Professional Documents
Culture Documents
Final Report
Final Report
E Society’s
A
SEMINAR REPORT
ON
“APPLICATION PROGRAMMING INTERFACE”
Submitted to the
POOJYA DODDAPPA APPA COLLEGE OF ENGINEERING
KALABURAGI,
(An Autonomous Institution, affiliated to VTU Belgaum and Approved by
AICTE.) In The Partial Fulfillment of the requirements for the Award of
Degree Of
BACHELOR OF ENGINEERING IN
ELECTRONICS AND COMMUNICATION ENGINEERING
Submitted by:
IAMAN FATIMA
(3PD20EC402)
CERTIFICATE
Guide H.O.D
Examiners:
1.
2.
Acknowledgement
I express my foremost gratitude to my principal Dr. S.R MISE for his constant
support and valuable guidance.
My special gratitude to my guide Prof. ARUNKUMAR KANTHI for his inspiration, guidance,
constantsupervision, direction and discussions in successful completion of the Seminar.
IAMANFATIMA
(3PD20EC402)
ABSTRACT
An application programming interface (API) is a way for two or more computer
programs to communicate with each other. It is a type of software interface, offering a service to
other pieces of software.A document or standard that describes how to build or use such a
connection or interface is called an API specification. A computer system that meets this
standard is said to implement or expose an API. The term API may refer either to the
specification or to the implementation.In contrast to a user interface, which connects a computer
to a person, an application programming interface connects computers or pieces of software to
each other. It is not intended to be used directly by a person (the end user) other than a computer
programmer who is incorporating it into the software. An API is often made up of different parts
which act as tools or services that are available to the programmer. A program or a programmer
that uses one of these parts is said to call that portion of the API. The calls that make up the API
are also known as subroutines, methods, requests, or endpoints. An API specification defines
these calls, meaning that it explains how to use or implement them.
CONTENTS
1. INTRODUCTION TO API 01
2. LITERATURE SURVEY 03
3. WORKING OF API 05
4. IMPORTANCE OF API 07
5. API PROTOCOLS 08
6. TYPES OF API 12
7. API AUTHENTICATION 14
8. ADVANTAGES AND DISADVANTAGES OF API 15
9. APPLICATIONS OF API 17
10. CONCLUSION AND FUTURE SCOPE 20
BIBILOGRAPHY 21
APPLICATION PROGRAMMING INTERFACE
CHAPTER -1
INTRODUCTION TO API
An Application Programming Interface (API) is a set of predefined rules, protocols, and tools
that enables software applications to communicate and share data with each other. APIs act as
intermediaries, allowing developers to access the functionality or data of other applications,
without the need to understand their underlying code or structure.
APIs simplify the process of integrating different software applications and systems,
allowing them to work together seamlessly and share data. APIs promote modularity in software
development, enabling developers to create reusable components and services that can be easily
consumed by other applications. By leveraging existing APIs, developers can quickly implement
new features and functionality without having to build everything from scratch, thus reducing
development time and costs. APIs enable developers to experiment with new ideas and create
innovative solutions by combining and extending the capabilities of existing applications and
services.
APIs provide access to a variety of data sources, such as social media platforms, weather
services, or financial data providers. This data can be incorporated into applications to enhance
their functionality and provide users with up-to-date information. APIs enable applications to
leverage third-party services, such as payment processing, geolocation, or email delivery,
without having to develop these capabilities in-house. Many platforms, such as e-commerce or
content management systems, provide APIs to allow developers to extend their functionality
with custom integrations. APIs facilitate communication between mobile applications and
backend servers, allowing the apps to access and update data, authenticate users, and perform
other essential tasks.
CHAPTER -2
LITERATURE SURVEY
[1] Application Programming Interface Documentation: What Do Software Developers Want?
By Michael Meng, Stephanie Steinhardt, and Andreas Schubert
Abstract: The success of an application programming interface (API) crucially depends on how
well its documentation meets the information needs of software developers. Previous research
suggests that these information needs have not been sufficiently understood. This article presents
the results of a series of semi structured interview sand a follow-up questionnaire conducted to
explore the learning goals and learning strategies of software developers, the information
resources they turn to and the quality criteria they apply to API documentation . Our results show
that developers initially try to form a global understanding regarding the overall purpose and
main features of an API, but then adopt either a concepts-oriented or a code-oriented learning
strategy that API documentation both needs to address. Our results also show that general quality
criteria such as completeness and clarity are relevant to API documentation as well. Developing
and maintaining API documentation therefore need to involve the expertise of communication
professionals.
[2] Application Programming Interface (API) Research: A Review of the Past to Inform the
Future By Joshua Ofoeda, University of Professional Studies, Accra, Ghana Richard Boateng,
University of Ghana Business School, Accra, Ghana John Effah, University of Ghana
Business School, Accra, Ghana
Abstract: The purpose of this study is to perform a synthesis of API research. The study took
stock of literature from academic journals on APIs with their associated themes, frameworks,
methodologies, publication outlets and level of analysis. The authors draw on a total of 104
articles from academic journals and conferences published from 2010 to 2018. A systematic
literature review was conducted on the selected articles. The findings suggest that API research
is primarily a theoretical and largely focuses on the technological dimensions such as design and
usage; thus, neglecting most of the social issues such as the business and managerial applications
of APIs, which are equally important. Future research directions are provided concerning the
gaps identified.
[3] The Future of API Security: The Adoption of APIs for Digital Communications and the
Implications for Cyber Security Vulnerabilities by Alison Munsch PhD (Iona College Peter
Munsch MBA (Fordham University)
Abstract: Businesses and consumers need to have a robust Application Programming Interface
(API) management and security program in place to ensure they are using the most updated
policies to certify that these transactions are adequately secure. Technology vendors do provide
API Management tools for Customers, and there are established API security standards for
securing API transactions. Given the effort to keep APIs open and easy to implement for
Business to Business (B2B) and Business to Consumer (B2C) communications, security
standards must be part of API management. This research gathered data to investigate why APIs
are vulnerable. The research explored the different perspectives among Customers with regards
to their own professional experiences with developing private APIs for their organizations and
compared it to the Cyber Security Vendor/Supplier segment that offer products and services to
assist their Customers with API development, security, and management. The research found
that API exploits are usually not detected while they are occurring and perspectives about
security readiness are different by IT role. Some basic blocking and tackling fundamentals that
can help any organization improve API security management are identified by this research.
CHAPTER -3
WORKING OF API
An API is a set of defined rules that explain how computers or applications communicate with
one another. APIs sit between an application and the web server, acting as an intermediary layer
that processes data transfer between systems.
While the data transfer will differ depending on the web service being used, this process
of requests and response all happens through an API. Whereas a user interface is designed for
use by humans, APIs are designed for use by a computer or application.
APIs offer security by design because their position as middleman facilitates the
abstraction of functionality between two systems—the API endpoint decouples the consuming
application from the infrastructure providing the service. API calls usually include authorization
credentials to reduce the risk of attacks on the server, and an API gateway can limit access to
minimize security threats. Also, during the exchange, HTTP headers, cookies, or query string
parameters provide additional security layers to the data.
CHAPTER – 4
IMPORTANCE OF API
Importance of APIs
CHAPTER -5
API PROTOCOLS
API PROTOCOLS
It is an API protocol which employs XML to enable API communication. It is the oldest API
protocol in use, emerging in 1998. SOAP uses XML files to transfer data between web services.
These XML files are sent over HTTP/HTTPS transmissions as is common on the internet.
However, SOAP also provides flexibility and enables data transmission over other protocols as
well such as Transmission Control Protocol(TCP), Simple Mail Transport Protocol(SMTP), User
Data Protocol (UDP), etc. Messages in SOAP are encoded in XML.
Developed by Google and released for public use in 2015, GRPC is an open-source remote
procedure call (RPC) architecture that can operate in numerous environments. The GRPC
transport layer primarily relies on HTTP. The ability for developers to specify custom functions
that allow for flexible inter-service communication is a significant feature of GRPC. This API
protocol also offers extra features such as timeouts, authentication, and flow control. In the
GRPC protocol, data is transmitted in protocol buffers, a platform and language-agnostic
mechanism that allows for data to be structured intuitively. This mechanism defines the service
and then the data structures that the service will use. Compiling is taken care of by protoc, the
protocol buffer compiler. The output of this process is a comprehensive class containing the
user’s defined data types and basic set methods in the chosen development language. Users can
implement in-depth API operations using this class.
JSON-RPC is a stateless and lightweight API protocol that communicates between web services
using request objects and response objects. Introduced shortly after the turn of the millennium,
JSON-RPC leverages JavaScript Object Notation (JSON) to allow API communications’ simple,
albeit limited, execution. This protocol defines requests that can take care of all functionalities
within its narrow scope. JSON-RPC has the potential to outperform REST in cases where one
can apply it.
request, it knows which instructions to execute to fulfil the request. REST also supports caching.
So, the browser can store the results obtained from the request locally and retrieve it periodically
as needed, thereby increasing speed and efficiency.
Method : We use predefined methods such as GET, POST, PUT or DELETE to fetch the data.
These methods vary from one other. Ex. in when using GET, the data is appended to the end of
the URL string, whereas in POST, the data is sent along with the HTTP request.
Headers : They define the request's details and dictate the proper format in which the response
must be received.
HTTP Requests
Communication in HTTP centers around a concept called the Request- Response Cycle. The
client sends the server a request to do something. The server, in turn, sends the client a response
saying whether or not the server could do what the client asked.
HTTP Responses
After the server receives a request from the client, it attempts to fulfill the request and send the
client back a response. HTTP responses have a very similar structure to requests. The main
difference is that instead of a method and a URL, the response includes a status code. Beyond
that, the response headers and body follow the same format as requests.
CHAPTER – 6
TYPES OF API
1. Public APIs
Public APIs are open source and disseminated for general use. This is why they are also referred
to as open APIs. These application programming interfaces have specific API endpoints and
formats for calls and responses, and they can be accessed using the HTTP protocol. Open APIs
allow users to request information from any enterprise that provides the interface. This type of
API is a key component of smartphone applications. It is also used to integrate popular services
with websites easily. Google Maps API is an example of a popular public API.
2. Private APIs
Unlike open APIs that are accessible by the public at large, private APIs exist within a software
vendor’s Opens a new window system framework. They are also known as closed or internal
APIs and are often proprietary. These interfaces aim to bolster communication and boost
productivity. Enterprises leverage closed APIs to privately transmit data among internal business
applications such as enterprise resource planning (ERP), financial systems, or customer
relationship management (CRM). Private APIs are normally not revealed to external users.
3. Partner APIs
As the name suggests, partner APIs allow two different companies to enter into an exclusive
data-sharing agreement. Using this type of application programming interface, vendors gain
access to the data streams of partner companies. In return, the company granting access to its
data receives added services or system features. Developers can normally access these partner
interfaces in self-service mode using an open API dev portal. However, they would still be
required to go through an onboarding process and enter login credentials to gain access to partner
APIs. This type of API is a critical component of strategic business partnerships in the API
economy.
4. Composite APIs
Composite APIs combine different service or data APIs. This variant of the application
programming interface enables dev teams to access multiple endpoints by raising a single call.
Composite APIs are often seen in microservices architectures, where data from more than one
source is frequently needed to complete a given task. Composite interfaces compile multiple
calls sequentially and create a single API request. This request is transmitted to the server,
which, in turn, sends back one response. The distinction between composite APIs and batch APIs
is the lack of a sequence in the latter.
For instance, an ecommerce platform might use a composite API to create an order by a
new customer. By doing so, only a single request would need to be raised to create a new
customer profile, generate an order for the new customer profile, add an item to the new order,
and revise the order status.
CHPATER -7
API AUTHENTICATION
API Key authentication is a technique that overcomes the weakness of using shared
credentials by requiring the API to be accessed with a unique key. In this scheme, the key is
usually a long series of letters and numbers that is distinct from the account owner's login
password. The owner gives the key to the client, very much like a hotel gives a guest a key to a
single room.
When the client authenticates with the API key, the server knows to allow the client
access to data, but now has the option to limit administrative functions, like changing passwords
or deleting accounts. Sometimes, keys are used simply so the user does not have to give out their
password. The flexibility is there with API Key authentication to limit control as well as protect
user passwords.
CHAPTER -8
ADVANTAGES
1. Personalized Content: API enables businesses to get a clear understanding of the tastes
and preferences of the customer. This allows businesses to make personalized
recommendations and generate better customer leads and interactions.
2. Automation: One no longer needs to make assumptions and interpretations manually.
API does it all for you by managing all the workflow making business processes more
productive and efficient.
3. Fraud Prevention: API has various levels of security depending upon the type of API
that you use which ensures that only authorized personnel have access to the data
generated using API.
4. Improved Competency: The information that is transmitted from one system to another
is quickly intercepted and interpreted by API. This level of efficiency ensures
information automatically available to every platform which leads to quicker and
improved decision making.
5. Adaptability: API can anticipate changes in terms of needs that arise in the due course of
business. It used the technology at its disposal to analyze the information present within
the system more closely and thus makes the service provisions more flexible.
DISADVANTAGES
1. Increased Complexity: First, they can be complex and challenging to use, making them
challenging for novice developers.
2. Limited Functionality: They may not have all the functionality you need, requiring
additional development work.
3. Dependency on Third Party Services: If it depends on a third-party service, your
application will also be unavailable.
4. Security and Privacy Risks: They can pose security and privacy risks if they’re not
implemented correctly. Therefore, it’s essential to carefully consider these risks before
using them in your application.
CHAPTER – 9
APPLICATIONS OF API
1. Weather Snippets
Weather data is a popular API example that we come across regularly. Rich weather snippets
appear ubiquitous, appearing on all platforms such as Google Search, Apple's Weather app, and
even your smart home device.
For example, if you Google "weather + [your city's name]," you'll get a specialized box at the top
of the search results (known as a rich snippet) containing the current weather conditions and
prediction.
CHAPTER -10
CONCLUSION AND FUTURE SCOPE
Building a successful API is an art, comprising business analysis, technology
architecture, software development, partnership, content writing, developer relations, support,
and marketing. API testing plays an important role in any application. APIs play an important
role as a catalyst for the growth of most businesses, opening up many opportunities to scale and
drive innovation. The benefits of APIs are huge; they will come into play when we take
advantage of and value it. Whether businesses focus on internal operations, partner integration,
or public access, APIs provide a host of significant benefits to businesses and their employees.
Therefore, every company should be concerned about API.
An Application Programming Interface is a set of rules that allow programs to interact
with each other. The API defines the way in which software components should interact and
APIs are used when programming graphical user interface components. A good Application
Programming Interface makes it easier to develop a program by providing all the building
blocks, which are then put together by the programmer.
APIs are building blocks of online connectivity. They are a medium for multiple
applications, data and devices to interact with each other. Simply put, an API is a messanger that
takes request and tells the system what we want to do and then returns the response back to the
user. A documentation is a drafted for every API, including specifications regarding the manner
in which the information gets transferred between two systems.
BIBILOGRAPHY
[1] Berlind, D., Santos, W., Sundstrom, K. (2019, June). The Programmable Web Research
Center. Retrieved from https://www.programmableweb.com/api-research.
[2] Chen, Z., Chen, K., Jiang, J., Zhang, L., Wu, S. (2017). Evolution of Cloud Operating
System: From Technology to Ecosystem. Journal of Computer Science and Technology;
Beijing Vol. 32, Iss. 2, 224-241. DOI:10.1007/s11390-017-1717-z.
[3] Confessore, N., Rosenberg, M. (2018, May). Cambridge Analytica to File for Bankruptcy
After Misuse of Facebook Data. Retrieved from
a. https://www.nytimes.com/2018/05/02/us/politics/cambridge-analytica-shut
down.html?searchResultPosition=2.
[4] Creswell, J. W. (2009). Research design: Qualitative, quantitative, and mixed methods
approaches (3rd ed.). Thousand Oaks, CA: Sage.
[5] Edwards, M., Gawade, P., Leung, J., McDonald, B., Schalk, K., Scott, K., Van Order, B.,
Woodward, S. (2017, July). Practical Guide to Cloud Management Platforms. Cloud
Standards Customer Council. Retrieved from
a. https://www.omg.org/cloud/deliverables/CSCC-Practical-Guide-to-Cloud-
Management Platforms.pdf.
[6] Equinix (2019, October). Global Interconnection Index, Volume 3. Equinix, Inc.
Retrieved from https://www.equinix.com/global-interconnection-index-gxi-report.
[7] Feiner, L., Rodriguez, S. (2019, July). FTC slaps Facebook with record $5 billion fine,
orders privacy oversight. Retrieved from https://www.cnbc.com/2019/07/24/facebook-to-
pay-5-billion-for-privacy-lapses-ftc-announces.html.
[8] George, T. (2018, June). The Next Big Cyber-Attack Vector: APIs. Security Week.
Retrieved from https://www.securityweek.com/next-big-cyber-attack-vector-apis.
[9] Harguindeguy, B. (2017, Mar). AI-powered API security with Bernard Harguindeguy of
Elastic Beam. Pentester Academy TV. Retrieved from
https://www.youtube.com/watch?v=R9QAJri8jAU&t=42s.
[10] Henning. M. (2009, May). API design matters. Commun. ACM 52, 5, 46–56. Retrieved
from https://doi-org.avoserv2.library.fordham.edu/10.1145/1506409.1506424.
[11] Kvale, S., Brinkmann, S. (2009). Inter Views: Learning the Craft of Qualitative Research
Interviewing. Second Edition; Sage.
[12] Karhu, K., Gustafsson, R., Lyytinenc, K. (2018). Exploiting and Defending Open Digital
Platforms with Boundary Resources: Android’s Five Platform Forks. Information Systems
Research SYSTEMS RESEARCH, Vol. 29, No. 2. ISSN 1047-7047 (print), ISSN 1526-
5536 (online).
[13] Malinverno, P., O'Neill, M. (2016). Magic Quadrant for Full Life Cycle API
Management. The Gartner Group. Document ID: G00277632.
[14] McGrath, G, Brenner, P. (2017). Serverless Computing: Design, Implementation, and
Performance. 2017 IEEE 37th International Conference on Distributed Computing Systems
Workshops (ICDCSW), Atlanta, GA, 2017, pp. 405-410.
[15] Mendoza, A., Gu, G., (2018). Mobile Application Web API Reconnaissance Web-to-
Mobile Inconsistencies and Vulnerabilities. IEEE Symposium on Security and Privacy.
[16] Merriam, S. B. (2009) Qualitative research: A guide to design and implementation. San
Francisco, CA: Jossey-Bass.
[17] Mitchell, B, (2019, August). The Layers of the OSI Model Illustrated. Retrieved from
https://www.lifewire.com/layers-of-the-osi-model-illustrated-818017.
[18] Monahan, D., (2017, April). Why There Is No API Security. Radware Blog. Retrieved
from https://blog.radware.com/security/2017/04/no-api-security/.
[19] Newman, L.H. (2017 July). How Netflix Ddos’d Itself to Help Protect The Entire
Internet. Wired. Retrieved from https://www.wired.com/story/netflix-ddos-attack.
[20] Niinioja, M., Moilanen, J. (2018, May). You Categorize your APIs? Osaango. Retrieved
from https://www.osaango.com/blog/why-should-you-categorize-your-apis
[21] Rajaram, B., Babu, C., Kishore, C., Kumar R, (2013). API based security solutions for
communication among web services, 2013 Fifth International Conference on Advanced
Computing (ICoAC), Chennai, pp. 571-575.
[22] Romano, A., (2018, March). The Facebook data breach wasn’t a hack. It was a wake-up
call. Vox. Retrieved from https://www.vox.com/2018/3/20/17138756/facebook-data-breach-
cambridge-analytica-explained.
[23] Rosenberg, M., Confessore, N., Cadwalladr, C. (2018, March). How Trump Consultants
Exploited the Facebook Data of Millions. Retrieved from
https://www.nytimes.com/2018/03/17/us/politics/cambridge-analytica-trump-
campaign.html.
[24] Salem, E., Mazalevskis, C., (2017, July). API-Security-Checklist. Shieldfy. Retrieved
from https://github.com/shieldfy/API-Security-Checklist.
[25] Santos, W. (2017, March). API Directory Eclipses 17,000 as API Economy Continues
Surge. The Programmable Web. Retrieved from
https://www.programmableweb.com/news/programmableweb-api-directory-eclipses-17000
api-economy-continues-surge/research/2017/03/13.
[26] Shoemaker, A., Lambert, K. (2018, January). API Endpoints: The New DDoS Attack
Vector for Cybercriminals. Bright TALK. Retrieved from
https://www.brighttalk.com/webcast/14611/296621/api-endpoints-the-new-ddos-attack-
vector-for-cybercriminals.
[27] Siedlecki, Sandra L. (2020, January/February). Understanding Descriptive Research
Designs and Methods. Clinical Nurse Specialist. Retrieved from
https://journals.lww.com/cns-
journal/Fulltext/2020/01000/Understanding_Descriptive_Research_Designs_and.4.aspx.
[28] Siriwardena, P (2014). Advanced API Security – Securing APIs with OAuth 2,0, Open
ID Connect, JWS and JWE. Apress ISBN 978-1-4302-6818-5e-ISBN 978-1-4302-6817-8.
[29] Spring, T (2018, August). T-Mobile Alerts 2.3 Million Cyber Security Customers of Data
Breach Tied to Leaky API. Threat Post. Retrieved from https://threatpost.com/t-mobile-
alerts-2-3-million-Cyber Security Customers-of-data-breach-tied-to-leaky-api/136896.
[30] Stannard, A. (2015, August). The Inevitable Rise of the Stateful Web Application.
Petabridge. Retrieved from https://petabridge.com/blog/stateful-web-applications.
[31] W. Pei, J. Li, H. Li, H. Gao and P. Wang (2017). ASCAA: API-level security
certification of android applications, in IET Software, vol. 11, no. 2, pp. 55-63.
[32] Wheeler, C., (2018, February). Three New Attack Vectors That Will Be Born Out of IoT.
Liquid Web. Retrieved from https://www.liquidweb.com/blog/three-new-attack-vectors-
will-born-iot/.
[33] Wichers, D., Williams, J. (2018, March). Top Ten Most Critical Web Application
Security Risks. The OWASP Foundation. Retrieved from https://owasp.org/www-project-
top-ten/.