JSON Interview Questions and Answers

Question: How can you send JSON data in an HTTP request?

Answer:

Sending JSON data in an HTTP request is common when interacting with web APIs or submitting data to a server. There are different methods depending on the HTTP request type (POST, PUT, etc.) and the environment (browser, Node.js, etc.). Below are the most common ways to send JSON data in an HTTP request, particularly using JavaScript.

1. Using fetch API (Modern JavaScript)

The fetch API is the most modern and preferred way to make HTTP requests in JavaScript. It allows you to send JSON data in a POST or PUT request.

Example of sending JSON data with POST method using fetch:

const url = "https://example.com/api";  // The URL to which the request is sent
const data = {
    name: "John",
    age: 30
};  // JavaScript object to be sent as JSON

fetch(url, {
    method: "POST",                          // HTTP method
    headers: {
        "Content-Type": "application/json",  // Indicating that the body contains JSON data
    },
    body: JSON.stringify(data),              // Converting the JavaScript object to a JSON string
})
.then(response => response.json())  // Parsing the JSON response from the server
.then(data => console.log(data))    // Handling the response data
.catch(error => console.error('Error:', error));

Key Points:

• method: "POST": Specifies the HTTP method (you can use PUT, PATCH, etc., depending on your needs).
• headers: { "Content-Type": "application/json" }: Indicates that the request body contains JSON data.
• body: JSON.stringify(data): Converts the JavaScript object (data) into a JSON string before sending it.

2. Using XMLHttpRequest (Legacy Approach)

Though XMLHttpRequest is an older way of making HTTP requests, it is still widely used for backward compatibility in many applications.

Example of sending JSON data with XMLHttpRequest:

const url = "https://example.com/api";  // The URL to which the request is sent
const data = {
    name: "John",
    age: 30
};  // JavaScript object to be sent as JSON

const xhr = new XMLHttpRequest();
xhr.open("POST", url, true);  // Open a POST request
xhr.setRequestHeader("Content-Type", "application/json");  // Set the request header for JSON content

xhr.onreadystatechange = function () {
    if (xhr.readyState === XMLHttpRequest.DONE) {
        if (xhr.status === 200) {
            console.log("Response:", xhr.responseText);  // Handle the response from the server
        } else {
            console.error("Error:", xhr.statusText);     // Handle errors
        }
    }
};

xhr.send(JSON.stringify(data));  // Send the JSON data as a string

Key Points:

• xhr.setRequestHeader("Content-Type", "application/json"): Specifies that the request body contains JSON data.
• xhr.send(JSON.stringify(data)): Converts the JavaScript object (data) into a JSON string and sends it in the request body.

3. Using axios Library (Popular in Node.js and Web)

axios is a promise-based HTTP client that is very popular for making HTTP requests in both the browser and Node.js environments. It automatically sets the Content-Type header when sending JSON data.

Example of sending JSON data with axios:

const axios = require('axios');  // You need to install axios (npm install axios)

const url = "https://example.com/api";  // The URL to which the request is sent
const data = {
    name: "John",
    age: 30
};  // JavaScript object to be sent as JSON

axios.post(url, data)  // axios automatically serializes the JavaScript object to JSON
    .then(response => {
        console.log(response.data);  // Handle the response
    })
    .catch(error => {
        console.error("Error:", error);  // Handle errors
    });

Key Points:

• axios.post(url, data): The axios library automatically converts the JavaScript object into a JSON string and sets the Content-Type header to application/json.

---

4. Using jQuery.ajax() (Common in Older Applications)

If you’re using jQuery in your project, $.ajax() can be used to send JSON data in an HTTP request.

Example of sending JSON data with $.ajax():

$.ajax({
    url: "https://example.com/api",  // The URL to which the request is sent
    method: "POST",                  // HTTP method
    contentType: "application/json", // Indicating that the body contains JSON data
    data: JSON.stringify({
        name: "John",
        age: 30
    }),  // Convert the data to a JSON string
    success: function(response) {
        console.log(response);  // Handle the response
    },
    error: function(xhr, status, error) {
        console.error("Error:", error);  // Handle errors
    }
});

Key Points:

• contentType: "application/json": Specifies that the request contains JSON data.
• data: JSON.stringify(...): Converts the JavaScript object into a JSON string to send in the request body.

---

Summary of Sending JSON Data in an HTTP Request:

Method	Example Code Snippet	Automatically Sets Content-Type	Requires Manual JSON Stringification
fetch	fetch(url, { method: "POST", headers: { ... }, body: JSON.stringify(data) })	No	Yes
XMLHttpRequest	xhr.open("POST", url); xhr.setRequestHeader("Content-Type", "application/json"); xhr.send(JSON.stringify(data));	No	Yes
axios	axios.post(url, data)	Yes	No
jQuery.ajax()	$.ajax({ method: "POST", contentType: "application/json", data: JSON.stringify(data) });	No	Yes

---

Conclusion:

• For modern JavaScript: The fetch API is the most common and recommended way to send JSON data in HTTP requests.
• For older codebases or compatibility: You might still encounter XMLHttpRequest or jQuery.ajax().
• For convenience and additional features: Libraries like axios offer a clean and simple API for sending JSON data in requests.

Each method allows you to easily send JSON data to the server by setting the correct Content-Type and converting JavaScript objects into JSON strings using JSON.stringify().

Question: What are JSON Web Tokens (JWT)?

Answer:

JSON Web Tokens (JWT) are an open standard (RFC 7519) that defines a compact and self-contained way to securely transmit information between two parties as a JSON object. The information can be verified and trusted because it is digitally signed. JWTs are commonly used for authentication and authorization in web applications.

A JWT can be used for securely transmitting information between a client and a server, typically to authenticate users or to exchange information between services.

Structure of a JWT:

A JWT is composed of three parts, each separated by a dot (.):

1. Header
2. Payload
3. Signature

Each part is Base64URL encoded (a variant of Base64 encoding) and concatenated together to form the JWT.

Example of a JWT:

eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyX2lkIjoxMjM0NTY3ODkwLCJuYW1lIjoiSm9obiBEb2UifQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c

Each part corresponds to a specific section of the JWT:

---

1. Header

The header typically consists of two parts:

• alg: The signing algorithm used to secure the JWT, such as HS256 (HMAC using SHA-256) or RS256 (RSA using SHA-256).
• typ: The type of token, which is usually set to "JWT".

Example of Header (before encoding):

{
  "alg": "HS256",
  "typ": "JWT"
}

The header is Base64URL encoded to form the first part of the JWT.

---

2. Payload

The payload contains the claims. Claims are statements about an entity (typically, the user) and additional data. There are three types of claims:

• Registered claims: Predefined claims that are not mandatory but recommended. These include:

  • iss (Issuer): Identifies the principal that issued the token.
  • sub (Subject): Identifies the subject of the token (the user, for example).
  • aud (Audience): Identifies the recipients of the token (the server or service).
  • exp (Expiration time): Specifies the time after which the token expires.
  • nbf (Not Before): Specifies the time before which the token is not valid.
  • iat (Issued At): Specifies the time when the token was issued.

• Public claims: Claims that can be defined by the user but should be unique to avoid conflicts.

• Private claims: Custom claims that are used to share information between the parties and are agreed upon by both sides.

Example of Payload (before encoding):

{
  "user_id": 12345,
  "name": "John Doe",
  "role": "admin"
}

The payload is Base64URL encoded to form the second part of the JWT.

---

3. Signature

The signature is used to verify that the token was not altered. It is generated by signing the encoded header and payload using a secret key (for symmetric algorithms like HS256) or a private key (for asymmetric algorithms like RS256).

The signature is created using the following formula:

HMACSHA256(
  base64UrlEncode(header) + "." + base64UrlEncode(payload),
  secretKey
)

If you are using an asymmetric algorithm (e.g., RS256), the signature will be created using the private key, and the recipient will verify it using the public key.

Example of the Signature (before encoding):

This is the result of the signature creation process, which ensures the integrity and authenticity of the JWT.

---

How JWT Works:

Here is the general flow for using a JWT in authentication:

1. User Login:

   • The user logs in by providing their credentials (e.g., username and password) to the server.
   • If the credentials are valid, the server generates a JWT containing claims such as the user’s ID and role.

2. Token Sent to Client:

   • The JWT is sent to the client (usually stored in local storage or cookies).
   • The client can then include this JWT in the Authorization header in subsequent HTTP requests.

3. Server Validation:

   • When the client sends a request with the JWT, the server checks the signature using the secret key (or public key if using asymmetric encryption).
   • If the token is valid and not expired, the server allows access to the requested resource.

4. Authorization:

   • The server can also use the information in the JWT’s payload (e.g., user role) to authorize access to certain resources.

---

Example Usage in Authentication:

1. Client Request with JWT: The client sends the JWT in the Authorization header when making a request:

   GET /profile HTTP/1.1
   Host: example.com
   Authorization: Bearer <JWT>

2. Server Verifies JWT: The server extracts the JWT from the Authorization header, verifies the signature, and checks if the token is valid and not expired.

3. Access Granted: If the JWT is valid, the server grants access to the protected resource. If invalid, the server responds with an authentication error (e.g., 401 Unauthorized).

---

Advantages of JWT:

• Compact: JWTs are relatively small in size, making them suitable for HTTP transmission (ideal for APIs).
• Self-contained: They contain all the necessary information about the user or the claim, meaning that there is no need for the server to store session data.
• Stateless: Since the token contains all the information needed for validation, the server does not need to store session states. This is useful for scaling applications.
• Cross-domain: JWTs can be used across different domains (useful for single sign-on (SSO) implementations).
• Secure: They are signed, meaning the recipient can verify the integrity and authenticity of the data.

---

Example of JWT Structure:

Given this JWT:

eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyX2lkIjoxMjM0NTY3ODkwLCJuYW1lIjoiSm9obiBEb2UifQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c

• Header: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9

  • "alg": "HS256"
  • "typ": "JWT"

• Payload: eyJ1c2VyX2lkIjoxMjM0NTY3ODkwLCJuYW1lIjoiSm9obiBEb2UifQ

  • "user_id": 1234567890
  • "name": "John Doe"

• Signature: SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c

  • A signed hash to ensure integrity.

---

Conclusion:

JWTs are a robust and flexible mechanism for securely transmitting information between parties. They are widely used for handling authentication and authorization in web applications, particularly in APIs, Single Sign-On (SSO) systems, and OAuth-based authentication flows.

Read More

If you can’t get enough from this article, Aihirely has plenty more related information, such as JSON interview questions, JSON interview experiences, and details about various JSON job positions. Click here to check it out.