Skip to main content

Quiz - Building APIs for AI Models

Quiz 25 Questions 30 min

Section A — REST API Concepts (8 questions)

Question 1

In the restaurant analogy for APIs, what does the waiter represent?

  • A) The client application
  • B) The API server
  • C) The ML model
  • D) The database
Show Answer

B) The API server

The waiter (API) takes orders (requests) from the customer (client), brings them to the kitchen (model), and serves the result (response) back. The waiter doesn't need to know how to cook — just like the API doesn't expose the model's internal logic.

Question 2

Which HTTP method should you use for a prediction endpoint that receives input features and returns a prediction?

  • A) GET
  • B) POST
  • C) PUT
  • D) DELETE
Show Answer

B) POST

POST is used because:

  1. Input features can be complex (nested objects, arrays) — too large for URL parameters
  2. The request includes a body (JSON payload)
  3. Predictions may have side effects (logging, billing)

GET is reserved for retrieving data without a request body.

Question 3

What is the difference between HTTP status codes 400 and 422?

  • A) 400 = server error, 422 = client error
  • B) 400 = malformed JSON syntax, 422 = valid JSON but data fails validation
  • C) 400 = authentication error, 422 = authorization error
  • D) They are interchangeable
Show Answer

B) 400 = malformed JSON syntax, 422 = valid JSON but data fails validation

  • 400 Bad Request: The JSON itself is broken (missing brackets, invalid syntax)
  • 422 Unprocessable Entity: The JSON is syntactically correct, but the data doesn't pass business rules (e.g., age = -5, missing required field)

FastAPI uses 422 by default for Pydantic validation errors.

Question 4

Which status code indicates that the API server is rate limiting the client?

  • A) 401 Unauthorized
  • B) 403 Forbidden
  • C) 429 Too Many Requests
  • D) 503 Service Unavailable
Show Answer

C) 429 Too Many Requests

429 tells the client they've exceeded the allowed number of requests in a time window. The response should include a Retry-After header indicating when the client can try again.

Question 5

What does the REST principle of statelessness mean?

  • A) The server stores all client data in memory
  • B) Each request must contain all information needed to process it
  • C) The API doesn't return any data
  • D) The client must authenticate on every request
Show Answer

B) Each request must contain all information needed to process it

Statelessness means the server doesn't remember previous requests. Every prediction request must include the full set of input features. This makes the API scalable (any server instance can handle any request) and reliable (no session state to lose).

Question 6

Which of the following is the correct endpoint naming convention for a REST API?

  • A) /api/v1/makePrediction
  • B) /api/v1/PREDICT
  • C) /api/v1/predictions
  • D) /api/v1/prediction_endpoint
Show Answer

C) /api/v1/predictions

REST conventions:

  • Use nouns, not verbs (predictions, not makePrediction)
  • Use plural nouns (predictions, not prediction)
  • Use lowercase with kebab-case for multi-word paths
  • Include version (/api/v1/)

Question 7

What is CORS and why is it needed?

  • A) A security protocol that encrypts API responses
  • B) A browser mechanism that controls which websites can call your API
  • C) A Python library for building REST APIs
  • D) A caching strategy for API responses
Show Answer

B) A browser mechanism that controls which websites can call your API

CORS (Cross-Origin Resource Sharing) is enforced by browsers. When a frontend at https://myapp.com calls an API at https://api.myml.com, the browser blocks it unless the API sends Access-Control-Allow-Origin headers. Note: curl and Postman don't enforce CORS — only browsers do.

Question 8

In the comparison of REST, GraphQL, and gRPC, which protocol is best suited for high-throughput internal microservices?

  • A) REST
  • B) GraphQL
  • C) gRPC
  • D) SOAP
Show Answer

C) gRPC

gRPC uses HTTP/2 and Protocol Buffers (binary serialization), which makes it significantly faster than JSON-based REST. It supports bidirectional streaming and is ideal for internal service-to-service communication where browser compatibility is not needed.

Section B — FastAPI (7 questions)

Question 9

What is the main advantage of FastAPI over Flask for building ML APIs?

  • A) It's older and more stable
  • B) It has more extensions available
  • C) It provides automatic data validation and API documentation
  • D) It only supports synchronous code
Show Answer

C) It provides automatic data validation and API documentation

FastAPI automatically:

  • Validates request data using Pydantic models
  • Generates Swagger UI documentation
  • Generates ReDoc documentation
  • Creates OpenAPI JSON schema

This eliminates manual validation code and ensures documentation is always in sync with the code.

Question 10

What is the role of Pydantic in a FastAPI application?

  • A) Serving HTTP requests
  • B) Running the ASGI server
  • C) Data validation and serialization using Python type hints
  • D) Managing database connections
Show Answer

C) Data validation and serialization using Python type hints

Pydantic models define the expected structure, types, and constraints of input and output data. FastAPI uses them to automatically validate requests and format responses.

class PredictionInput(BaseModel):
    age: int = Field(..., ge=18, le=120)
    income: float = Field(..., gt=0)

Question 11

Why should you load your ML model in the lifespan event rather than inside each request handler?

  • A) It's required by FastAPI
  • B) Loading the model per request adds massive latency and wastes memory
  • C) The model can only be loaded once per Python process
  • D) Pydantic requires it
Show Answer

B) Loading the model per request adds massive latency and wastes memory

Deserializing a model from disk (e.g., joblib.load()) can take hundreds of milliseconds. If done per request, every prediction is delayed. Loading once at startup means the model is in memory and ready for instant inference.

@asynccontextmanager
async def lifespan(app: FastAPI):
    ml_service.load_model("model.joblib")  # once at startup
    yield

Question 12

What happens if you define an async def endpoint in FastAPI but call a blocking function like model.predict() inside it?

  • A) FastAPI automatically handles it in a thread pool
  • B) The event loop is blocked, freezing all other concurrent requests
  • C) FastAPI raises a warning
  • D) The prediction runs faster due to async optimization
Show Answer

B) The event loop is blocked, freezing all other concurrent requests

When using async def, the function runs on the event loop. Blocking calls (CPU-bound operations like model.predict()) prevent the event loop from handling other requests. Use def (sync) for CPU-bound ML inference — FastAPI runs it in a thread pool automatically.

# Correct for ML inference
@app.post("/predict")
def predict(data: PredictionInput):  # sync = thread pool
    result = model.predict(...)

Question 13

Which of the following is the correct way to run a FastAPI application?

  • A) python app.py
  • B) flask run
  • C) uvicorn app.main:app --reload
  • D) gunicorn app:app
Show Answer

C) uvicorn app.main:app --reload

FastAPI requires an ASGI server. Uvicorn is the recommended choice:

  • app.main = Python module path (app/main.py)
  • app = the FastAPI instance variable name
  • --reload = auto-restart on code changes (development only)

Note: gunicorn is WSGI (for Flask). gunicorn with uvicorn workers can serve FastAPI in production.

Question 14

What does FastAPI's dependency injection system allow you to do?

  • A) Inject CSS styles into API responses
  • B) Share reusable logic (authentication, DB connections) across endpoints
  • C) Automatically install Python packages
  • D) Create database tables
Show Answer

B) Share reusable logic (authentication, DB connections) across endpoints

Dependencies are functions that run before your route handler. They can validate API keys, provide database sessions, check permissions, etc.

async def verify_api_key(x_api_key: str = Header(...)):
    if x_api_key not in valid_keys:
        raise HTTPException(status_code=401)

@app.post("/predict", dependencies=[Depends(verify_api_key)])
def predict(data: PredictionInput):
    ...

Question 15

In FastAPI, where can you access the auto-generated Swagger documentation?

  • A) /swagger
  • B) /docs
  • C) /api-docs
  • D) /documentation
Show Answer

B) /docs

FastAPI provides two documentation UIs out of the box:

  • Swagger UI: http://localhost:8000/docs
  • ReDoc: http://localhost:8000/redoc
  • Raw OpenAPI JSON: http://localhost:8000/openapi.json

Section C — Flask (5 questions)

Question 16

How do you access the JSON body of a POST request in Flask?

  • A) request.json()
  • B) request.get_json()
  • C) request.body
  • D) flask.parse_json()
Show Answer

B) request.get_json()

from flask import request

@app.route("/predict", methods=["POST"])
def predict():
    data = request.get_json()  # returns a dict or None
    if data is None:
        return jsonify({"error": "JSON required"}), 400

Use silent=True to return None instead of raising an exception on invalid JSON: request.get_json(silent=True).

Question 17

What are Flask Blueprints used for?

  • A) Drawing architectural diagrams
  • B) Organizing routes into modular, reusable components
  • C) Creating database schemas
  • D) Generating API documentation
Show Answer

B) Organizing routes into modular, reusable components

Blueprints let you group related routes in separate files, similar to FastAPI's APIRouter.

predictions_bp = Blueprint("predictions", __name__)

@predictions_bp.route("/predict", methods=["POST"])
def predict():
    ...

# Register in the app
app.register_blueprint(predictions_bp, url_prefix="/api/v1")

Question 18

What is the main disadvantage of Flask compared to FastAPI for ML APIs?

  • A) Flask cannot serve HTTP requests
  • B) Flask doesn't support JSON responses
  • C) Flask requires manual data validation and doesn't generate docs automatically
  • D) Flask cannot load scikit-learn models
Show Answer

C) Flask requires manual data validation and doesn't generate docs automatically

Flask is a micro-framework — it provides routing and request handling but leaves validation and documentation to extensions or manual code. This means more boilerplate code and a risk of documentation drifting from actual behavior.

Question 19

Which Flask extension adds Swagger/OpenAPI documentation?

  • A) Flask-SQLAlchemy
  • B) Flask-CORS
  • C) Flask-RESTX
  • D) Flask-Login
Show Answer

C) Flask-RESTX

Flask-RESTX (successor to Flask-RESTPlus) adds Swagger documentation to Flask applications. You define API models with api.model() and use class-based resources.

from flask_restx import Api, Resource, fields

api = Api(app, doc="/docs")
ns = api.namespace("predictions")

Question 20

What is the Flask application factory pattern?

  • A) A design pattern where the Flask app is created inside a function instead of the global scope
  • B) A way to automatically generate Flask applications
  • C) A testing framework for Flask
  • D) A deployment strategy for production
Show Answer

A) A design pattern where the Flask app is created inside a function instead of the global scope

def create_app(config=None):
    app = Flask(__name__)
    if config:
        app.config.update(config)
    # register blueprints, load model, etc.
    return app

Benefits:

  • Easier testing (create app with different configs)
  • Avoids circular imports
  • Multiple app instances possible

Section D — API Documentation & Best Practices (5 questions)

Question 21

What is the OpenAPI Specification?

  • A) A Python library for building APIs
  • B) A machine-readable standard for describing REST APIs
  • C) A testing framework for APIs
  • D) A deployment platform for APIs
Show Answer

B) A machine-readable standard for describing REST APIs

The OpenAPI Specification (formerly Swagger Specification) is a language-agnostic format (YAML/JSON) that describes:

  • Available endpoints and operations
  • Request/response schemas
  • Authentication methods
  • API metadata

Tools like Swagger UI render this spec as interactive documentation.

Question 22

Why is the FastAPI approach to documentation (auto-generation from code) considered superior?

  • A) It produces prettier documentation
  • B) The documentation is a single source of truth — code, validation, and docs are always in sync
  • C) It supports more languages
  • D) It doesn't require a web server
Show Answer

B) The documentation is a single source of truth — code, validation, and docs are always in sync

In FastAPI, Pydantic models serve three purposes simultaneously:

  1. Validation: Reject invalid requests
  2. Serialization: Format responses
  3. Documentation: Generate Swagger schemas

When you change the model, all three update automatically. With manual documentation, changes are often forgotten.

Question 23

What is the recommended API versioning strategy?

  • A) Query parameter (?version=1)
  • B) Custom header (X-API-Version: 1)
  • C) URL path (/api/v1/predict)
  • D) No versioning needed
Show Answer

C) URL path (/api/v1/predict)

URL path versioning is the most common and recommended strategy because:

  • It's visible and explicit
  • Easy to route at the load balancer level
  • Can run multiple versions simultaneously
  • Clear in documentation and logs
/api/v1/predict  → model v1
/api/v2/predict  → model v2 (new features)

Question 24

What can you generate from an OpenAPI specification using openapi-generator?

  • A) ML models in different frameworks
  • B) Client SDKs in multiple programming languages
  • C) Database schemas
  • D) Docker containers
Show Answer

B) Client SDKs in multiple programming languages

From a single OpenAPI spec, you can generate client libraries for:

  • Python, JavaScript, TypeScript, Java, Go, C#, Ruby, and many more

This means frontend and mobile developers get type-safe client code that matches your API exactly, without writing it manually.

Question 25

Which of the following is NOT a best practice for API documentation?

  • A) Include examples for every endpoint
  • B) Document all possible error responses
  • C) Write documentation separately from code in a Word document
  • D) Include field descriptions and constraints for all request parameters
Show Answer

C) Write documentation separately from code in a Word document

Separate documentation (Word, PDF, wiki) will become outdated as the code evolves. Best practices:

  • Generate docs from code (FastAPI approach)
  • Keep docs as close to the code as possible
  • Use OpenAPI spec as the single source of truth
  • Automate documentation updates in CI/CD

Bonus Questions

Question 26

A client receives a 503 Service Unavailable response from your ML API. What is the most likely cause?

  • A) The client sent invalid JSON
  • B) The ML model has not been loaded yet (server starting up)
  • C) The client's API key is expired
  • D) The endpoint URL is wrong
Show Answer

B) The ML model has not been loaded yet (server starting up)

503 means the server is temporarily unable to handle the request. In ML APIs, this typically occurs when:

  • The model is still loading at startup
  • The model file was not found (degraded mode)
  • The server is overloaded

The client should retry after a short delay.

Question 27

In the context of ML APIs, what does idempotency mean?

  • A) The API always returns the same prediction
  • B) Making the same request multiple times produces the same result and side effects
  • C) The API can handle multiple requests simultaneously
  • D) The API requires authentication
Show Answer

B) Making the same request multiple times produces the same result and side effects

GET, PUT, and DELETE are idempotent — repeating them doesn't change the outcome. POST is generally not idempotent. For ML APIs, a prediction for the same input should return the same result (assuming the model hasn't changed), but POST requests may have side effects like logging or billing.

Question 28

Which of the following is the correct way to handle CORS in a FastAPI application?

  • A) app.add_middleware(CORSMiddleware, allow_origins=["http://localhost:3000"])
  • B) app.cors(origins=["*"])
  • C) @app.cors("http://localhost:3000")
  • D) CORS is handled automatically by FastAPI
Show Answer

A) app.add_middleware(CORSMiddleware, allow_origins=["http://localhost:3000"])

from fastapi.middleware.cors import CORSMiddleware

app.add_middleware(
    CORSMiddleware,
    allow_origins=["http://localhost:3000"],
    allow_methods=["GET", "POST"],
    allow_headers=["*"],
)

Remember: never use allow_origins=["*"] in production.

Question 29

What is the purpose of a /health endpoint in an ML API?

  • A) To return the model's training accuracy
  • B) To allow monitoring systems to verify the service is running and the model is loaded
  • C) To retrain the model
  • D) To display the API documentation
Show Answer

B) To allow monitoring systems to verify the service is running and the model is loaded

A health endpoint is essential for:

  • Load balancers: Route traffic only to healthy instances
  • Container orchestrators (Kubernetes): Restart unhealthy pods
  • Monitoring: Alert when the service degrades
  • Deployment: Verify new deployments are working
{
  "status": "healthy",
  "model_loaded": true,
  "model_version": "v1.0"
}

Question 30

You're building an API that receives images for classification. Which FastAPI feature should you use to accept image uploads?

  • A) request.get_json()
  • B) Query parameters with base64 encoding
  • C) UploadFile with File(...)
  • D) Pydantic BaseModel with bytes field
Show Answer

C) UploadFile with File(...)

from fastapi import UploadFile, File

@app.post("/predict/image")
async def predict_image(file: UploadFile = File(...)):
    contents = await file.read()
    # process image...

UploadFile is optimized for file uploads:

  • Streams large files (doesn't load everything into memory)
  • Provides filename, content type metadata
  • Async-compatible

Score Guide

ScoreLevelRecommendation
25-30ExcellentYou're ready for the TPs and advanced topics
20-24GoodReview the sections where you made mistakes
15-19AdequateRe-read the concepts and FastAPI sections
< 15Needs workReview all module material before the TPs