Higher Nationals

Internal verification of assessment decisions – BTEC (RQF)

INTERNAL VERIFICATION – ASSESSMENT DECISIONS
Programme title Higher National Diploma in Computing

Assessor Internal Verifier

Unit(s) Unit 29 – Application Program Interfaces

Assignment title

Student’s name

List which assessment criteria Pass Merit Distinction

the Assessor has awarded.

INTERNAL VERIFIER CHECKLIST

Do the assessment criteria awarded match

those shown in the assignment brief? Y/N

Is the Pass/Merit/Distinction grade awarded

justified by the assessor’s comments on the Y/N
student work?
Has the work been assessed
Y/N
accurately?
Is the feedback to the student:
Give details:
• Constructive? Y/N
• Linked to relevant assessment criteria? Y/N
• Identifying opportunities for Y/N
improved performance?
• Agreeing actions? Y/N
Does the assessment decision need
Y/N
amending?

Assessor signature Date

Internal Verifier signature Date

Programme Leader signature (if required)
Date

Confirm action completed

Remedial action taken
Give details:

Assessor signature Date

Internal Verifier
Date
signature
Programme Leader
Date
signature (if required)
Higher Nationals - Summative Assignment Feedback Form
Student Name/ID

Unit Title Unit 29 – Application Program Interfaces

Assignment Number 1 Assessor

Date Received
Submission Date
1st submission
Date Received 2nd
Re-submission Date
submission
Assessor Feedback:
LO1 Examine what an API is, the need for APIs and types of APIs

Pass, Merit & Distinction P1 M1 D1

Descripts

LO2 Apply the knowledge of API research to design an application that incorporates relevant APIs for a
given scenario or a substantial student chosen application

Pass, Merit & Distinction P2 M2 D2

Descripts

LO3 Implement an application in a suitable development environment

Pass, Merit & Distinction P3 M3 D3
Descripts

LO4 Document the testing of the application, review and reflect on the APIs used
Pass, Merit & Distinction P4 M4 D4
Descripts

Grade: Assessor Signature: Date:

Resubmission Feedback:

Grade: Assessor Signature: Date:

Internal Verifier’s Comments:

Signature & Date:

* Please note that grade decisions are provisional. They are only confirmed once internal and external moderation has taken place and
grades decisions have been agreed at the assessment board.

Assignment Feedback
Formative Feedback: Assessor to Student

Action Plan

Summative feedback

Feedback: Student to Assessor

Assessor Date
signature
Student Date
signature
General Guidelines

1. A Cover page or title page – You should always attach a title page to your assignment. Use
previous page as your cover sheet and make sure all the details are accurately filled.
2. Attach this brief as the first section of your assignment.
3. All the assignments should be prepared using a word processing software.
4. All the assignments should be printed on A4 sized papers. Use single side printing.
5. Allow 1” for top, bottom, right margins and 1.25” for the left margin of each page.

Word Processing Rules

1. The font size should be 12 point, and should be in the style of Time New Roman.
2. Use 1.5 line spacing. Left justify all paragraphs.
3. Ensure that all the headings are consistent in terms of the font size and font style.
4. Use footer function in the word processor to insert Your Name, Subject, Assignment No, and
Page Number on each page. This is useful if individual sheets become detached for any reason.
5. Use word processing application spell check and grammar check function to help editing your
assignment.

Important Points:

1. Carefully check the hand in date and the instructions given in the assignment. Late submissions
will not be accepted.
2. Ensure that you give yourself enough time to complete the assignment by the due date.
3. Excuses of any nature will not be accepted for failure to hand in the work on time.
4. You must take responsibility for managing your own time effectively.
5. If you are unable to hand in your assignment on time and have valid reasons such as illness, you
may apply (in writing) for an extension.
6. Failure to achieve at least PASS criteria will result in a REFERRAL grade.
7. Non-submission of work without valid reasons will lead to an automatic RE FERRAL. You will
then be asked to complete an alternative assignment.
8. If you use other people’s work or ideas in your assignment, reference them properly using
HARVARD referencing system to avoid plagiarism. You have to provide both in-text citation and
a reference list.
9. If you are proven to be guilty of plagiarism or any academic misconduct, your grade could be
reduced to A REFERRAL or at worst you could be expelled from the course
Student Declaration

I hereby, declare that I know what plagiarism entails, namely to use another’s work and to present it as
my own without attributing the sources in the correct form. I further understand what it means to
copy another’s work.

1. I know that plagiarism is a punishable offence because it constitutes theft.

2. I understand the plagiarism and copying policy of Edexcel UK.
3. I know what the consequences will be if I plagiarise or copy another’s work in any of the
assignments for this program.
4. I declare therefore that all work presented by me for every aspect of my program, will be my own,
and where I have made use of another’s work, I will attribute the source in the correct way.
5. I acknowledge that the attachment of this document signed or not, constitutes a binding
agreement between myself and Edexcel UK.
6. I understand that my assignment will not be considered as submitted if this document is not
attached to the assignment.

Student’s Signature: Date:

(Provide E-mail ID) (Provide Submission Date)
Higher National Diploma in Business
Assignment Brief
Student Name /ID Number

Unit Number and Title Unit 29- Application Program Interfaces

Academic Year 2018/19

Unit Tutor

Assignment Title

Issue Date

Submission Date

IV Name & Date

Submission format

The submission should be in the form of an individual written report. This should be written in a
concise, formal business style using single spacing and font size 12. You are required to make use
of headings, paragraphs and subsections as appropriate, and all work must be supported with
research. You must provide in-text citations and the reference list using Harvard referencing
system.

The recommended word count is 4,000–4,500 words excluding annexures. Note that word
counts are indicative only and you would not be penalized for exceeding the word.
Minimum word count – 4,000
Maximum word count – 5,500
The act of acquiring product or services over the Internet is simply known as Online Shopping.
Online shopping has grown its popularity over the years, mainly because people find it convenient
and easy to shop from the comfort of their own home or office. This is one of the most enticing
factors about online shopping.
OZQ-cart is an online shopping system that facilitates business-to-consumer sales through its
website. OZQ-cart system helps to buy any type of item online by choosing the listed products
from the website. Following are the functional requirements of the system.

 Registration – Customers can view the store but only the members can buy items. To
become a member of the website, the customer needs to register for the membership.
 Login page - The Login page is peripheral of the secure area of the system and allows the
user to log onto the web application. The user can view the store and add their order to
the shopping cart.

 Shopping cart – Member can add their searched items to the cart.

 User Profile - The User Profile page is an area that allows the users to maintain their own
information. The user can browse and search the items and add to the shopping cart.

 Item Search and Select - Each customer must be able to view the status of the placed
order.

 Feedbacks – user can provide opinions/ feedback to the site.

Following are the non-functional requirements of the system.

 Performance
 Usability
 Reliability and availability
 Security

Develop a web based solution for the above scenario.

Activity 1 - Examine what an API is, the need for APIs and types of APIs.
1.1 Explain API (Application Program Interface) types and the benefits of APIs.
1.2 Evaluate the differences between API and SDK.
1.3 Explain potential security issues surrounding APIs.
1.4 Evaluate the range of APIs for a particular platform that covers a range of users.

Activity 2 - Apply the knowledge of API research to design an application that incorporates
relevant APIs for a given scenario or a substantial student chosen application
2.1 Research and Evaluate alternative API similar to the proposed system and enhance the
system design.
2.2 Design an application that will utilize an API for a given purpose.
2.3 Create a design for a chosen substantial application that will utilize a range of APIs. Justify
the choice.

Activity 3 - Implement an application in a suitable development environment

3.1 Provide the android and web-site wireframes for the proposed system design.
3.2 Develop an application that utilizes an API for the proposed system and provide all the
interfaces and the appropriate codes of it.

Activity 4 - Document the testing of the application, review and reflect on the APIs used
4.1 The developed system should test by using black box and white box testing methods.
4.2 Critically evaluate the results of your Test Plan and include a review of the overall
success of your multipage website
4.3 Critically evaluate the APIs used within your application. Provide a data security report of
your application.
 Observation Sheet

Activi Activity Learni Feedback

ty ng (Pass/ Redo)
No Outco
me
1 Examine what an API is, the need for APIs LO1
and types of APIs.

2 Apply the knowledge of API research to LO2

design an application that incorporates
relevant APIs for a given scenario or a
substantial student
Chosen application.
3 Implement an application in a suitable LO3
development environment.
4 Document the testing of the application, LO4
review and reflect on the APIs used.

Comments:

Assessor Name :…………………………………………….

Date :…………………………………………….

Assessor Signature: …………………………………………………………………………

Grading Rubric

Grading Criteria Achieved Feedback

LO1 Examine what an API is, the need for APIs and types
of APIs

P1 Examine the relationship between an API and a

software development kit (SDK).
M1 Asses a range of APIs for a particular platform that
covers a range of uses.
D1 Evaluate potential security issues surrounding APIs

LO2 Apply the knowledge of API research to design an

application that incorporates relevant APIs for a given
scenario or a substantial student chosen application
P2 Analyze an existing application that could be
extended with a suitable API.

M2 Design an application that will utilize an API for a

given purpose.

D2 Create a design for a chosen substantial application

that will utilize a range of APIs, justifying choices.

LO3 Implement an application in a suitable development

environment
P3 Build on an existing application framework to
implement an API.
M3 Develop an application that utilizes an API.

D3 Construct an application utilizing multiple APIs,

following the designs in LO2
LO4 Investigate scenarios with respect to design
PatternsLO4 Document the testing of the application,
review and reflect on the APIs used
P4 Design and complete a ‘white box’ test of the
application, recording the results.

M4 Conduct ‘black box’ tests of your application,

recording the results.
M5 Update the application accordingly with the results.

D4 Critically evaluate the APIs used within your

application. Provide a data security report of your
application.
Acknowledgement

All praise and blessing are due to the creator of mankind and all that exists, for His blessings,
and guidance at every stage of my life. For the successful completion of this assignment, I
needed the help and guidelines of some respected person, who deserves my greatest gratitude.
The completion of this assignment gives me much pleasure. I would like to show my gratitude to
our lecturer for giving me a good guideline throughout numerous consultations.

Thank you.
Table of Contents
List of Tables................................................................................................................................17
Activity 1...................................................................................................................................18
Examine what an API is, the need for APIs and types of APIs...........................................18
Explain Application Program Interface types and the benefits of APIs............................19
Evaluate the differences between API and SDK...................................................................23
Explain potential security issues surrounding APIs.............................................................24
Evaluate the range of APIs for a particular platform that covers a range of users..........26
Activity 2...................................................................................................................................29
Research and Evaluate alternative API similar to the proposed system and enhance the
system design............................................................................................................................29
Design an application that will utilize an API for a given purpose.....................................32
Create a design for a chosen substantial application that will utilize a range of APIs.....34
Activity 3...................................................................................................................................37
Provide the android and web-site wireframes for the proposed system design.................37
Develop an application that utilizes an API for the proposed system and provide all the
interfaces and the appropriate codes of it.............................................................................39
Activity 4...................................................................................................................................50
The developed system should test by using black box and white box testing methods.....50
Critically evaluate the results of your Test Plan and include a review of the overall
success of your multipage website..........................................................................................52
Critically evaluate the APIs used within your application. Provide a data security report
of your application...................................................................................................................56
Conclusion................................................................................................................................57
References.....................................................................................................................................58
List of Tables
Figure 1..........................................................................................................................................18
Figure 2..........................................................................................................................................30
Figure 3..........................................................................................................................................31
Figure 4..........................................................................................................................................32
Figure 5..........................................................................................................................................33
Figure 6..........................................................................................................................................36
Figure 7..........................................................................................................................................37
Figure 8..........................................................................................................................................38
Figure 9..........................................................................................................................................39
Figure 10........................................................................................................................................39
Figure 11........................................................................................................................................40
Figure 12........................................................................................................................................40
Figure 13........................................................................................................................................41
Figure 14........................................................................................................................................41
Figure 15........................................................................................................................................50
Figure 16........................................................................................................................................51
Figure 17........................................................................................................................................52
Figure 18........................................................................................................................................54
Activity 1
Examine what an API is, the need for APIs and types of APIs.
When you use an application on your mobile phone, the application connects to the Internet and
sends data to a server. The server then retrieves that data, interprets it, performs the necessary
actions and sends it back to your phone. The application then interprets that data and presents
you with the information you wanted in a readable way. This is what an API is - all of this
happens via API. When it comes to software, APIs are literally everywhere. APIs go hand in
hand with one of the most fundamental concepts in computer science: abstraction. Abstraction
is just a way of organizing the complexity of a system so that complicated actions can be
handled in a simple way.

How to use APIs

An API in and of itself is documentation that identifies the endpoints of a server where
information can be obtained. These endpoints depend entirely on the database, but examples
could include "first name" or "shipping zip" in a customer relationship management (CRM)
database. Using an API, the server supplies information to a user who requests data through a
client. The specific request also referred to as a call is completed using either hypertext transfer
protocol (HTTP) or programming languages like JSON or XML. The first method uses a web
browser and is suitable for requesting a limited number of responses, since the information is
returned in a format that's difficult to digest. The second method involves building a dedicated
program that translates and organizes large volumes of data into an easy-to-navigate interface.

Figure 1
 Explain Application Program Interface types and the benefits of APIs.

There are many types of APIs for operating systems, applications, or websites. Windows, for
example, has many API sets that are used by system hardware and applications. Most operating
systems provide open APIs so programmers can write applications that will be compatible with
the current environment. APIs can also be specified by websites. For example, Amazon and
eBay APIs allow developers to use the existing retail infrastructure to create specialized web
stores. Third-party software developers use web APIs to create software solutions for end users,
and developers use APIs to create applications for internal and commercial use.
There are thousands of APIs in use today, with new ones added for each new software launch
or update. Some APIs are available for public use, whereas others might be strictly internal or
limited in use between two or more partners. APIs can vary by architecture type (REST, SOAP,
RPC, etc.), but they are generally used in one of three layers to create API-led connectivity:

 System APIs access and maintain data. These types of APIs are responsible for managing all
of the configurations within a system and are intended for low-level operations. They provide
access to the information within a database without granting direct access to the database
itself. For example, a system API unlocks a company's billing database to retrieve an
individual customer's billing information. The API establishes a connection between the
caller and the database that is limited to only the specific information requested.
 Process APIs take the data accessed with system APIs and synthesize it to create a new way
to interact with it across systems. Multiple APIs are usually involved in creating a robust
process, so there are many moving pieces to consider when developing this API layer. To
continue the example from above, a process API would take the customer's billing
information obtained from the system API and combine it with inventory information and
shipping logistics from separate system APIs. This information together could then be used
to create a sales order.
 Experience APIs add meaning to system and process APIs. These types of APIs present the
information collected by system and process APIs in a relevant context to a specified
audience. The data is reconfigured and reformatted to display the key details that the
intended audience
 will find most important. Keeping with the same example, an experience API could take the
sales order created by the process APIs and generate an order status tracker so the customer
knows when they should expect to receive it.

API examples and integrations

Common uses for APIs range in complexity from copying and pasting text to tracking market
prices for block chain and cryptocurrency. Popular API sets include Google Maps, Twitter,
Amazon, Facebook, Mail chimp, and PayPal.

 Google Maps API

Google Maps APIs lets developers embed geo-location information on web pages using a
JavaScript interface. The Google Maps API is designed to work on mobile and desktop
browsers. This API is commonly found on web pages that include a physical address, but it is
also used in applications that rely on existing Google Maps data to accomplish another
function. For example, Open Table is a table management software that enables users to make
reservations at restaurants based on their geographic location. It is practical and efficient for the
Open Table developers to use the Google Maps API because it allows them to focus on
building other components of the application rather than developing a competitive mapping
tool.

 Twitter APIs
Twitter offers two APIs one for general Twitter content and another for Twitter advertising.
The former enables programmatic access to tweets, direct messages, Twitter users, and other
features. This is frequently used by website publishers that want to feature their Twitter feed
somewhere within their site as a way to direct their visitors to follow and engage with them on
Twitter. The latter connects developers to Twitter's Ads platform to build programs around
managing a campaign's creative content, target audience, and overall performance analytics.
The advertising API is linked directly to the backend of the developer's website so Twitter can
track click through rates and conversions, thus quantifying the ROI for a specific advertising
campaign.
  Amazon Product Advertising API
Amazon's Product Advertising API gives developers access to Amazon's product selection and
discovery functionality. This enables publishers to advertise Amazon products and monetize
their website. The Amazon Product Advertising API streamlines ecommerce avenues for
retailers who have an established Amazon storefront but still want to market their items from
their own website. It also offers a way for bloggers and other publishers to leverage their
affiliate marketing program so they can curate Amazon product listings and earn money when
their readers make a purchase after visiting the link(s).

 Facebook APIs
Facebook APIs are among the most common APIs in use today. Similar to Twitter, Facebook
offers an API for accessing Facebook content, groups, users, etc. (called the Graph API) and
another API for accessing Facebook advertising functions (called the Marketing APIs). The
Graph API is responsible for any "Login with Facebook" feature found on sites where it's
possible to create an account using existing Facebook credentials. They also make it possible
for visitors to a website to share an article or page directly to Facebook without needing to copy
and paste the link. The Marketing APIs, on the other hand, make it easier for a publisher to
tailor their advertisements to a specific audience demographic or optimize their ads in real time
to maximize their budget for a designated goal.

 Mailchimp API
Mailchimp is a popular email marketing tool that uses an API to read data from a website's
users or list of visitors who have signed up to receive emails. Depending on the website's
content management system (CMS), the implementation of the API could look a little different,
but the function is the same. When a visitor signs up to receive emails from the publisher, their
contact information is saved to a list in the CMS. The API then extracts the information from
that list and adds it to an "Audience" within the Mailchimp user interface. The visitor's data is
synchronized between Mailchimp and the CMS, so if they unsubscribe from Mailchimp, it is
reflected in the CMS
 PayPal API
Another frequently implemented API is that for PayPal, a payment processing platform that is
used in creating ecommerce stores. This API allows users to maintain their banking information
on one secure platform rather than repeatedly entering their credit card number across multiple
ecommerce sites. This reduces the number of sources that have access to the customer's
banking information and also simplifies the transaction process because the API handles the
exchange of information without any action needed from the customer besides logging in.

Some of the benefits of using API are:

 Ease of integration
An API is a component that allows different platforms, applications and systems to connect and
share information with each other and carry out diverse types of tasks. For instance, a certain
software can be used inside another or connected with other tools to streamline certain
processes.

 Better integration
APIs simplify and facilitate integration which allow different software to reorganize their
interrelationships according to your business’ specific needs. By doing that your company can
obtain better results whilst reducing development costs. Externally, you can integrate your
applications with third parties in order to optimize their functionality and to improve usability.

 Automating tasks
The integration of applications is the keystone for a large part of automation strategies for
which APIs become indispensable. Integrations automate manual tasks to generate a smooth,
effortless transition between linked applications. Thanks to automation and integration of
processes your business can save costs, time and efforts.
  Improved services
APIs simplify the implementation of new applications, business models and digital products
and allow an effective complementation with third-party products or services whilst improving
their development. For that reason, many developers and entrepreneurs are willing to pay for its
use.

 Innovation
APIs are essential to digital transformation and to the creation and development of innovative
business models. They are the basis of application economics, which can be developed faster,
better and at a lower cost.

Evaluate the differences between API and SDK.

What is an SDK?
An SDK (Software Development Kit) is a set of development tools such as libraries, various
utilities (both CLI and GUI), documentation, code samples, etc. that help developers build
applications for a certain platform. SDK’s main constituents are libraries that can integrate one
or more platform APIs and usually contain configurable and reusable components. Different
SDK utilities (if available in SDK) can simplify a developer’s life even further by automating
development processes.

What is an API?
An API (Application Programming Interface) is an interface designed for the interaction
between different apps, programs, or platforms. It’s more a set of methods for app-to-app
communication than a set of tools for creating a new solution. The communication between
apps is performed by a set of rules that specify data structures, routines, protocols, etc. Being a
set of tools for application development, SDKs often include one or more APIs, along with
code samples, libraries, and other components. The difference between SDKs and APIs can be
summed up as follows: “All SDKs contain APIs, but not all APIs are part of SDKs.”
When to use SDK and API?
Developers always use SDKs when building an application. Moreover, there are SDKs
designed specifically for a certain platform, such as Android SDK or Azure SDK. An API is
used for communication with external applications and/or platforms by means of various
methods and protocols. For example, to integrate a .NET application with a particular Azure
service (for example, a file storage), it’s possible to use either their Web API (by using HTTP
requests to a certain URL) or .NET libraries (which is easier, as there is no need to deal with
direct HTTP requests.). When communication with other third-party service providers
(applications / platforms) is required, API integration will be used, which sometimes can be a
part of SDK.

Explain potential security issues surrounding APIs.

API security risks are a common problem in today’s cyber world. Unfortunately, cyberattacks
have become an everyday word in today’s vernacular. Like any software, APIs can be
compromised and your data can be stolen. Since APIs serve as conduits that reveal applications
for third-party integration, they are susceptible to attacks. To take precautions, here is a list of
the top 10 API security risks.

1. Bad coding
Right off the bat, if you start off with bad coding, you are exposing yourself to serious API
security risks. Inefficient coding from the get-go is a first-class way to have your API
compromised.

2. Inadequate validation
To safeguard the security of your APIs, validation of SSL certificates is always necessary.
Nefarious API traffic intervention and inadequate validation will certainly deliver you right into
a hacker’s hands. From this point, they can steal your API keys, passwords and usernames.
3. Hesitating over API utilization
In big companies, sometimes management can neglect to track APIs and their utilization
numbers. From this point, you can incur many charges and leave yourself open to security risks
due to exposed APIs.

4. Accountability
Accountability is a tricky question. Who really is accountable for API security risks? The
answer begins with the developer. It’s the developer’s job to create a solid API. Yet,
accountability also falls on the shoulders of the person utilizing the API. People who use APIs
can add additional API security measures by being mindful via extra layers of protection.

5. Risks of XML
Note that the XML format is intertwined with the SOAP protocol. This format has several areas
of security risks where hackers can focus on. It’s important to keep on top of this format to
avoid a security breach.

6. API incompetence
Repetitive and redundant API usage can drag on if it’s not tracked. When this happens, a huge
expense can incur. API monitoring must be in place for usage, so having a strong API
governance in place is very helpful.

7. Lack of security a terrible idea

Without security measures in place such as a Transport Layer Security (TLS), you are leaving
yourself vulnerable to hackers. Having encryption processes in place is key to protecting your
APIs.
8. Going overboard with control
As soon as API calls come in, your API is exposed. It’s always prudent to set limits on API
password configurations, connections, as well as making re-authentication mandatory for
overuse. It may seem to be going overboard on control, but it is better to err on the side of
caution.

9. Terms to pay attention to

Always pay attention to the Terms of Service. If you don’t read up, you will not be fully
informed about what your API is supplying. This can further cause problems with the quality of
the service they are being offered. Data ownership in enterprise APIs is also specified in the
terms of usage. That, in turn, can result in skewed data tracking on the customer-side.

10. Unsatisfactory security

Endpoints can remain vulnerable–and any competent hacker will have a field day if security
measures are not in place. Developers need to have the best API format to protect the security
of their API.

Evaluate the range of APIs for a particular platform that covers a range of
users.

1. Weather Snippets
One common API usage example we come across on a daily basis is weather data. Rich
weather snippets seem to be commonplace, found on all platforms, like Google Search, Apple’s
Weather app, or even from your smart home device. For example, if you search “weather +
[your city’s name]” on Google, you’ll see a dedicated box at the top of the search results (called
a rich snippet) with the current weather conditions and forecast. As an example, here’s the
search for “weather New York”. Google isn’t in the business of weather data (yet!), so they
source this information from a third party. They do so by means of an API, which sends them
the latest weather details in a way that’s easy for them to reformat.
2. Log-in Using XYZ
Another prominent example of API usage is the “log-in using
Facebook/Twitter/Google/GitHub” functionality you see on so many websites. It’s incredibly
convenient, but have you ever wondered how it works? Instead of actually logging-in to users’
social media accounts (which would pose a serious security concern), applications with this
functionality leverage these platforms’ APIs to authenticate the user with each login. For
example, here’s the Facebook Login API. The way it works is pretty simple. Every time the
application loads, it uses the API to check whether the user is already logged in by means of
whatever social media platform. If not, when the user clicks the “Log-in Using XYZ” button, a
pop-up open where they are asked to confirm they actually want to log-in with that social media
profile. When the user confirms, the API provides the application with identification
information, so it knows who’s logging in.

3. Pay with PayPal

Ever used PayPal to pay for something, directly within an e-commerce store? Yep, that’s also
an API at work. Just like with logging-in using a social media service, the “Pay with PayPal”
functionality is built with APIs to ensure that the end application can only do what it needs to,
without being exposed to sensitive data or gaining access to unintended permissions. In terms
of the inner-workings of this handy function, it’s very similar to the log-in process described
above. When the user clicks the “Pay with PayPal” button, the application sends an “order”
request to the PayPal API, specifying the amount owed and other important details. Then, a
pop-up authenticates the user and confirms their purchase. Finally, if everything goes to plan,
the API sends confirmation of payment back to the application.

4. Twitter Bots
Another example of APIs at work is the huge range of bots on Twitter. Twitter bots are
accounts that automatically tweet (or retweet), follow, and send direct messages based on
software instructions. There are loads of bots on Twitter, but here are just a few of our
favorites:
 TinyCareBot: Sends hourly reminders to drink water, stretch, get fresh air, and more.
 Grammar Police: Identifies common grammar mistakes made by its followers.
 Netflix Bot: Tweets when new content is released on Netflix.

All of these bots are powered by the Twitter API. Aside from allowing you to execute simple
actions like Tweeting a certain phrase or following a user the Twitter API can also tell bots
when something specific happens on the platform. For example, you can ask the Twitter API to
tell your bot whenever it receives a new follower. Then, you can program your bot to send a
message to that follower using the API.

5. Travel Booking
Ever wondered how travel booking sites are able to aggregate thousands of flights and
destinations and showcase the cheapest option? Often, the answer is by using third-party APIs
to collect flight and hotel availabilities from providers. Likewise, if you make a booking
through one of these services, they’ll use APIs to confirm the trip with the provider they
sourced it from. APIs are great for travel services since they make it easy for machines to
quickly and autonomously exchange both data and requests in this case, trip availabilities and
reservation requests. Without using APIs, an employee of the booking service would have to
manually email the airline or hotel to find out their availability. Then, after an email comes
back from the provider, they’d have to confirm it with the traveler. By the time the travel
broker sends yet another email back to the provider, confirming the trip, it’d probably no longer
be available.
 Activity 2
Research and Evaluate alternative API similar to the proposed system and
enhance the system design.

Amazon API
Founded by Jeff Bezos in 1991, Amazon is currently the world’s largest online retail store.
Initially launched as a website that only sells books, Amazon has grown into a tech giant and it
has expanded its services to areas like cloud computing and artificial intelligence

API Features: Amazon API (MWS) allows Amazon sellers to programmatically exchange data
on listings, orders, payments, reports, and more. Amazon enables high levels of selling
automation, which can help sellers grow their business. By using Amazon MWS, sellers can
increase selling efficiency, reduce labor requirements, and improve response time to customers.

Popularity: Amazon has over 310 million monthly users with 90 million of those users on
amazon prime (paid users)

Price: Free (for 1 million API calls and below)

However, for API calls above 1 million First 333 million – $3.50; Next 667 million – $2.80;
Next 19 billion – $2.38; Over 20 billion – $1.51
 Figure 2

2. Shopify API
Based in Ottawa Canada, Shopify is an e-commerce platform that offers retailers (wholesalers)
an online platform to sell their products or services “including payments, marketing, shipping
and customer engagement tools. It helps simplify the process of running an online store for
merchants.

API Features: With the Shopify API merchants can create their own custom storefronts that let
them sell anywhere, even outside of Shopify. It allows developers to offer enhanced solutions to
your Shopify clients. The APIs iOS or Android Buy SDK offers developers an easy way to
embed a Shopify store’s products and checkout into your mobile apps.

Popularity: With over 1 million active monthly users and growing Shopify has become one of
the most widely used platforms available for merchants

Price: Free
 Figure 3

3. eBay API
Based in San Jose, California. eBay was founded by Pierre Omidyar in 1995. It provides a
powerful platform for the sale of goods and services by a passionate community of individuals
and businesses.

API Features: eBay API provides get admission to core abilities which can be typically used in
conjunction with looking, shopping for, selling and different trade activities. For instance, the
Sell APIs provide dealers and third-birthday party builders all of the competencies needed to
programmatically manipulate your eBay business stop-to-give up; and eBay’s Buy APIs enable
developers to offer buyers the option to shop for eBay sellers’ objects anywhere.

Popularity: With over 177 million active monthly users eBay is one of the biggest e-commerce
platforms in the world

Price: Free
 Figure 4

Design an application that will utilize an API for a given purpose.

Products API Overview

An API Product is a packaging mechanism that you can use when you need to package a
desired set of sources from a couple of APIs and disclose it as a separate API interface, which
may be ate up by means of subscribers. API Products give Publishers the capability to
repackage their current APIs in numerous combos to offer a tailored enjoy for their subscribers.
 Figure 5

Although traders have the capability to load merchandise the usage of a document called a
Primary Feed, there are numerous benefits to growing, updating, and deleting products using
the Content API that consists of quicker reaction time and the ability to replace more than one
merchandise' statistics in actual time, without the want to manipulate multiple supplemental
feeds. Note that it may take up to several hours for product adjustments made with the aid of
API calls to be seen within the Shopping Merchant Center database.
Create a design for a chosen substantial application that will utilize a range
of APIs.

Center
database

 Collection — Manage a store's collections. A collection is a grouping of products that

merchants can create to make their stores easier to browse.

 Collect — After creating a custom collection, add products to it by creating a collect for
each product. Each collect associate one product with one custom collection.

 Custom Collection — Manage a store's custom collections. A custom collection is one

where products are included manually, as opposed to being included automatically
because they meet selection conditions.
 Product — Manage a store's products, which are the individual items and services for sale
in the store.

 Product Image — Add or update a store's product images, which sales channels use to
display the products to shoppers.

 Product Variant — Add or update a product's variants. Variants are the different
combinations of the product's options. For example, a t-shirt product with size and color
options might have a variant in a small size and blue color.

 Smart Collection — Create or update smart collections by defining selection conditions.

Products that match the conditions are included in the collection automatically.
Overall design

Figure 6
Activity 3
Provide the android and web-site wireframes for the proposed system design.

🠶 Web-site Wireframe

Figure 7
🠶 Android Wireframes

Figure 8
Develop an application that utilizes an API for the proposed system and
provide all the interfaces and the appropriate codes of it.

🠶 Login and Registration

Figure 9

🠶 Home

Figure 10
🠶 My Account

Figure 11

🠶 My wish lists

Figure 12
🠶 My cart

Figure 13

🠶 Order summary

Figure 14
Codes
🠶 Registration and User login
<?php
session_start();
error_reporting(0);
include('includes/config.php');
// Code user Registration
if(isset($_POST['submit'])) {
$name=$_POST['fullname'];
$email=$_POST['emailid'];
$contactno=$_POST['contactno'];
$password=md5($_POST['password']);
$query=mysqli_query ($con,"insert into
users(name,email,contactno,password)
values('$name','$email','$contactno','$password')");
if($query)
{
echo "<script>alert ('You are successfully register’) ;</script>";
}
else {
echo "<script>alert ('Not register something went wrong’) ;</script>";
}}
// Code for User login
if(isset($_POST['login']))
{
$email=$_POST['email'];
$password=md5($_POST['password']);
$query=mysqli_query($con,"SELECT * FROM users WHERE email='$email' and
password='$password'");
$num=mysqli_fetch_array($query);

if($num>0)
{
$extra="my-cart.php";
$_SESSION['login’] =$_POST['email'];
$_SESSION['id’] =$num['id'];
$_SESSION['username']=$num['name'];
$uip=$_SERVER['REMOTE_ADDR'];
$status=1;
$log=mysqli_query($con,"insert into userlog(userEmail,userip,status)
values('".$_SESSION['login']."','$uip','$status')");
$host=$_SERVER['HTTP_HOST'];
$uri=rtrim(dirname($_SERVER['PHP_SELF']),'/\\');

header ("location: http://$host$uri/$extra");

exit();}
else{
$extra="login.php";
$email=$_POST['email'];
$uip=$_SERVER['REMOTE_ADDR'];
$status=0;
$log=mysqli_query($con,"insert into userlog(userEmail,userip,status)
values('$email','$uip','$status')");
$host = $_SERVER['HTTP_HOST'];
$uri = rtrim(dirname($_SERVER['PHP_SELF']),'/\\');

header ("location: http://$host$uri/$extra");

$_SESSION['errmsg’] ="Invalid email id or
Password";
exit ();}}
 ?>

Shopping cart
<?php
session_start();
error_reporting(0);
include('includes/config.php');
if(isset($_POST['submit'])) {
if (! empty($_SESSION['cart']))
{foreach($_POST['quantity'] as $key =>
$val) {
if($val==0) {
unset($_SESSION['cart’] [$key]);
} else {
$_SESSION['cart’] [$key] ['quantity’] =$val;}
echo "<script>alert ('Your Cart hasbeen Updated’) ;</script>";} }
// Code for Remove a Product from Cart
if(isset($_POST['remove_code'])) {if (!
empty($_SESSION['cart'])) {
foreach($_POST['remove_code'] as $key) {
unset($_SESSION['cart'][$key]); }
echo "<script>alert ('Your Cart has been Updated’) ;</script>";}
// code for insert product in order table
if(isset($_POST['ordersubmit']))
{if(strlen($_SESSION['login']) ==0)
{header('location:login.php'); }
else {
$quantity=$_POST['quantity'];
$pdd=$_SESSION['pid'];
 $value=array_combine($pdd,$quantity);
foreach($value as $qty=> $val34){

mysqli_query($con,"insert into orders(userId,productId,quantity)

values('".$_SESSION['id']."','$qty','$val34')");
header('location:payment-method.php');} } }
// code for billing address updation
if(isset($_POST['update']))
{ $baddress=$_POST['billingaddress'];
$bstate=$_POST['bilingstate'];
$bcity=$_POST['billingcity'];
$bpincode=$_POST['billingpincode'];
$query=mysqli_query($con,"update users set
billingAddress='$baddress',billingState='$bstate',billingCity='$bcity',billingPincode='$bpincode'
where id='".$_SESSION['id']."'");
if($query) {
echo "<script>alert('Billing Address has been updated');</script>";} }
// code for Shipping address updation
if(isset($_POST['shipupdate']))
{ $saddress=$_POST['shippingaddress'];
$sstate=$_POST['shippingstate'];
$scity=$_POST['shippingcity'];
$spincode=$_POST['shippingpincode'];
$query=mysqli_query($con,"update users set
shippingAddress='$saddress',shippingState='$sstate',shippingCity='$scity',shippingPincode='$spi
ncode' where id='".$_SESSION['id']."'");
if($query){
echo "<script>alert('Shipping Address has been updated');</script>";} }
?>
🠶 User Profile
<?php
session_start();
error_reporting(0);
include('includes/config.php');
if(strlen($_SESSION['login'])==0){
header('location:login.php');}
else{ if(isset($_POST['updat
e'])){
$name=$_POST['name'];
$contactno=$_POST['contactno'];
$query=mysqli_query($con,"update users set name='$name',contactno='$contactno'
where id='".$_SESSION['id']."'");
if($query){
echo "<script>alert('Your info has been updated');</script>";} }
date_default_timezone_set('Asia/Srilanka');// change according timezone
$currentTime = date( 'd-m-Y h:i:s A', time () );
if(isset($_POST['submit'])){
$sql=mysqli_query($con,"SELECT password FROM users where
password='".md5($_POST['cpass'])."' && id='".$_SESSION['id']."'");
$num=mysqli_fetch_array($sql);
if($num>0){
$con=mysqli_query($con,"update students set password='".md5($_POST['newpass'])."',
updationDate='$currentTime' where id='".$_SESSION['id']."'");
echo "<script>alert('Password Changed Successfully !!');</script>";}
else{
echo "<script>alert('Current Password not match !!');</script>";}}
 ?>
🠶 Search and wish list
<?php
session_start();
error_reporting(0);
include('includes/config.php');
$find="%{$_POST['product']}%";
if(isset($_GET['action']) && $_GET['action']=="add"){
$id=intval($_GET['id']);
if(isset($_SESSION['cart'][$id])){
$_SESSION['cart'][$id]['quantity']++;}
else{ $sql_p="SELECT * FROM products WHERE id={$id}";
$query_p=mysqli_query($con,$sql_p);
if(mysqli_num_rows($query_p)!=0){
$row_p=mysqli_fetch_array($query_p);
$_SESSION['cart'][$row_p['id']]=array("quantity" => 1, "price" =>
$row_p['productPrice']);
echo "<script>alert('Product has been added to the cart')</script>";
echo "<script type='text/javascript'> document.location ='my-cart.php'; </script>";
}else{ $message="Product ID is invalid";}}}
// Code for Wishlist
if(isset($_GET['pid']) && $_GET['action']=="wishlist" ){
if(strlen($_SESSION['login'])==0){
header('location:login.php');}
else{
mysqli_query($con,"insert into wishlist(userId,productId)
values('".$_SESSION['id']."','".$_GET['pid']."')");
echo "<script>alert('Product aaded in wishlist');</script>";
header('location:my-wishlist.php');}}?>

🠶 Payment methods
<?php
session_start();
error_reporting(0);
include('includes/config.php');
if(strlen($_SESSION['login'])==0){
header('location:login.php');}
else{
if (isset($_POST['submit'])) {
mysqli_query($con,"update orders set paymentMethod='".$_POST['paymethod']."' where
userId='".$_SESSION['id']."' and paymentMethod is null ");
unset($_SESSION['cart']);
header('location:order-history.php');}
?>
🠶 Logout
<?php
session_start();
include("includes/config.php");
$_SESSION['login']=="";
date_default_timezone_set('Asia/Kolkata');
$ldate=date( 'd-m-Y h:i:s A', time () );
mysqli_query($con,"UPDATE userlog SET logout = '$ldate' WHERE userEmail = '".
$_SESSION['login']."' ORDER BY id DESC LIMIT 1");
session_unset();
$_SESSION['errmsg']="You have successfully logout";
?>
<script language="javascript">
document.location="index.php";
</script>
🠶 Configuration
<?php
define('DB_SERVER','localhost');
define('DB_USER','root');
define('DB_PASS' ,'');
define('DB_NAME', 'shopping');
$con = mysqli_connect(DB_SERVER,DB_USER,DB_PASS,DB_NAME);
// Check connection
if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
?>
🠶 Managing users
<?php
session_start();
include('include/config.php');
if(strlen($_SESSION['alogin'])==0){
header('location:index.php');}
else{
date_default_timezone_set('Asia/Kolkata');// change according timezone
$currentTime = date( 'd-m-Y h:i:s A', time () );
if(isset($_GET['del'])){
mysqli_query($con,"delete from products where id = '".$_GET['id']."'");}
?>
Activity 4
The developed system should test by using black box and white box testing
methods.
Black Box Testing
Black box testing, also known as Behavioral Testing, is a software testing method in which the
internal structure/design/implementation of the item being tested is not known to the tester.
These tests can be functional or non-functional, though usually functional.
This method is named so because the software program, in the eyes of the tester, is like a black
box; inside which one cannot see. This method attempts to find errors in the following
categories:

 Incorrect or missing functions

 Interface errors
 Errors in data structures or external database access
 Behavior or performance errors
 Initialization and termination errors

In here a user might enter the password in the wrong format, and a user might not receive an
error message on entering an incorrect password. And in some fields, there are some
validations those are checked.

Figure 15
White Box Testing

White box checking out (additionally known as Clear Box Testing, Open Box Testing, Glass
Box Testing, Transparent Box Testing, Code-Based Testing or Structural Testing) is a software
trying out method wherein the inner structure/layout/implementation of the object being
examined is thought to the tester. The tester chooses inputs to workout paths through the code
and determines the suitable outputs. Programming know-how and the implementation
understanding is important. White field checking out is testing beyond the consumer interface
and into the nitty-gritty of a device. This technique is named so because the software program,
within the eyes of the tester, is like a white/obvious field internal which one sincerely sees. In
right here I actually have checked whether the written codes are operating in an accurate way or
not. In the following part I actually have examined the system using both black and white box
trying out.

Figure 16
Critically evaluate the results of your Test Plan and include a review of the
overall success of your multipage website

Flow of Payment
When your product is brought to the cart. In this case the product is shoe. That shoe will
display its rate and additionally the quantity. You can see the full charge of the product on
this cart page too. Here you can click on pay now button. In some cases, you could locate
the web page has the checkout button. On the subsequent web page, you get the choice to
choose the fee technique. In case of the fee gateway, you may locate exclusive payout
strategies.

Figure 17

Test Scenarios for Cart

1. Confirm if the item is added to the cart.
2. Confirm if the quantity is as expected for the order.
3. Confirm if the delivery charges are added into the cart page.
 4. Check the amount payable is correct.
5. Check if the cart has the place order and continue shopping buttons.
6. Check if the shopping cart shows the total savings amount.
7. Check the delivery date of the item.

After you continue the process on this page your order goes for the delivery page. And here
you have to either use the existing address of yours or add new address. This way you can
allow the website to deliver your product.

Test Scenarios for Delivery Address

1. Check if the delivery address page shows your address proper.

2. Check if the delivery address page has option to add or remove your address.
3. Check if the delivery options include the different prices for different dates.
After confirmation from this delivery address page, you’d be prompted for the payment
options. All the test cases are satisfied.

Depending on your site you’d get different options. In my case the payment page has the
following options.
 Figure 18

Test Scenarios for Payment options

1. Check if the payment option credit card, debit card and net banking is given.
2. Check if the option allows internet banking option.
3. Check if the COD option is enabled or disabled.
4. Check if the cash on delivery option is available or not.
5. Check if the bank offers are accepted in this process.
6. Check if the process allows you to add gift card code into this.

After this step you can find the process moves to the final stage where you’re supposed to pay.
And here the testing options are different. But you get the idea of the flow of the payment and
other options. Others options for managing the payment will be different. The scenarios for
the test will vary depending on the site under test.
Test # Test cases Result
1 Search based on Product name, brand name or something more broadly, the category. 
2 Is search Results is relevant? 
3 Different sort options available?- based on Brand, Price, and Reviews/ratings etc. 
4 How many results to display per page? 
5 For multi-page results, are there options to navigate to them? 
6 Is it going to auto scroll? 
7 If yes, at what interval will the image be refreshed? 
8 When the user hovers over it, is it still going to scroll to the next one? 
9 Can it be hovered on? 
10 Can it be clicked on? 
11 If yes, is it taking you to the right page and right deal? 
Is it loading along with the rest of the page or loads last in comparison to the other
12 
elements on the page?
13 Can the rest of the content be viewed? 
14 Does it render the same way in different browsers and different screen resolutions? 
15 Image or images of the product displaying? 
16 Price of the product? 
17 Product specifications? 
18 Reviews working? 
19 Check out options? 
20 Delivery options? 
21 Shipping information? 
22 In stock/Out of stock? 
23 Multiple color or variations options? 
24 Breadcrumb navigation for the categories? 
Critically evaluate the APIs used within your application. Provide a data
security report of your application.

SIBIS indicators recognition on e-commerce and on obstacles related to safety troubles for
consumers. The signs typically discover the causality link among the belief of security troubles
and the decision to shop for on-line, confirming that the hyperlink is alternatively strong. We
are imparting here the consequences of the studies on e-Commerce and safety/privacy
concerns.

Security concern because the impediment of on-line buying behavior Information safety is an
increasing number of identified as important detail for ensuring extensive participation inside
the Information Society. The achievement of the Information Society relies upon upon believe
and confidence in our records infrastructures. Within this context, the consequences of actual
(or perceived) security troubles inhibit the development of the Information Society and of e-
Commerce as an entire. Consumers are commonly involved each approximately
privacy/confidentiality and records safety.

Privacy is the premise of human dignity and other human rights and values, like freedom of
becoming a member of and freedom of speech. Some authors of liberal culture even claim that
each one human rights are some factors of right to privacy. Privacy is one of the most vital
rights in modern west society, as observed in Privacy & Human Rights 1999 document. Threats
to privateness extended in seventies with emerge of facts and conversation generation. As
determined in Privacy & Human Rights 1999 record, privateness is nowadays threatened
mostly by using 3 crucial trends: globalization (gets rid of geographical regulations in flow of
statistics), convergence among technology and multi-media. Privacy isn't one-dimensional idea,
and special factors of privateness are threatened distinctive way.
The maximum endangered in present day society are in particular information privacy
(opportunity that man or woman keeps facts about himself personal) and privateness of
communications, which also includes statistics transactions. SIBIS 2002 Topic record on
Security and accept as true with shows there seems to be a fairly identical distribution between
people who declare themselves to be strongly, fairly or no longer affected at all by way of their
security and privateness issues.
The records shows that stepped forward security functionalities with the aid of on line
operators foster digital trade. This sincerely emerges from the high degree of respondents
admitting that their issues have an impact on their alternatives on this place. However, different
elements ought to additionally be assessed. There are a huge range of respondents who do not
seem to be stricken by electronic breaches of vulnerabilities. A possible clarification is that
those respondents are more aware about e-commerce security capabilities and, consequently,
are more confident in completing on-line transactions.
Products and services purchased-customers had been in most cases (forty three%) buying
clothes and recreation system in closing 3 months (determined in June 2002 RIS survey),
however variety of books bought decreased to a weak third of respondents. All respondents
(folks who purchased and those who don’t) have been additionally asked wherein services and
products are most fascinated to purchase or seek shopping for records approximately. Most
thrilling are travel reservations, books and CD’s, and much less thrilling are food, cosmetics
and exertions-saving devices.

Conclusion
The system has been developed with much care and free of errors and at the same time it is
efficient and less time consuming. The purpose of this project was to develop a web application
for purchasing items from a shop. This project helped me in gaining valuable information and
practical knowledge on several topics like Application programming interfaces, and
management of database using MySQL. The entire system is secured. Also, the project helped
me in understanding about the API applications of a project. I have learned how to test different
features of a project. This project has given me great satisfaction in having designed an
application which can be implemented to any nearby shops or branded shops selling various
kinds of products by simple modifications.
References

Anon., n.d. DZone. [Online]

Available at: https://dzone.com/articles/api-development-an-introductory-guide
[Accessed 01 11 2020].
Anon., n.d. RedHat. [Online]
Available at: https://www.redhat.com/en/topics/security/api- security#:~:text=Web%20API%20security%20is
%20concerned,without%20having%20to%20sh are%20passwords.
[Accessed 23 11 2020].
Anon., n.d. udemy. [Online]
Available at:
https://www.googleadservices.com/pagead/aclk?sa=L&ai=DChcSEwjboraY1qLqAhXHfCsKHYi4
AjUYABAAGgJzZg&ohost=www.google.com&cid=CAASE-
[Accessed 26 11 2020].