The Best Fluffy Pancakes recipe you will fall in love with. Full of tips and tricks to help you make the best pancakes.

API(Application Programming Interface)

What is API

APPLICATION PROGRAMMING INTERFACE

  1. API stands for ‘Application programming interface’.
  2. An API is a set of programming codes that enables data transmission between two software products.
  3. API allows a programmer to write code to one software, that can then carry out certain desired actions , without a programmer having to write that software from scratch.
  4. server————–>API—————>Browser (working of API)
  5. APIs unlock a door to software (or web-based data), in a way that is controlled and safe for the program.
  6. Code can then be entered that sends requests to the receiving software, and data can be returned.

APIs (sometimes described as web services) work in the background whenever two applications interact, from sending instant messages to making purchases through online ticketing systems. This all happens behind the scenes, making user experiences effortless. Developers use APIs to enhance their products by accessing another company’s data, software, services , or code, thereby providing additional features while saving time and money.

Four main kinds of API

  1. GET: To retrieve data
  2. PUT: To update existing data
  3. DELETE: To delete existing data
  4. POST: To do everything else, including creating new data

Web APIs generally use HTTP to transmit these request messages, which provides a structure for communications between the server and client. While request messages are typically written as URLs, response message often take the form of “JavaScript Object Notation” (JSON) files. This is because JSON presents API data in a way that’s easy for us to read and use.

Example of an API

When you use an application on your mobile phone, the application connects to the internet and sends data to a server. The server then retrieves that data, interprets it, performs the necessary actions and sends it back to your phone. The application then interprets that data and presents you with the information you wanted in a readable way.

API
There isn’t just one type of API (Application Programming Interface) but actually, there are four main types of APIs

OPEN API: Public APIs(OPEN API), are publicly available to developers and other users with minimal restriction. They may require registration, use of an API key or OAuth, or maybe completely open. They focus on external users, to access data or services.

PARTNER API: Partner APIs are APIs exposed by/to the strategic business partners. They are not available publicly and need specific entitlement to access them. Like open APIs, partner APIs are the tip of the iceberg because they are the most visible ones and are used to communicate beyond the boundaries of the company. They are usually exposed to a public API developer portal that developers can access in self-service mode. While open APIs are completely open, there is an onboarding process with a specific validation workflow to get access to partner APIs.

INTERNAL API:  private APIs(INTERNAL API), are hidden from external users and only exposed by internal systems. Internal APIs are not meant for consumption outside of the company but rather for use across different internal development teams for better productivity and reuse of services. A good governance process comprises exposing them to an internal API developer portal that connects to the internal IAM systems to authenticate and allow users to access the right set of APIs.

COMPOSITE API: Composite APIs combine multiple data or service APIs. They are built using the API orchestration capabilities  of an API creation tool. They allow developers to access several endpoints in one call. Composite APIs are useful, for example, in a microservices architecture pattern where you need information from several services to perform a single task.

Types of API protocols

To leverage these different types of APIs, we must follow certain protocols. A protocol provides defined rules for API calls. It specifies the accepted data types and commands. Let’s look at the major types of protocols for APIs.

  1. REST (Representational State Transfer):

REST (short for Representational State Transfer) is a web services API. REST APIs are a key part of modern web applications, including Netflix, Uber, Amazon, and many others. For an API to be RESTful, it must adhere to the following rules:

  • Stateless—A REST API is stateless in nature, Client-Server Architecture
  • Uniform Interface—A client and server should communicate with one another via HTTP (HyperText Transfer Protocol) using URIs (Unique Resource Identifiers), CRUD (Create, Read, Update, Delete), and JSON (JavaScript Object Notation) conventions.
  • Client-Server—The client and server should be independent of each other. The changes you make on the server shouldn’t affect the client and vice versa.
  • Cache—The client should cache the responses as this improves the user experience by making them faster and more efficient.
  • Layered—The API should support a layered architecture, with each layer contributing to a clear hierarchy. Each layer should be loosely coupled and allow for encapsulation.

2. SOAP (simple object access protocol):

SOAP (simple object access protocol) is a well-established protocol similar to REST in that it’s a type of Web API.

SOAP has been leveraged since the late 1990s. SOAP was the first to standardize the way applications should use network connections to manage services.

But SOAP came with strict rules, rigid standards were too heavy, and, in some situations, very resource-intensive. Except for existing on-premise scenarios, most developers now prefer developing in REST over SOAP.

3. RPC (remote procedural call protocol):

An RPC is a remote procedural call protocol. They are the oldest and simplest types of APIs. The goal of an RPC was for the client to execute code on a server. XML-RPC used XML to encode its calls, while JSON-RPC used JSON for the encoding.

Both are simple protocols. Though similar to REST, there are a few key differences. RPC APIs are very tightly coupled, so this makes it difficult to maintain or update them.

To make any changes, a new developer would have to go through various RPCs documentation to understand how one change could affect the other.

APIs play a key role in the development of any application. And REST has become the preferred standard for building applications that communicate over the network.

REST fully leverages all the standards that power the World Wide Web and is simpler than traditional SOAP-based web services. Unlike RPC, it allows for a loosely coupled layered architecture to maintain easily or update them.

https://thecyberdelta.com/ctf-capture-the-flag/

https://thecyberdelta.com/social-engineering/

https://thecyberdelta.com/csrf-is-an-attack-that-impersonates-trusted-user/