Application Programming Interface or API is a software interface that allows two applications to interact with each other without any user intervention. For example: if I want to render some data stored in a JSON from a backend server, an API can be used.
Most Popular API :
SOAP:
Simple Object Access Protocol or SOAP is a communication standard which was built in the '90s by Microsoft and has a heavy file structure with a database. It does not provide caching so reloading is slow when SOAP is used, but it has a very good security protocol. You can consider it as an envelope inside which the letter stays, similarly when data is encapsulated using SOAP.
REST:
Representational State Transfer or REST is an architectural style that defines a set of constraints to be used for creating web services. REST API is a way of accessing web services simply and flexibly without any processing. It allows caching, just faster reload but lacks the principle of good security. You can consider it as a postcard in which the message is visible, similarly when data is visible and not hidden.
What does API consist of?
An Endpoint :
An API Endpoint is the URL ending for a server or a service. In
Eg: https://v2.jokeapi.dev/joke/Any?contains=program
In this URL /Any?contains=program is the endpoint.
A Method:
An HTTP request of what should be done by API
Eg: GET, POST, DELETE, PUT, PATCH
A Header:
It is the set of data and metadata associated with the API
Eg:
A Body:
A body is the data your API sends to/for the client.
Eg:
A Param:
API parameters are the variable parts of a resource
Eg: contains=program&category=Programming
Status Code:
An HTTP status code is a message a website's server sends to the browser to indicate whether or not that request can be fulfilled.
Listed below are a few common status codes:
1xx
100: Continue
101: Switching Protocol
102: Processing (WebDAV)
103: Early Hints
2xx
200: OK
201: Created
202: Accepted
203: Non-Authoritative Information
204: No Content
205: Reset Content
206: Partial Content
207: Multi-Status (WebDAV)
208: Already Reported (WebDAV)
226: IM Used (HTTP Delta encoding)
3xx
300: Multiple Choice
301: Moved Permanently
302: Found
303: See Other
304: Not Modified
305: Use Proxy
306: unused
307: Temporary Redirect
308: Permanent Redirect
4xx
400: Bad Request
401: Unauthorized
402: Payment Required
403: Forbidden
404: Not Found
405: Method Not Allowed
406: Not Acceptable
407: Proxy Authentication Required
408: Request Timeout
409: Conflict
410: Gone
411: Length Required
412: Precondition Failed
413: Payload Too Large
414: URI Too Long
415: Unsupported Media Type
416: Range Not Satisfiable
417: Expectation Failed
How is an API made?
A basic API consists of three components:
Route:
API routes provide a solution to build your API with any framework (for example Next.JS, Django) Any file inside the folder pages/API is mapped to /API/* and will be treated as an API endpoint instead of a page.
Controller:
API Controller handles incoming HTTP requests and sends a response back to the caller. It consists of functions which define action and are needed to be performed.
Model:
API Model defines the data storage format and the data transaction format.
API Security
HTTPS
We can secure an HTTP by adding TLS certification. Without TLS, a third party could intercept and read sensitive information in transit, like API credentials and private data.
Password Hash
We can add a password by the means of hashing algorithm(bcrypt, SHA) to access API data. The method also keeps a check on the integrity of the password
API Key
An API key is a code used to identify and authenticate an application or user, used to control the utilization of the API’s interface and track how it is being used.
O Auth
OAuth is an open-standard authorization protocol or framework that describes how unrelated services can safely allow authenticated access to their assets without actually sharing any sensitive information.
Time Stamp
Along with other request parameters, you may add a request timestamp as an HTTP custom header in API requests. The server will compare the current timestamp to the request timestamp and only accepts the request if it is after a reasonable timeframe (30 seconds, perhaps).
To read about more on APIs, refer to these blogs: