An Application Programming Interface or API is defined in Oxford English Dictionary as:
A set of programming tools that enables a program to communicate with another program or an operating system, and that helps software developers create their own applications

Now let's try and explain the essence of it using the hotel analogy of dev smith.

Let us consider a hotel which can be divided into two parts, one for the guest living quarters and the other for staff’s kitchen and laundry. Whenever the guest needs something the room service is called either for getting a piece of information or fulfilling a request for laundry and food. The room service boy/girl has neither but simply acts as a bridge between hotel services and guest lodging. Here the room service works like an API bringing data from servers to applications.

Most commonly APIs are classified in REST and SOAP.

SOAP – Simple Object Access Protocol is dependent on XML coded in the Web Service Definition Language as a method signature including both the header and body can be transferred on any protocol like HTTP, SMTP, TCP, or JMS.

Unlike SOAP, REST APIs are sent over http protocol only. The response is usually in json but others include XML, YAML or other cross platform readable format. There are two popular REST API data methods, namely GET and POST.

The hotel analogy also helps us understand that the requests or queries made by one room might be exclusive. For example The laundry for room A cannot be used for room B but just processed similarly. This can be compared to a POST Request as the laundry sent for processing by any guest from room A will always only be sent to room A for that guest. Here the rooms can be compared to the application where each guest in the room are users of that application.

A guest might be interested to know about the opening and closing hours of the hotel. Now this information can be served irrespective of the guest in question as it is not exclusive to that guest neither the information is confidential. This can be compared to GET Requests, as the data in no data is posted to fetch the information.

Security in Rest APIs can be implemented using JWT(JSON Web Token) token. The token is generated through an api call to send api authentication credentials. Then this authentication token is sent in the header as bearer token to the other apis in the collection.These tokens are bound to limited sessions and once time out occurs the auth api has to be recalled to get a new jwt token. Apart from basic authentication, OAuth is getting traction,
The OAuth 2.0 authorization framework enables a third-party
application to obtain limited access to an HTTP service, either on
behalf of a resource owner by orchestrating an approval interaction
between the resource owner and the HTTP service, or by allowing the
third-party application to obtain access on its own behalf.

Read more at: https://datatracker.ietf.org/doc/html/rfc6749

SOAP Security doesn't allow unauthorized access following Web Standard Security. According to datarecovery, “ws security is the set of principles/guidelines to regulate authentication and confidentiality procedures for SOAP Messaging. WSS-compliant measures include digital signatures, XML encryption, X.509 certifications, and passwords, among others. XML encryption makes data unreadable when unauthorized users gain access”.

APIs are an integral part of app server backend for information. The Complexity of space and time with security has to be ensured by API developers. Knowing what user information to send to server on a need to know basis, introducing concepts like federated learning is crucial in a cyber security world.

#whatisanapi #api #informationtechnology #it #developer #jwt #html #xml #server #cybersecurity #mobileapplication

Loading full article...