17 September, 2018
Following are some of the most frequently asked Web Service interview questions in the interview, here are the answers for them.
Explain Web Services?
A Web Service can be defined as an application component for communication or say exchanging information between two applications over the network. Web services basically work on client server model where web services are easily accessible to client applications over the network.
To enable communication between various applications, web services take the help of open standards like XML (for data tagging), SOAP (for message transferring) and WSDL (to denote service availability).
What is the difference between SOA and a web service?
SOA (Service-Oriented Architecture) is an architectural pattern that makes possible for services to interact with one another independently.
Web Services is a realization of SOA concept, that leverages XML, JSON, etc. and common Internet protocols such as HTTP(S), SMTP, etc. SOA is a system-level architectural style that tries to expose business. WOA is an interface-level architectural style that focuses on the means by which these service capabilities are exposed to consumers.
What is SOAP?
SOAP (Simple Object Access Protocol) is a transport protocol for sending and receiving requests and responses on XML format, which can be used on top of transport protocols such as HTTP, SMTP, UDP, etc.
What is the difference between a REST web service and a SOAP web service?
Below are the main differences between REST and SOAP web service
-REST supports different formats like text, JSON and XML; SOAP only supports XML; -REST works only over HTTP(S) on a transport layer; SOAP can be used different protocols on a transport layer; -REST works with resources, each unique URL is some representation of a resource; SOAP works with operations, which implement some business logic through different interfaces; -SOAP based reads can’t be cached, for SOAP need to provide caching; REST based reads can be cached; -SOAP supports SSL security and WS-security(Web Service-security); REST only supports SSL security; -SOAP supports ACID (Atomicity, Consistency, Isolation, Durability); REST supports transactions, but it is neither ACID compliant nor can provide two phase commit.
What is WSDL?
WSDL (Web Services Description Language) is an XML format for describing web services and how to access them.
WSDL is the language that UDDI uses.
HTTP stands for Hyper Text Transfer Protocol.
XML-RPC is a simple protocol that uses XML messages to perform RPCs.
There are three specific security issues with web services −
Web services manageability is defined as a set of capabilities for discovering the existence, availability, health, performance, usage, as well as the control and configuration of a web service within the web services architecture. As web services become pervasive and critical to business operations, the task of managing and implementing them is imperative to the success of business operations.
WSDL is an XML-based language for describing web services and how to access them.
This is any consumer of the web service. The requestor utilizes an existing web service by opening a network connection and sending an XML request.
Enlist few advantages of web services?
We have already discussed web services, its architecture, components. Now, let us see some its advantages
-Every application is now on the internet and it the web service which provides some sort of required functionality to the client applications. -Web services help in exposing the existing functionalities over the network to help other applications to use in their programs. -It has features like ‘Interoperability’ which determines the communication between various applications, sharing of data as well as services among themselves. -Web services use the standardized web service protocol stack for communication which consists of 4 layers namely, Service Transport, XML messaging, Service description and Service discovery. -It has the feature of the low cost of communication because of the usage of SOAP (Simple Object Access Protocol) over HTTP protocol. -Easy to deploy, integrate and is reusable. -Allows simple integration between different feature as a part of loose coupling feature.
BEEP stands for Blocks Extensible Exchange Protocol. BEEP is determined as building new protocols for the variety of applications such as instant messaging, network management, file transfer etc. It is termed as new Internet Engineering Task Force (IETF) which is layered directly over TCP. It has some built-in features like
Explain the advantages of RESTful web services?
Enlisted below are the advantages of RESTful web services
-They are considered as language and platform independent as these can be written in any programming language and can be executed on any platform. -REST is lightweight protocol and is considered as fast because of less consumption of bandwidth and resources. -It supports multiple technologies and different data formats like plain text, XML, JSON, etc. -It has loosely coupled implementation and can be tested easily over browsers.
Explain different HTTP methods supported by RESTful web services?
Enlisted below are some common HTTP methods along with their functions that are supported by RESTful web services
GET: Read-only access to the resource.
PUT: Creation of new resource.
DELETE: Removal of a resource.
POST: Update of an existing resource.
OPTIONS: Get supported operations on the resource.
HEAD: Returns HTTP header only, nobody.
For designing a secure RESTful web service, what are the best factors that should be followed?
As HTTP URL paths are used as a part of RESTful web service, so they need to be secured. Some of the best practices include the following
Perform validation of all inputs on the server from SQL injection attacks.
Perform user’s session based authentication whenever a request is made.
Never use sensitive data like username, session token password, etc through URL. These should be passed via POST method.
Methods like GET, POST, PUT, DELETE, etc should be executed with proper restrictions.
HTTP generic error message should be invoked wherever required.