Shafin Kausar's Blog

Almanac Of Api

Almanac Of Api

Shafin Kausar's photo
Shafin Kausar
·

6 min read

Table of contents

What is API?

  1. API stands for "Application Programming Interface," and it is a set of rules and protocols that allows different software applications to communicate with each other.

  2. APIs allow developers to access the functionality of another application without having to know how that application is implemented.

  3. APIs are used to connect different systems and services, such as connecting a website to a database or connecting a mobile app to a cloud service.

  4. APIs can be used in various ways, such as to retrieve data, update data, or to perform actions such as making a purchase or sending a message.

  5. APIs are commonly used in web and mobile development, as well as in the Internet of Things (IoT) and microservices architecture

Type of APIs

  1. SOAP API

  2. REST API

What is REST API?

1. REST (Representational State Transfer) API is a type of web service

2. Uses HTTP requests (GET, PUT, POST, DELETE) to communicate with the server

3. Allows for retrieving or manipulating data through the website

4. It is a set of rules for building and interacting with web services

5. RESTful APIs are typically easier for developers to use because they don't need to worry about the specifics of the underlying transport protocol

6. They can be used by any program that can send an HTTP request and parse an HTTP response

7. It is a way for different systems, applications or services to communicate with each other.

API consists of the following :

ENDPOINT

  1. An endpoint in API is a specific URL that the API can access to retrieve or manipulate data.

  2. Endpoints represent the location of a resource or service in the API.

  3. Each endpoint is a unique URL that is used to access a specific resource or set of resources.

  4. They can also accept different methods like GET, POST, PUT, DELETE.

  5. A single API can have multiple endpoints.

METHOD

  1. A method in API refers to the action being performed on a specific endpoint.

  2. Commonly used methods include:

    • GET: Retrieve data from the endpoint

    • POST: Create a new resource at the endpoint

    • PUT: Update an existing resource at the endpoint

    • DELETE: Delete a resource at the endpoint

  3. The method is specified in the HTTP request sent to the endpoint

  4. The API's documentation specify which methods are supported by each endpoint.

HEADER

  1. A header in an API (Application Programming Interface) is a field that contains metadata about the request or response, such as authentication information or the format of the data being sent.

  2. Headers can be used to send additional information about the request, such as the client's preferred language or the type of data being sent.

  3. Headers are typically sent in the HTTP (Hypertext Transfer Protocol) message header and can be accessed by the server or client using the appropriate API.

  4. Common headers in APIs include : Authorization, Content-Type, Accept, Accept-Language, and User-Agent.

  5. Developers can also define their own custom headers to send additional information.

BODY

  1. "Body" is the data payload in API request

  2. Sends after headers in HTTP request

  3. Contains information for API endpoint to receive

  4. The format can vary depending on API's spec.

  5. JSON or XML formats are common.

PARAMETER

  1. A parameter in an API is a value that is passed to the API to specify a certain behaviour or action.

  2. Parameters are often used to filter, sort, or specify the format of data returned by the API.

  3. Parameters can be passed in the API request through the URL or in the body of the request.

  4. Examples of parameters include specifying a date range for data returned, specifying the number of results to be returned, or passing an ID for a specific resource.

  5. Different APIs may require different types of parameters and may have different naming conventions for them.

  6. Some APIs may also have required parameters which need to be passed to work properly.

STATUS CODE

  1. A status code is a numerical value returned by an API in response to a client's request.

  2. The code indicates the outcome of the request, such as whether it was successful or if an error occurred.

  3. Some common status codes include:

    • 200 OK - the request was successful

    • 201 Created - the request resulted in the creation of a new resource

    • 204 No Content - the request was successful, but there is no additional information to send back

    • 400 Bad Request - The request was malformed or invalid

    • 401 Unauthorized - the request requires authentication

    • 403 Forbidden - the client does not have permission to access the requested resource

    • 404 Not Found - the requested resource could not be found

    • 500 Internal Server Error - an error occurred on the server.

Types of API requests

  1. GET: retrieves information from a server.

  2. POST: sends new information to a server to be processed.

  3. PUT: updates existing information on a server.

  4. DELETE: deletes information from a server.

  5. PATCH: partially updates existing information on a server.

  6. HEAD: retrieves the headers of a GET request.

  7. OPTIONS: retrieves the supported HTTP methods of a server.

  8. CONNECT: establishes a tunnel to a server.

  9. TRACE: retrieves a diagnostic trace of a server's processing of a request.

  10. Any other HTTP method as per the requirement of the API.

How to safeguard APIs

You must secure REST API because the REST API is less safe than the SOAP one. There are several methods for doing that:

  1. HTTPS

  2. Password hash

  3. API key in URL- NEVER!

  4. OAuth

  5. Timestamp and parameter validation

API Security

  1. Authentication: Verifying the identity of the user or system trying to access the API

  2. Authorization: Restricting access to certain API endpoints or functionality based on the authenticated user's role or permissions

  3. Input validation: Ensuring that any data sent to the API is in the correct format and does not contain any malicious code or unexpected characters

  4. Encryption: Protecting data in transit and at rest using techniques such as HTTPS, SSL/TLS, or encryption algorithms

  5. Rate limiting: Restricting the number of requests that can be made to the API in a given time period to prevent denial of service (DoS) attacks or other types of abuse

  6. Logging and monitoring: Keeping track of API usage and activity so that any security incidents can be detected and responded to quickly

  7. Updating API and its dependencies to fix known vulnerabilities.

Thank you for reading, I appreciate your interest and please reach out if you have any questions or comments.

APIsshafinkausarAPI basics