REST API Interview Questions 2026, 35 Q&A on Design, Status Codes, and Security
What changed in 2026 drives
Mass-recruiter offer letters are flatter for 2026 batch - the 4-5 LPA ASE band has barely budged in three years while inflation eats real wages. Premium tracks (Digital, Pro, Elite, Specialist) are still where the differential lives, and they are entirely test-driven. If you are aiming higher than the default offer, the coding round is not optional pageantry - it is the entire interview.
What I'd actually study for this
- 01Two solid coding-round answers (1 medium-hard DSA each, with edge-case discussion) > five half-baked ones
- 02One real project you can defend end-to-end - file paths, design decisions, and what you would change
- 03One DBMS schema you actually built (not a textbook ER diagram), with at least 3 join-heavy queries written from memory
- 04Three behavioural STAR stories: failure recovered, conflict handled, ownership taken
Where most candidates trip up
The single biggest mistake is treating company-specific guides as primary prep and DSA as secondary. It is the opposite. Mass recruiters use the test as a filter, but premium tracks at every IT services company use coding to allocate offer band. Spend 70% of prep time on DSA + system fundamentals, 20% on company-specific patterns, 10% on HR rehearsal. Reverse that ratio and you collect the default offer.
Editorial commentary by Aditya Sharma · written for PapersAdda · not generated, not aggregated.
REST API design is a core backend interview track, and candidates report it shows up in nearly every API role. Interviewers probe HTTP semantics, idempotency, status codes, versioning, and security. This guide compiles 35 questions from candidate-reported rounds and public preparation resources, each with examples and the trade-off being tested.
The foundation: REST is an architectural style over HTTP. Using the right method, status code, and resource modeling signals you understand it, not just CRUD.
Related: GraphQL Interview Questions 2026 | Node.js Interview Questions 2026 | Express JS Interview Questions 2026 | AWS Lambda Interview Questions 2026
REST Fundamentals (Q1 to Q12)
Q1. What is REST?
Q2. What are the main HTTP methods and their semantics?
| Method | Purpose | Idempotent | Safe |
|---|---|---|---|
| GET | Read | Yes | Yes |
| POST | Create | No | No |
| PUT | Replace | Yes | No |
| PATCH | Partial update | No (typically) | No |
| DELETE | Remove | Yes | No |
Candidate-reported as a guaranteed opener.
Q3. What does idempotent mean and why does it matter?
Q4. What is the difference between PUT and PATCH?
Q5. What is the difference between POST and PUT for creation?
Q6. How should you design resource URLs?
Q7. What are the main HTTP status code categories?
| Range | Meaning |
|---|---|
| 2xx | Success |
| 3xx | Redirection |
| 4xx | Client error |
| 5xx | Server error |
Q8. Which specific status codes should an API use?
Q9. What is the difference between 401 and 403?
Q10. What does statelessness mean in REST?
Q11. What is HATEOAS?
Q12. What is content negotiation?
API Design and Reliability (Q13 to Q24)
Q13. How do you version a REST API?
Q14. How do you paginate a REST API?
Q15. How do you handle filtering, sorting, and searching?
Q16. How do you design error responses?
Q17. What is rate limiting and how do you communicate it?
Q18. How do you make a POST idempotent?
Q19. How do you cache REST responses?
Q20. What is an ETag and conditional request?
Q21. How do you handle long-running operations in REST?
Q22. How do you handle partial failures in a batch request?
Q23. What is CORS and why does it matter for APIs?
Q24. How do you document a REST API?
Security and Scenarios (Q25 to Q35)
Q25. How do you authenticate a REST API?
Q26. How do JWTs work and what are the pitfalls?
Q27. What is the difference between authentication and authorization?
Q28. How do you prevent common API security issues?
Q29. What is the difference between REST and GraphQL?
| REST | GraphQL | |
|---|---|---|
| Endpoints | Many resource URLs | One endpoint |
| Data fetching | Fixed per endpoint | Client specifies fields |
| Over/under-fetching | Common | Avoided |
| Caching | HTTP-native | Custom |
REST is simpler and HTTP-cacheable; GraphQL avoids over-fetching for complex clients. See the GraphQL guide for depth.
Q30. What is the difference between REST and RPC/gRPC?
Q31. How do you handle backward compatibility?
Q32. Scenario: a client retries a payment POST after a timeout and gets charged twice. Fix.
Q33. Scenario: an endpoint is slow because it returns huge payloads. Fix.
Q34. Scenario: an API is being abused by one client. How do you respond?
Q35. Scenario: design a clean REST API for an e-commerce orders resource. Walk through it.
REST API Mock Test, 2026 Edition
5 original questions calibrated to the 2026 backend batch by Aditya Sharma, from candidate-reported patterns.
Question 1
Which method is NOT idempotent?
a) GET b) PUT c) POST d) DELETE
Solution: POST creates a new resource each time. Answer: (c)
Question 2
401 vs 403:
a) same thing b) 401 not authenticated, 403 authenticated but forbidden c) both server errors d) both redirects
Solution: 401 is identity; 403 is permission. Answer: (b)
Question 3
To make a payment POST safe to retry, use:
a) GET instead b) an idempotency key c) a bigger timeout d) PATCH
Solution: The server dedups by the idempotency key. Answer: (b)
Question 4
For deep pagination at scale, prefer:
a) large OFFSET b) cursor/keyset pagination c) no pagination d) client-side filtering
Solution: Cursors avoid scanning skipped rows. Answer: (b)
Question 5
Returning 304 Not Modified relies on:
a) cookies b) ETag and If-None-Match c) JWT d) CORS
Solution: Conditional requests use ETags. Answer: (b)
FAQ, REST API Interview Questions
Q: How deep is status-code knowledge tested? Candidate-reported rounds expect you to pick the correct code for each scenario, especially 201, 204, 400, 401, 403, 409, 422, and 429.
Q: Do freshers get REST questions? Yes, methods, status codes, and basic design. Idempotency keys, caching, and security depth skew mid to senior.
Q: REST or GraphQL to learn first? REST first; it is the default and underlies most APIs. See the GraphQL guide for the alternative. Confirm the stack on the company careers page.
Q: What is the most-missed REST concept? Idempotency and the 401-vs-403 distinction, per candidate-reported feedback.
You May Also Like
Methodology applied to this articlelast verified 8 Jun 2026
- No fabricated salary numbers or success rates. If we quote a range, it's sourced.
- No noun-substituted templates. This article was not generated by swapping company names in a stock prompt.
- No paid placements, sponsored coaching links, or affiliate-shilled course pushes.
Explore this topic cluster
More resources in Interview Questions
Use the category hub to browse similar questions, exam patterns, salary guides, and preparation resources related to this topic.
Paid contributor programme
Sat this this year? Share your story, earn ₹500.
First-person experience reports help future candidates prep smarter. We pay verified contributors ₹500 via UPI per accepted story - with byline.
Submit your story →Ready to practice?
Take a free timed mock test
Put what you learned into practice. Our mock tests match the 2026 pattern with timer, navigator, reveal, and score breakdown. No signup.
Start Free Mock Test →Related Articles
Airbnb Interview Questions 2026: Top Tech, HR & Behavioural Q&As for Freshers
Clearing Airbnb's fresher loop in 2026 comes down to preparing for the exact mix of questions across technical, behavioural,...
Airtel Interview Questions 2026: Top Tech, HR & Behavioural Q&As for Freshers
Clearing Airtel's fresher loop in 2026 comes down to preparing for the exact mix of questions across technical, behavioural,...
AMD Interview Questions 2026: Top Tech, HR & Behavioural Q&As for Freshers
Clearing AMD's fresher loop in 2026 comes down to preparing for the exact mix of questions across technical, behavioural,...
Atlassian Interview Questions 2026: Top Tech, HR & Behavioural Q&As for Freshers
Clearing Atlassian's fresher loop in 2026 comes down to preparing for the exact mix of questions across technical,...
Barclays Interview Questions 2026
_Last verified by [Aditya Sharma](/author/aditya-sharma/) · cross-checked against PapersAdda Hiring Pulse and...
More from PapersAdda
Accenture Interview Process 2026: Rounds & Prep
Accenture Interview Questions 2026 (with Answers for Freshers)
Adobe Interview Process 2026: Rounds, OA & Aptitude
Amazon Interview Process 2026: Full Loop + Bar Raiser