What is an API?
API stands for Application Program Interface. We have API’s everywhere on our computers, smartphones, etc. It’s like a contract provided by one piece of software to another and usually consists of a structured request and structured response.
To make it easy for you let’s learn it with the help of an example.
Example of API
Think of yourself sitting at a table in a restaurant. Consider this as one piece of software such as a web application on the client-side. Now the kitchen is a server that processes some type of request or in this case preparing the food. What’s missing here is the link to communicate and take your order back to the kitchen. Here is when a waiter or API comes in, which takes your order or request and tells the server or in this case kitchen what to do and then delivers back the response or data back to you and in this case your food.
API is a messenger between a running software.
What is HTTP?
It is basically the foundation of the communication of the internet. Every time you load a webpage on your browser it’s making an HTTP request to a server. It is possible to use other protocols with REST but HTTP is by far the most used because to use real-world REST you need the delivery method that HTTP offers.
What is REST?
It stands for Representational State Transfer. RESTful and REST are essentially the same things. It’s an architectural style for networked applications and relies on a stateless client-server protocol known as HTTP. REST is used to handle objects on the server-side as resources that can be created, updated, and deleted.
Example of REST
An example of the server-side object can be a blog-post or database etc. We can create these posts with a POST request and delete it with a delete request and so on.
Why REST is Awesome?
API is a messenger and REST let us use HTTP request to format those messages.
Also Read: How to Setup Burp Suite the Easy way
Now that we know about Rest API, let’s look at specific methods and requests that can be made to the server through and HTTP.
GET: A get request is the most common request a client makes just by visiting a specific server URI. It retrieves data from a specified resource.
POST: Post is also one of the most common requests, every time you fill a web form. You are making a post request. It submits data for processing to a specified resource
PUT: Put request will update any specified resource. Usually, you send a request to an endpoint which is a URI with some kind of id, and for that specific resource whether it’s a blog post or a record inside a database, etc. This request tells the server which data to update.
DELETE: Delete request allows us to delete specified resources from the server. To tell the server which data to delete, you have to send id with that request as well.
Now, these are some of the requests which are not in common use.
HEAD: Head request is the same as getting request except that it doesn’t return a body in the response. It will return the head info.
OPTIONS: Options requests allows us to check the supported method of the servers.
PATCH: This request updates partial resources.
Endpoints are the URL or URI where we send are HTTTP requests.
Let’s look at an example using a sample API.
Here is an endpoint for a GET request. It contains an API folder and then inside API, there is a user folder. This URL will return you a response with a list of users.
The data of a specific user can also be retrieved using the GET request. we need a user id to make this request. The response URL will look something like this. In this URL ‘1’ is a user-id
Another example is when want to see the user’s details too, so the response request looks something like this.
We can also make a POST request. Here is an example where we are making a Post request to the server and this request will add a user.
Notice that the above Get request and this Post request have the same endpoints but since these are different methods the response will be different too.
The request to update the user’s data will look something like this.
Here we are using the PUT method to update a user’s data so the response consists of an update and then the user’s id.
The same is with a Delete method request and the response URL looks like this.
Now the endpoints we used above, where we do not provide any kind of authentication of who we are. It’s called public or open API.
Some APIs require you to authenticate yourself. This means that you need to register your app with the provider’s website or sometimes you have to purchase the data access.
There are few ways to implement an authentication which includes OAuth that consists of an access token that we use to send along with our requests. If we don’t send an access token. The server will respond with some kind of unauthorized error.
Here are some example from the Github API documentation
Request a user’s GitHub identity
When your GitHub App specifies a
login parameter, it prompts users with a specific account they can use for signing in and authorizing your app.
Use the access token to access the API
The access token allows you to make requests to the API on a behalf of a user.
Authorization: token OAUTH-TOKEN GET https://api.github.com/user
For example, in curl you can set the Authorization header like this:
curl -H "Authorization: token OAUTH-TOKEN" https://api.github.com/user
These were some basics of RESTful APIs. I hope you find this article helpful. If you have any questions use the comment section and feel free to leave some suggestions too.