During an interview I was asked to classify the REST API paradigm between OSI Layers.
I thought it would have been between 5 and 7 layer; however, the interviewer said that it belongs only to the 5th layer because it is similar to RPC.
In my opinion, it can't be at 5 Session Layer only, because true REST API is stateless unlike session (HTTP session), so it could be placed as protocol on the 7th layer (application) because it is like HTTP (but why not in 6th as well?).
I searched online but I didn't find a clear answer (I know that some protocols are distributed ambiguously in OSI layers).
Maybe other people have a clearer opinion on this?
REST architecture is stateless in a sense that the server does not store the state of the client, but state of the objects are transferred back and forth. After all, REST stands for Representational State Transfer. So, I'd think REST belongs to Layer 5 - Session Layer, which is commonly described as the layer where continuous exchange of information in the form of multiple back-and-forth transmissions between two nodes.
It's hard to see how REST API could belong to the Layer 6 or Layer 7 of the OSI Model. The Presentation layer provides for negotiation of the form of representation or syntax of the data that will be transferred. Usually mechanisms like character encoding (UTF, ASCII), data encryption and decryption are part of presentation layer. Application layer provides application specific services like FTP, HTTP, Telnet that support end user processes.