Graduate Program KB

Lightning Talk 2 - Web APIs

-David Wong

Slides

Recording


Content

  1. What is a Web API
  2. Types of Web API
  3. HTTP Messaging Flow
  4. Demonstration
  5. Example Public APIs
  6. API Use Cases
  7. API Security

What is a Web API

  • API stands for Application Programming Interface
  • Communications between 2 or more different systems or applications.
  • Publicly accessible server on the internet that offer different types of functionality
    • Retrieving or modifying data
    • Interacting with Software as a Service products like github or google
  • Analogy of restaurant
    • Waiter is the api, kitchen is the server and customer is the client

Types of Web API

  • REST(RESTFUL): Representational State Transfer. It is a commonly used architectural style for building APIs. Similar to HTTP methods or status codes, developers don't have to follow the style strictly.

  • SOAP: Simple object access protocol is a protocol for building apis. They use XML to format data and have a defined messaging structure. So you will need to follow it exactly to make it work, unlike REST

  • GraphQL: is query language for APIS, so you can use it to get precise and exact data more efficiently than the other APIs mentioned

HTTP Messaging Flow

  • HTTP Model
    • Client
    • Proxy
    • Server
  • HTTP Methods
    • GET, POST, PUT, DELETE
    • Open minded can be implemented depending on the developers
  • HTTP Headers
    • Contains extra information about a request or response
  • HTTP Status Codes open minded
    • 100: Informational
    • 200: Success
    • 300: Redirection
    • 400: Client Error
    • 500: Server Error
  • HTTP Request
    • Request Line
    • Headers
    • Request Body
  • HTTP Response
    • Response Body
    • Headers
    • Status Code

Demonstration

  • Browser and Postman as the client
  • Node web server
  • Follows client to server model
  • Content-type used to specify the type of content so client will know how to present the resource.

Example Public APIs

  • Github API
  • Jira API
  • Google API

API Use Cases

  • Saves time for developers by letting an API deal with complex functionality
  • You can also access data that could be used for you application such as weather data or you can use APIs to interact with services like github or etc.

API Security

  • Authentication
    • Access Tokens
    • Credentials
    • API Keys
  • Also using encryption like HTTPs to prevent attackers from recording your credentials, without encryption the request would be in plain text.
  • Event with Optus in 2022, they had a publicly exposed API that had no security in place which allowed the attacker to call the API to gain access to confidential information