSON Data.  (CORRECT)
  • Creating a POST request with Form Data.  (CORRECT)
  • Creating a Base Environment.

That’s correct! You learned how to create a GET request using Insomnia.

That’s correct! You learned how to send a JSON object as an output using Insomnia.

That’s correct! You learned how to create a POST request for sending form data using Insomnia.

2. Using the Filter response body option in Insomnia, which of the following filters can be used to obtain the month field [“july”] as the output when used over the JSON object below? Choose all that apply.

1	{
2	    "title": "Lord of the Rings",
3	    "author": "JRR Tolkien",
4	    "published" : {
5	        "year": 1954,
6	        "month": "july",
7	        "day" : 29
8	    }
9	}
  • $.json.month
  • $.json.published.”month”
  • $[json][published][month]   (CORRECT)
  • $.json.published.[month]  (CORRECT)

That’s correct! The filter used will be able to access the value of the month property and return the desired result.

3. Which of the following JSON objects will return a valid JSON output that is not null while making a POST request.

  • { “title”: “Lord of the Rings” } (CORRECT)
  • { title: “Lord of the Rings” }
  • { “title”: “Lord of the Rings”,}
  • { “title”: Lord of the Rings }

That’s correct! This is a correct format that will produce the JSON output.

4. From which sources can a mobile app retrieve data? Choose all that apply.

  • Network server or third-party libraries.  (CORRECT)
  • Locally-stored data.  (CORRECT)
  • Database (CORRECT)

Correct! Data can be fetched from an online source.

That’s right! Data can be retrieved from the user’s device storage.

That’s right! Mobile apps can read and write data to a database.

5. You’ve learned that an HTTP request has a body and a header. What information does the HTTP request header contain?  Select all that apply.

  • HTTP request headers can contain cookies, user-agents and referrers (CORRECT)
  • HTTP version type, for example 1.1 or 2.0
  • Extra information that helps the server make decisions on how to present the content (CORRECT)
  • Form data passed to the web server.

That’s correct. These are all examples of information that helps servers decide how to process an HTTP request.

That’s correct. The HTTP request header is a core part of every HTTP request and contain vital information for the server.

6. An API is only RESTful if it complies with which constraints? Select all that apply.

  • Every API should support all HTTP methods
  • The API should use client-server architecture (CORRECT)
  • The API should deliver code on demand (CORRECT)
  • The API should be cacheable (CORRECT)
  • The API infrastructure should be layered (CORRECT)
  • The API should be stateless (CORRECT)

7. The naming convention of this API is correct: https://little.lemon/orders/{orderId}/customer-details

  • True (CORRECT)
  • False

That’s correct. In this case, the variable is the order ID so it should be in camelCase and wrapped in curly braces. It is also good that “customer” and “details” has a hyphen in between the words and not an underscore or space. Further, the hierarchical relationship between the objects is specified with forward slashes.

8. In this video you learned about tools for API development. Which of the following statements are true? Check all that apply.

  • Curl has a graphical version
  • Postman has a web version (CORRECT)
  • You can use Insomnia from mobile
  • Curl, Postman and Insomnia are cross-platform tools to test and debug your APIs (CORRECT)

That’s correct. Postman offers a web version that you can use without installing its desktop client.

That’s correct. While Curl only offers the command line version, it is available in all major operating systems. Similarly, Postman and Insomnia are also available for Windows, macOS and Linux.


1. Why is communicating over HTTPS more secure than HTTP?

  • Both client- and server-side are encrypted but decryption is not performed.
  • There is client-side encryption and server-side decryption
  • There is only server-side encryption and client-side encryption
  • Encryption and decryption are performed both on the client- and server-side.   (CORRECT)

Correct! HTTPS is secure which means that there is encryption for data exchanged both at client- and server-side which can also be decrypted.

2. Which of the following HTTPS methods is used to partially update data?

  • POST
  • PUT
  • GET

Correct! PATCH is used to partially updating a resource.

3. Which of the following HTTP status codes inside the response header indicate server-side errors?

  • 500-599 (CORRECT)
  • 300-399
  • 400-499
  • 100-199

Correct! The status codes mentioned are used to indicate server-side errors to the client inside the response headers.

4. RESTful APIs are considered to be stateless. What this means is the state is saved ________.

  • On neither the client- nor server-side
  • Both on client and server
  • Only with the client (CORRECT)
  • Only on the server

Correct! The server does not contain any state of the API client making the request and cannot identify who is making the request.

5. Which of the following can be a layer in the RESTful API communication system that data encounters while being passed between the client and server? Select all that apply.

  • Load balancer (CORRECT)
  • Headers
  • Firewall (CORRECT)

Correct! Load balancers help in the efficient distribution of network traffic before the requests from client reach the server.

Correct! Firewalls are security systems over the network that help control and monitor the network traffic between the client and server based on security rules.


1. The abuse of API calls made by an end-user can be managed and restricted by means of:

  • Versioning
  • Rate-limiting (CORRECT)
  • Monitoring
  • Caching

Correct! Rate-limiting limits the number end-user can call your API in a period of time such as per minute, hour or day.

2. While monitoring API endpoints for indicators such as latency and response time, which of the following HTTP status codes can be used to identify potential problems early on? Select all that apply.

  • 100-199
  • 200-299
  • 400-499 (CORRECT)
  • 500-599 (CORRECT)

Correct! Status codes 400-499 imply client-side errors that can give an early indication of delays caused by potential problems.

Correct! Status codes 500-599 imply server-side errors that can provide an early indication of delays caused by potential problems.

3. SSL certificates ensure that the API calls coming to a specific vendor website such as Little Lemon are coming from their own website and mobile app.

  • True
  • False (CORRECT)

Correct! SSL certificates are used to encrypt data and help serve data over HTTPS instead of HTTP. Signed URLs ensure that the API calls coming to a specific vendor website such as Little Lemon are coming from their own website and mobile app.

4. Which of the following HTTP status codes suggest authentication and authorization errors while communicating data over HTTP? Select all that apply.

  • 402 (CORRECT)
  • 404
  • 401 (CORRECT)

Correct! The 402 – Forbidden error is raised when the credentials are valid, but the client does not have the privilege to perform the action.

Correct! The 401 – Unauthorized error is raised when the username and password credentials do not match the records available within the server.

5. The SSL in SSL certificates, commonly known for being used in secure communications stands for:

  • Secure Socket Layer (CORRECT)
  • Security Socket Layer
  • Secure Secret Layer
  • Socket Secure Layer

Correct! Secure Socket Layers encrypt your data and generate certificates to enable communication over HTTPS.

6. In this video, you learned about best practices when it comes to REST APIs. Which one of the following is a good practice you should follow?

  • You should implement caching for your APIs (CORRECT)
  • You should maintain several versions of your API

That’s correct. Caching help your API perform better and helps to reduce the load on the server.

7. What authentication mechanism gives third parties limited access to a specific resource for a brief period of time?

  • Secure Socket Layer (SSL)
  • Signed URLs (CORRECT)
  • HTTP encryption of end-points
  • Firewall applications

That’s correct. Signed URLs give someone limited access to a specific resource for a brief period of time.

8. In this video you learned about the importance of access control when it comes to APIs. Indicate which of the following statements are true. Check all that apply.

  • A role is a collection of privileges and a privilege is whether you are allowed to do a specific task.   (CORRECT)
  • You should make your privileges as specific as possible.   (CORRECT)
  • Authentication and authorization are the same.

That’s correct. One role can consist of only one privilege or several ones. Whereas a privilege determines whether you are authorized to perform a specific task.

That’s correct. You want a role to be made up of detailed and specific privileges that suit the role so that only the right people have access to sensitive information.

Liking our content? Then, don’t forget to ad us to your bookmarks so you can find us easily!


1. True or false: Special characters like “I”  or “^” are recommended when defining your endpoints to improve security.

  • True
  • False (CORRECT)

That’s correct. Special characters can be confusing and technically complex for your users to type.

2. True or false: When designing your API, you should always perform data filtering using a query string, for example, the next endpoint: /users/{userId}/locations?country=USA

  • True (CORRECT)
  • False

That’s correct. This is the same when you expect some extra parameters, like the number of items per page and page number.

3. Which of the following statements describe differences between HTTP PUT and PATCH methods? Select all that apply.

  • A PUT call replaces the complete resource, while the PATCH call only updates some parts.   (CORRECT)
  • A PATCH request deals with a single record.   (CORRECT)
  • A PUT request can deal with multiple resources.

That’s correct. With PUT, you have to send the whole data again along with the request since the resource will be replaced. Whereas with PATCH, only the part that needs to be updated is required.

That’s correct. PATCH requests only support interacting with single records, but not multiple records.

4. True or False: Authentication and authorization are the same thing.

  • True
  • False (CORRECT)

That’s correct. Authentication and authorization are different things. However, both play a very important role in securing your project. Authentication checks if the user can enter the system, while authorization checks if the authenticated user has the appropriate privilege to perform a task.

5. Which of the following HTTP status codes are used to indicate client-side and server-side errors? Select all that apply.

  • 404 – Not found (CORRECT)
  • 503 – Service unavailable (CORRECT)
  • 301- Moved permanently
  • 201 – Created
  • 403 – Forbidden (CORRECT)

That’s correct. This code is used when someone requests a non-existing item.

That’s correct. This code is used when the server is down or cannot handle the request due to overloading.

That’s correct. This code is used when client credential like the username and password, or the token is not valid.

6. Which of the following are valid Accept headers for requesting XML content? Select all that apply.

  • application/xml (CORRECT)
  • text/xml (CORRECT)
  • code/xml
  • application/x-xml
  • application/xml-content

That’s correct. A client can send the Accept: application/xml header to request XML content from the server.

That’s correct. This is a valid header for requesting XML content from the server.

7. Which of the following statements are valid for Insomnia? Select all that apply.

  • Insomnia is a REST API Client.   (CORRECT)
  • Insomnia has a command line tool.
  • Insomnia has a mobile client.
  • Insomnia can send different types of payloads.
  • Insomnia is cross-platform.   (CORRECT)

That’s correct. You can use Insomnia to make HTTP requests.

That’s correct. While making an API call, you can send different types of payloads like JSON, Form URL Encoded Data using Insomnia.

That’s correct. You can download Insomnia for multiple operating systems like Windows, macOS and Linux.

8. Which of the following API clients and tools have both web and desktop versions?

  • Postman (CORRECT)
  • Curl
  • Insomnia

That’s correct. Postman comes with a desktop app and offers a web version that can be used in your browser to make API calls.

9. True or False: When trying to return the requested resource from a server via a GET HTTP call, the server returns a 404 if the resource is not found.

  • True (CORRECT)
  • False

That’s correct, the status code 404 is used by servers to inform a client that a requested resource is not found

10. What’s the semantic meaning of the 403 status code?

  • Bad request
  • Unauthorized
  • Forbidden (CORRECT)

That’s correct, an HTTP 403 response code means that a client is forbidden from accessing a valid URL.