API stands for the application programming interface. Developers use API to employ the power of software developed by others to solve problems. The software solves problems by producing outcomes through its functions. They have to know the specifications of the software functions defined in the API to do so. API is a technical thing; it’s irrelevant to end-users.
Application Programming Interface (API)
- Application software, or an application for short, is the software applied to solve users’ business problems. In contrast, the system software provides foundational functions for technical guys to solve system problems, such as developing software, administering systems, etc.
- Programming is the process of systematically developing and logically organizing computer instructions, or codes, using a specific syntax to solve a problem. Software is the result of programming, which is typically organized into modules or units that loosely depend on one another in a manageable way to complete a task. An interface defines the specification or contract for software units to collaborate. Software units can work locally on the same machine or remotely on separate machines. Functions provided by software units are also known as services.
- An interface is a specification of software function that provides services to other software units; it can be treated as a contract between the software function provider and its consumers. A software function (or function for short) is a block of codes that produces an outcome; it may or may not accept input parameters or generate output. The outcome refers to what a function actually completes, while the output is the operational response to the consumer. An interface typically specifies the name of a function, input parameters, and output without disclosing the codes of a function.
The most prominent feature of a RESTful API is the prescriptive mapping between the HTTP methods and data operations.
- Traditional APIs rely on the URL to submit requests, e.g., /customer/create?FirstName=Wentz&LastName=Wu. The syntax and semantics vary from API to API.
- RESTful APIs use standard HTTP methods to manipulate data. For example, GET for query, POST for insert, PUT for modification, DELETE for delete, etc.
Security Issues of RESTful API
“Sending XML messages through HTTP POST” implies sending HTTP requests to a back-end service with application programming interfaces (APIs) as an entry point to the system.
Broken Authentication is a common flaw in APIs. However, not every API requires authentication, e.g., the login API. XML External Entities (XEE) attacks apply both to authenticated and unauthenticated requests.
The following are tips to mitigate CSRF attack:
- The system should not accept requests for transactions through GET. Instead, transactions should be done through POST, PUT, or DELETE. A RESTful API uses HTTP verbs/methods in such a way: GET for a query, POST for insert, PUT for modifying, and DELETE for delete.
- The CSRF attack can be triggered through an HTTP form inside an iframe as well. So, the same-origin policy should be enforced. Modern web browsers enable the same-origin policy by default.
- CSRF attacks an be sent from attack utilities by attackers. The ultimate way to mitigate this risk is to implement authentication code stored in a hidden input in each HTTP form. Microsoft ASP.NET MVC supports this feature very well.
Administration Issues of APIs
Microservice features “scalable” but can lead to the high complexity of the management of microservices because of fine-grained interfaces. An API gateway or facade mitigates this issue.
Serverless reduces the burden of installing and maintaining servers as the hosting environment. AWS Lambda, an offering of Function As a Service (FaaS), is one of the most well-known cloud services as serverless computing.
The operating system (OS) provides service to applications through a predefined specification, contract, or the so-called API (Application Programming Interface). Let’s take cryptographic services as an example, the OS provides the key generation services to applications. It may generate random numbers based on RNG or PRNG. It depends on the hardware available, software configuration, and the context in which an application resides.
The Windows API, informally WinAPI, is Microsoft’s core set of application programming interfaces (APIs) available in the Microsoft Windows operating systems.
Developer support is available in the form of a software development kit, Microsoft Windows SDK, providing documentation and tools needed to build software based on the Windows API and associated Windows interfaces.
The Windows API (Win32) is focused mainly on the programming language C in that its exposed functions and data structures are described in that language in recent versions of its documentation.
When you create a new Android application project, it is the first step that you select an API level as the project build target. You may afterward change, for example, the API from Android 4.2 (level 17) to Google APIs 4.2 (level 17).
A class interface is an interface that defines the specifications of services provided by a class in object-oriented programming (OOP). In a broad sense, the class interface is an API. However, it’s uncommon to use “API” to refer to the class interface. It’s more specific for programmers to use the term, class interface, or just interface.
- Microsoft’s Old API Help File Reborn
- CISSP PRACTICE QUESTIONS – 20200917
- CISSP PRACTICE QUESTIONS – 20200415
- CISSP PRACTICE QUESTIONS – 20200921
- CISSP PRACTICE QUESTIONS – 20200626
- CISSP PRACTICE QUESTIONS – 20191219
- CISSP PRACTICE QUESTIONS – 20191107
- CISSP PRACTICE QUESTIONS – 20200818
- Change the API level of an Android Application Project under Source Control
- Microservices, Containerization, and Serverless
- Quickstart: Create an Azure Cognitive Search index in PowerShell using REST APIs