Updated: Oct 5, 2020
Welcome to APIs driven world!
Introduction to APIs
REST API architectural constraints
API Authorization & Authentication
Request and Response Headers
What is special about RESTful APIs?
Before getting into things let’s understand what is an API?
API stands for Application Programming Interface. A foundational element of innovation in today’s app-driven world is the API.
From Banks, Retail, and Transportation to IoT, autonomous vehicles, and smart cities, APIs are a critical part of modern mobile and web applications.
The term REST stands for REpresentational State Transfer. It defines a set of rules in order to create APIs. In the world of REST, data is not tied to resources or methods, so REST can handle/return different data formats.
No worries. Let’s take an example of a customer and a hotel waiter (Pretty old example but it still works!) for a better understanding of the functionality of an API.
Let’s assume the hotel waiter as an API and the customer who orders food is the client. As soon as the customer enters the hotel a person will assist us to get a table so that we can order our favorite food (Here getting a table means we are logging into the app and getting a token to access the relevant APIs).
Requesting the resources
Once the waiter notes our order he will go to the kitchen and will convey the order to the respective person to get it prepared (so here the client sends a request through API and the request will be sent to the respective resource using Endpoints).
Receiving the requested resources
Once after your order got prepared (yummy!!) waiter will go to the kitchen and will get the order to your table. (API will get the response back to the client with the requested data as an Object)
I hope this example helps you understand how an API works. Let’s move forward.
REST API architectural constraints
Rest defines 6 architectural constraints which make any web service a true Restful API
Core components of REST APIs
Resource path (Endpoint)
Let’s have a look at how the APIs are working!!
Http Verbs (Methods):
As shown in the above picture, APIs use specific HTTP verbs based on a particular type of call made to the server. The most-commonly-used HTTP verbs are GET, POST, PUT, PATCH, and DELETE. These correspond to create, read, update, and delete (or CRUD) operations, respectively.
Below is the table summarizing the recommended return values of the primary HTTP methods
Response & Request Data Format:
API Authentication and Authorization
Before users make an API call to the server, Users should usually need to register in the respective application to get an access token in another way to authenticate the requests made by them. Mostly for read-only APIs, sometimes users don’t need keys and this authentication will happen in the form of API keys or with some other methods.
Difference between Authentication & Authorization:
As a part of authentication, the application will validate whether he is the correct user or not to access the relevant data.
Authorization involves verifying whether the user is allowed or not to do a particular action (For ex: Normal user is not allowed to access the admin functionalities)
Authentication & Authorization with APIs serves the following purposes:
Authenticate the calls so only registered users can access
Track who is making the requests
Track usage of the API
Block any request which exceeds the rate limits
Maintaining different permission levels to different users
Different types of authorization:
The following are the various types of authorization techniques mostly we can see for API authentication
API Request and Response Headers:
Headers are like instructors. As they instruct the browser(client) based upon the relevant action made by the client.
The REST headers and parameters contain information that can help track down issues.
Request and Response headers are playing a pivotal role in the API’s functionality, security, and performance issues
Headers carry Information for:
Request and Response body
Response Caching & Cookies