H.K.

E Society’s

POOJYA DODDAPPA APPA COLLEGE OF

ENGINEERING
KALABURAGI- 585102
(An Autonomous Institution, Affiliated To VTU Belgaum, and Approved By AICTE)

A
SEMINAR REPORT
ON
“APPLICATION PROGRAMMING INTERFACE”
Submitted to the
POOJYA DODDAPPA APPA COLLEGE OF ENGINEERING
KALABURAGI,
(An Autonomous Institution, affiliated to VTU Belgaum and Approved by
AICTE.) In The Partial Fulfillment of the requirements for the Award of
Degree Of

BACHELOR OF ENGINEERING IN
ELECTRONICS AND COMMUNICATION ENGINEERING

Submitted by:

IAMAN FATIMA
(3PD20EC402)

Under the Guidance of

Prof. ARUNKUMAR KANTHI
DEPARTMENT OF ELECTRONICS AND COMMUNICATION
ENGINEERING
P.D.A COLLEGE OF ENGINEERING,
(AUTONOMOUS INSTITUTION)
KALABURAGI
2022-2023
 Hyderabad Karnataka Education Society’s POOJYA
DODDAPPA APPA COLLEGE OF ENGINEERING
KALABURAGI- 585102
(An Autonomous Institution, Affiliated To VTU Belgaum, and Approved By AICTE)

DEPARTMENT OF ELECTRONICS AND COMMUNICATION ENGINEERING

CERTIFICATE

This is to certify that IAMAN FATIMA (3PD20EC402), of B.E VIII Semester of

Electronics and Communication Engineering has satisfactorily completed seminar

on “APPLICATION PROGRAMMING INTERFACE” during the academic year

2022-2023 as prescribed by Visvesvaraya Technological University, Belgaum.

Guide H.O.D

Prof. Arunkumar Kanthi Dr. G S Biradar

Examiners:

1.

2.
 Acknowledgement

I express my deep sense of gratitude and indebtness to my esteemed institute

“PDA COLLEGE OF ENGINEERING”, KALABURAGI which has provided me an opportunity
to fulfill the most cherished desire to reach my goal.

I express my foremost gratitude to my principal Dr. S.R MISE for his constant
support and valuable guidance.

I am thankful to Dr. G S BIRADAR Professor and Head of the Department of

Electronics and Communication Engineering, for giving permission to carry out this
Seminar in the college.

My special gratitude to my guide Prof. ARUNKUMAR KANTHI for his inspiration, guidance,
constantsupervision, direction and discussions in successful completion of the Seminar.

I express my heartfelt thanks to the staff members of Electronics and

Communication Engineering department, who helped me in completion of this Seminar
directly and indirectly within the schedule period.

Finally I am very much thankful to my beloved parents and to my dear friends.

IAMANFATIMA

(3PD20EC402)
 ABSTRACT
An application programming interface (API) is a way for two or more computer
programs to communicate with each other. It is a type of software interface, offering a service to
other pieces of software.A document or standard that describes how to build or use such a
connection or interface is called an API specification. A computer system that meets this
standard is said to implement or expose an API. The term API may refer either to the
specification or to the implementation.In contrast to a user interface, which connects a computer
to a person, an application programming interface connects computers or pieces of software to
each other. It is not intended to be used directly by a person (the end user) other than a computer
programmer who is incorporating it into the software. An API is often made up of different parts
which act as tools or services that are available to the programmer. A program or a programmer
that uses one of these parts is said to call that portion of the API. The calls that make up the API
are also known as subroutines, methods, requests, or endpoints. An API specification defines
these calls, meaning that it explains how to use or implement them.
 CONTENTS

SL. NO PARTICULARS PAGE NO.

1. INTRODUCTION TO API 01
2. LITERATURE SURVEY 03
3. WORKING OF API 05
4. IMPORTANCE OF API 07
5. API PROTOCOLS 08
6. TYPES OF API 12
7. API AUTHENTICATION 14
8. ADVANTAGES AND DISADVANTAGES OF API 15
9. APPLICATIONS OF API 17
10. CONCLUSION AND FUTURE SCOPE 20
BIBILOGRAPHY 21
 APPLICATION PROGRAMMING INTERFACE

CHAPTER -1

INTRODUCTION TO API
An Application Programming Interface (API) is a set of predefined rules, protocols, and tools
that enables software applications to communicate and share data with each other. APIs act as
intermediaries, allowing developers to access the functionality or data of other applications,
without the need to understand their underlying code or structure.

APIs simplify the process of integrating different software applications and systems,
allowing them to work together seamlessly and share data. APIs promote modularity in software
development, enabling developers to create reusable components and services that can be easily
consumed by other applications. By leveraging existing APIs, developers can quickly implement
new features and functionality without having to build everything from scratch, thus reducing
development time and costs. APIs enable developers to experiment with new ideas and create
innovative solutions by combining and extending the capabilities of existing applications and
services.

Fig : 1.1 API

Dept of E&CE, PDA 2022-23 Page 1

 APPLICATION PROGRAMMING INTERFACE

APIs provide access to a variety of data sources, such as social media platforms, weather
services, or financial data providers. This data can be incorporated into applications to enhance
their functionality and provide users with up-to-date information. APIs enable applications to
leverage third-party services, such as payment processing, geolocation, or email delivery,
without having to develop these capabilities in-house. Many platforms, such as e-commerce or
content management systems, provide APIs to allow developers to extend their functionality
with custom integrations. APIs facilitate communication between mobile applications and
backend servers, allowing the apps to access and update data, authenticate users, and perform
other essential tasks.

In building applications, an API simplifies programming by abstracting the underlying

implementation and only exposing objects or actions the developer needs. While a graphical
interface for an email client might provide a user with a button that performs all the steps for
fetching and highlighting new emails, an API for file input/output might give the developer a
function that copies a file from one location to another without requiring that the developer
understand the file system operations occurring behind the scenes.

Dept of E&CE, PDA 2022-23 Page 2

 APPLICATION PROGRAMMING INTERFACE

CHAPTER -2

LITERATURE SURVEY
[1] Application Programming Interface Documentation: What Do Software Developers Want?
By Michael Meng, Stephanie Steinhardt, and Andreas Schubert

Abstract: The success of an application programming interface (API) crucially depends on how
well its documentation meets the information needs of software developers. Previous research
suggests that these information needs have not been sufficiently understood. This article presents
the results of a series of semi structured interview sand a follow-up questionnaire conducted to
explore the learning goals and learning strategies of software developers, the information
resources they turn to and the quality criteria they apply to API documentation . Our results show
that developers initially try to form a global understanding regarding the overall purpose and
main features of an API, but then adopt either a concepts-oriented or a code-oriented learning
strategy that API documentation both needs to address. Our results also show that general quality
criteria such as completeness and clarity are relevant to API documentation as well. Developing
and maintaining API documentation therefore need to involve the expertise of communication
professionals.

[2] Application Programming Interface (API) Research: A Review of the Past to Inform the
Future By Joshua Ofoeda, University of Professional Studies, Accra, Ghana Richard Boateng,
University of Ghana Business School, Accra, Ghana John Effah, University of Ghana
Business School, Accra, Ghana

Abstract: The purpose of this study is to perform a synthesis of API research. The study took
stock of literature from academic journals on APIs with their associated themes, frameworks,
methodologies, publication outlets and level of analysis. The authors draw on a total of 104
articles from academic journals and conferences published from 2010 to 2018. A systematic
literature review was conducted on the selected articles. The findings suggest that API research
is primarily a theoretical and largely focuses on the technological dimensions such as design and
usage; thus, neglecting most of the social issues such as the business and managerial applications

Dept of E&CE, PDA 2022-23 Page 3

 APPLICATION PROGRAMMING INTERFACE

of APIs, which are equally important. Future research directions are provided concerning the
gaps identified.

[3] The Future of API Security: The Adoption of APIs for Digital Communications and the
Implications for Cyber Security Vulnerabilities by Alison Munsch PhD (Iona College Peter
Munsch MBA (Fordham University)

Abstract: Businesses and consumers need to have a robust Application Programming Interface
(API) management and security program in place to ensure they are using the most updated
policies to certify that these transactions are adequately secure. Technology vendors do provide
API Management tools for Customers, and there are established API security standards for
securing API transactions. Given the effort to keep APIs open and easy to implement for
Business to Business (B2B) and Business to Consumer (B2C) communications, security
standards must be part of API management. This research gathered data to investigate why APIs
are vulnerable. The research explored the different perspectives among Customers with regards
to their own professional experiences with developing private APIs for their organizations and
compared it to the Cyber Security Vendor/Supplier segment that offer products and services to
assist their Customers with API development, security, and management. The research found
that API exploits are usually not detected while they are occurring and perspectives about
security readiness are different by IT role. Some basic blocking and tackling fundamentals that
can help any organization improve API security management are identified by this research.

Dept of E&CE, PDA 2022-23 Page 4

 APPLICATION PROGRAMMING INTERFACE

CHAPTER -3

WORKING OF API
An API is a set of defined rules that explain how computers or applications communicate with
one another. APIs sit between an application and the web server, acting as an intermediary layer
that processes data transfer between systems.

Fig : 3.1 Working Of API

A client application initiates an API call to retrieve information—also known as a

request. This request is processed from an application to the web server via the API’s Uniform
Resource Identifier (URI) and includes a request verb, headers, and sometimes, a request body.
After receiving a valid request, the API makes a call to the external program or web server. The
server sends a response to the API with the requested information. The API transfers the data to
the initial requesting application.

While the data transfer will differ depending on the web service being used, this process
of requests and response all happens through an API. Whereas a user interface is designed for
use by humans, APIs are designed for use by a computer or application.

Dept of E&CE, PDA 2022-23 Page 5

 APPLICATION PROGRAMMING INTERFACE

APIs offer security by design because their position as middleman facilitates the
abstraction of functionality between two systems—the API endpoint decouples the consuming
application from the infrastructure providing the service. API calls usually include authorization
credentials to reduce the risk of attacks on the server, and an API gateway can limit access to
minimize security threats. Also, during the exchange, HTTP headers, cookies, or query string
parameters provide additional security layers to the data.

Dept of E&CE, PDA 2022-23 Page 6

 APPLICATION PROGRAMMING INTERFACE

CHAPTER – 4

IMPORTANCE OF API
Importance of APIs

 Facilitate Integration: APIs simplify the process of integrating different software

applications and systems, allowing them to work together seamlessly and share data.
 Encourage Modularity: APIs promote modularity in software development, enabling
developers to create reusable components and services that can be easily consumed by
other applications.
 Accelerate Development: By leveraging existing APIs, developers can quickly
implement new features and functionality without having to build everything from
scratch, thus reducing development time and costs
 Faster Innovation: APIs enable developers to experiment with new ideas and create
innovative solutions by combining and extending the capabilities of existing applications
and services.
 Data monetization: Many companies choose to offer APIs for free, at least initially, so
that they can build an audience of developers around their brand and forge relationships
with potential business partners. However, if the API grants access to valuable digital
assets, you can monetize it by selling access (this is referred to as the API economy).
When Accu Weather (link resides outside of IBM) launched its self-service developer
portal to sell a wide range of API packages, it took just 10 months to attract 24,000
developers, selling 11,000 API keys and building a thriving community in the process.
 Added security: As noted above, APIs create an added layer of protection between your
data and a server. Developers can further strengthen API security by using tokens,
signatures, and Transport Layer Security (TLS) encryption; by implementing API
gateways to manage and authenticate traffic; and by practicing effective API
management.

Dept of E&CE, PDA 2022-23 Page 7

 APPLICATION PROGRAMMING INTERFACE

CHAPTER -5

API PROTOCOLS

API PROTOCOLS

 SOAP (Simple Objects Access Protocol)

It is an API protocol which employs XML to enable API communication. It is the oldest API
protocol in use, emerging in 1998. SOAP uses XML files to transfer data between web services.
These XML files are sent over HTTP/HTTPS transmissions as is common on the internet.
However, SOAP also provides flexibility and enables data transmission over other protocols as
well such as Transmission Control Protocol(TCP), Simple Mail Transport Protocol(SMTP), User
Data Protocol (UDP), etc. Messages in SOAP are encoded in XML.

 Google remote procedure call (GRPC)

Developed by Google and released for public use in 2015, GRPC is an open-source remote
procedure call (RPC) architecture that can operate in numerous environments. The GRPC
transport layer primarily relies on HTTP. The ability for developers to specify custom functions
that allow for flexible inter-service communication is a significant feature of GRPC. This API
protocol also offers extra features such as timeouts, authentication, and flow control. In the
GRPC protocol, data is transmitted in protocol buffers, a platform and language-agnostic
mechanism that allows for data to be structured intuitively. This mechanism defines the service
and then the data structures that the service will use. Compiling is taken care of by protoc, the
protocol buffer compiler. The output of this process is a comprehensive class containing the
user’s defined data types and basic set methods in the chosen development language. Users can
implement in-depth API operations using this class.

Dept of E&CE, PDA 2022-23 Page 8

 APPLICATION PROGRAMMING INTERFACE

 JavaScript object notation–remote procedure call (JSON-RPC)

JSON-RPC is a stateless and lightweight API protocol that communicates between web services
using request objects and response objects. Introduced shortly after the turn of the millennium,
JSON-RPC leverages JavaScript Object Notation (JSON) to allow API communications’ simple,
albeit limited, execution. This protocol defines requests that can take care of all functionalities
within its narrow scope. JSON-RPC has the potential to outperform REST in cases where one
can apply it.

Fig : 5.1 JSON Request And Response

 REST (Representational State Transfer)

REST protocols overcome SOAP's dependency on XML by supporting data transmission in

multiple formats such as JSON (most prominent), HTML, Python, plain text as well as media
files. However, REST relies solely on HTTP/HTTPS for data transmission, taking away SOAP's
adaptability to other protocols. APIs which employ the REST protocol are called RESTful APIs.
REST APIs follow a client-server architecture and must be stateless. Stateless communication
implies that no client data is stored between GET requests. These GET requests must be distinct
and disconnected. REST assigns every operation a unique URL, so when the server receives a

Dept of E&CE, PDA 2022-23 Page 9

 APPLICATION PROGRAMMING INTERFACE

request, it knows which instructions to execute to fulfil the request. REST also supports caching.
So, the browser can store the results obtained from the request locally and retrieve it periodically
as needed, thereby increasing speed and efficiency.

A typical REST request has the following components:

Endpoint : The destination URL from which data is being requested.

Method : We use predefined methods such as GET, POST, PUT or DELETE to fetch the data.
These methods vary from one other. Ex. in when using GET, the data is appended to the end of
the URL string, whereas in POST, the data is sent along with the HTTP request.

Headers : They define the request's details and dictate the proper format in which the response
must be received.

Body (data) : The actual data sent by the service.

HTTP Requests

Communication in HTTP centers around a concept called the Request- Response Cycle. The
client sends the server a request to do something. The server, in turn, sends the client a response
saying whether or not the server could do what the client asked.

Fig : 5.2 JSON Request And Response

Dept of E&CE, PDA 2022-23 Page 10

 APPLICATION PROGRAMMING INTERFACE

To make a valid request, the client needs to include four things:

1. URL (Uniform Resource Locator)

2. Method
3. List of Headers
4. Body

The four methods most commonly seen in APIs are:

 GET - Asks the server to retrieve a resource

 POST - Asks the server to create a new resource
 PUT - Asks the server to edit/update an existing resource
 DELETE - Asks the server to delete a resource

Fig : 5.3 HTTP methods

HTTP Responses

After the server receives a request from the client, it attempts to fulfill the request and send the
client back a response. HTTP responses have a very similar structure to requests. The main
difference is that instead of a method and a URL, the response includes a status code. Beyond
that, the response headers and body follow the same format as requests.

Dept of E&CE, PDA 2022-23 Page 11

 APPLICATION PROGRAMMING INTERFACE

CHAPTER – 6

TYPES OF API

The four key types of APIs are:

Fig : 6.1 Types of API

1. Public APIs

Public APIs are open source and disseminated for general use. This is why they are also referred
to as open APIs. These application programming interfaces have specific API endpoints and
formats for calls and responses, and they can be accessed using the HTTP protocol. Open APIs
allow users to request information from any enterprise that provides the interface. This type of
API is a key component of smartphone applications. It is also used to integrate popular services
with websites easily. Google Maps API is an example of a popular public API.

Dept of E&CE, PDA 2022-23 Page 12

 APPLICATION PROGRAMMING INTERFACE

2. Private APIs

Unlike open APIs that are accessible by the public at large, private APIs exist within a software
vendor’s Opens a new window system framework. They are also known as closed or internal
APIs and are often proprietary. These interfaces aim to bolster communication and boost
productivity. Enterprises leverage closed APIs to privately transmit data among internal business
applications such as enterprise resource planning (ERP), financial systems, or customer
relationship management (CRM). Private APIs are normally not revealed to external users.

3. Partner APIs

As the name suggests, partner APIs allow two different companies to enter into an exclusive
data-sharing agreement. Using this type of application programming interface, vendors gain
access to the data streams of partner companies. In return, the company granting access to its
data receives added services or system features. Developers can normally access these partner
interfaces in self-service mode using an open API dev portal. However, they would still be
required to go through an onboarding process and enter login credentials to gain access to partner
APIs. This type of API is a critical component of strategic business partnerships in the API
economy.

4. Composite APIs

Composite APIs combine different service or data APIs. This variant of the application
programming interface enables dev teams to access multiple endpoints by raising a single call.
Composite APIs are often seen in microservices architectures, where data from more than one
source is frequently needed to complete a given task. Composite interfaces compile multiple
calls sequentially and create a single API request. This request is transmitted to the server,
which, in turn, sends back one response. The distinction between composite APIs and batch APIs
is the lack of a sequence in the latter.

For instance, an ecommerce platform might use a composite API to create an order by a
new customer. By doing so, only a single request would need to be raised to create a new
customer profile, generate an order for the new customer profile, add an item to the new order,
and revise the order status.

Dept of E&CE, PDA 2022-23 Page 13

 APPLICATION PROGRAMMING INTERFACE

CHPATER -7

API AUTHENTICATION

API Key Authentication

API Key authentication is a technique that overcomes the weakness of using shared
credentials by requiring the API to be accessed with a unique key. In this scheme, the key is
usually a long series of letters and numbers that is distinct from the account owner's login
password. The owner gives the key to the client, very much like a hotel gives a guest a key to a
single room.

When the client authenticates with the API key, the server knows to allow the client
access to data, but now has the option to limit administrative functions, like changing passwords
or deleting accounts. Sometimes, keys are used simply so the user does not have to give out their
password. The flexibility is there with API Key authentication to limit control as well as protect
user passwords.

Fig : 7.1 API Key Authentication

Dept of E&CE, PDA 2022-23 Page 14

 APPLICATION PROGRAMMING INTERFACE

CHAPTER -8

ADVANTAGES AND DISADVANTAGES OF API

ADVANTAGES

The advantages of using APIs are:

1. Personalized Content: API enables businesses to get a clear understanding of the tastes
and preferences of the customer. This allows businesses to make personalized
recommendations and generate better customer leads and interactions.
2. Automation: One no longer needs to make assumptions and interpretations manually.
API does it all for you by managing all the workflow making business processes more
productive and efficient.
3. Fraud Prevention: API has various levels of security depending upon the type of API
that you use which ensures that only authorized personnel have access to the data
generated using API.
4. Improved Competency: The information that is transmitted from one system to another
is quickly intercepted and interpreted by API. This level of efficiency ensures
information automatically available to every platform which leads to quicker and
improved decision making.
5. Adaptability: API can anticipate changes in terms of needs that arise in the due course of
business. It used the technology at its disposal to analyze the information present within
the system more closely and thus makes the service provisions more flexible.

Dept of E&CE, PDA 2022-23 Page 15

 APPLICATION PROGRAMMING INTERFACE

DISADVANTAGES

There are some disadvantages to using Application Programmable Interfaces:

1. Increased Complexity: First, they can be complex and challenging to use, making them
challenging for novice developers.
2. Limited Functionality: They may not have all the functionality you need, requiring
additional development work.
3. Dependency on Third Party Services: If it depends on a third-party service, your
application will also be unavailable.
4. Security and Privacy Risks: They can pose security and privacy risks if they’re not
implemented correctly. Therefore, it’s essential to carefully consider these risks before
using them in your application.

Dept of E&CE, PDA 2022-23 Page 16

 APPLICATION PROGRAMMING INTERFACE

CHAPTER – 9

APPLICATIONS OF API
1. Weather Snippets

Weather data is a popular API example that we come across regularly. Rich weather snippets
appear ubiquitous, appearing on all platforms such as Google Search, Apple's Weather app, and
even your smart home device.

For example, if you Google "weather + [your city's name]," you'll get a specialized box at the top
of the search results (known as a rich snippet) containing the current weather conditions and
prediction.

Fig :9.1 Weather Snippets

2. Google Maps
Google Maps is a popular app on billions of mobile devices around the world, but you're
probably aware of at least a few dozen other apps that use Google Maps APIs to pull customized
location data, send directions, and analyze all types of location data that can help businesses
provide better services and establish streamlined connections with suppliers, customers, delivery
services, and more.

Dept of E&CE, PDA 2022-23 Page 17

 APPLICATION PROGRAMMING INTERFACE

Fig :9.2 Google Maps

3. Travel booking
Booking aggregator websites for flights and hotels collate thousands of options to give customers
the best deals. APIs play a major role in displaying the availability and pricing of flights and
hotels in real-time. Once a user completes a booking on the website, APIs are used to confirm
the transaction with the service provider.

Fig :9.3 Travel booking

4. Twitter bots
Twitter bots are automated accounts on the microblogging website Twitter. These accounts use
the Twitter API to automatically carry out software-defined operations such as tweeting,
retweeting, following, and sending direct messages. Bot creators use the Twitter API to set up
their bots to do simple actions or be notified when a specific event occurs on the platform.

Dept of E&CE, PDA 2022-23 Page 18

 APPLICATION PROGRAMMING INTERFACE

Fig :9.4 Twitter bots

5. Payment methods
Ecommerce platforms allow customers to pay for their orders using third-party payment
applications such as Paypal. Once again, API connections are used to provide these payment
services without the user having to leave the ecommerce website or worry about their data falling
into the wrong hands.
For instance, when a customer clicks on the ‘Pay with PayPal’ button, an ‘order’ request is
communicated from the platform to the PayPal API. This API securely transmits data on the
amount to be billed and other sensitive information. When the user authenticates themselves and
their order through pop-ups, the API returns to the application with a payment confirmation.

Fig :9.5 Payment methods

Dept of E&CE, PDA 2022-23 Page 19

 APPLICATION PROGRAMMING INTERFACE

CHAPTER -10
CONCLUSION AND FUTURE SCOPE
Building a successful API is an art, comprising business analysis, technology
architecture, software development, partnership, content writing, developer relations, support,
and marketing. API testing plays an important role in any application. APIs play an important
role as a catalyst for the growth of most businesses, opening up many opportunities to scale and
drive innovation. The benefits of APIs are huge; they will come into play when we take
advantage of and value it. Whether businesses focus on internal operations, partner integration,
or public access, APIs provide a host of significant benefits to businesses and their employees.
Therefore, every company should be concerned about API.
An Application Programming Interface is a set of rules that allow programs to interact
with each other. The API defines the way in which software components should interact and
APIs are used when programming graphical user interface components. A good Application
Programming Interface makes it easier to develop a program by providing all the building
blocks, which are then put together by the programmer.
APIs are building blocks of online connectivity. They are a medium for multiple
applications, data and devices to interact with each other. Simply put, an API is a messanger that
takes request and tells the system what we want to do and then returns the response back to the
user. A documentation is a drafted for every API, including specifications regarding the manner
in which the information gets transferred between two systems.

Dept of E&CE, PDA 2022-23 Page 20

 APPLICATION PROGRAMMING INTERFACE

BIBILOGRAPHY
[1] Berlind, D., Santos, W., Sundstrom, K. (2019, June). The Programmable Web Research
Center. Retrieved from https://www.programmableweb.com/api-research.
[2] Chen, Z., Chen, K., Jiang, J., Zhang, L., Wu, S. (2017). Evolution of Cloud Operating
System: From Technology to Ecosystem. Journal of Computer Science and Technology;
Beijing Vol. 32, Iss. 2, 224-241. DOI:10.1007/s11390-017-1717-z.
[3] Confessore, N., Rosenberg, M. (2018, May). Cambridge Analytica to File for Bankruptcy
After Misuse of Facebook Data. Retrieved from
a. https://www.nytimes.com/2018/05/02/us/politics/cambridge-analytica-shut
down.html?searchResultPosition=2.
[4] Creswell, J. W. (2009). Research design: Qualitative, quantitative, and mixed methods
approaches (3rd ed.). Thousand Oaks, CA: Sage.
[5] Edwards, M., Gawade, P., Leung, J., McDonald, B., Schalk, K., Scott, K., Van Order, B.,
Woodward, S. (2017, July). Practical Guide to Cloud Management Platforms. Cloud
Standards Customer Council. Retrieved from
a. https://www.omg.org/cloud/deliverables/CSCC-Practical-Guide-to-Cloud-
Management Platforms.pdf.
[6] Equinix (2019, October). Global Interconnection Index, Volume 3. Equinix, Inc.
Retrieved from https://www.equinix.com/global-interconnection-index-gxi-report.
[7] Feiner, L., Rodriguez, S. (2019, July). FTC slaps Facebook with record $5 billion fine,
orders privacy oversight. Retrieved from https://www.cnbc.com/2019/07/24/facebook-to-
pay-5-billion-for-privacy-lapses-ftc-announces.html.
[8] George, T. (2018, June). The Next Big Cyber-Attack Vector: APIs. Security Week.
Retrieved from https://www.securityweek.com/next-big-cyber-attack-vector-apis.
[9] Harguindeguy, B. (2017, Mar). AI-powered API security with Bernard Harguindeguy of
Elastic Beam. Pentester Academy TV. Retrieved from
https://www.youtube.com/watch?v=R9QAJri8jAU&t=42s.
[10] Henning. M. (2009, May). API design matters. Commun. ACM 52, 5, 46–56. Retrieved
from https://doi-org.avoserv2.library.fordham.edu/10.1145/1506409.1506424.
[11] Kvale, S., Brinkmann, S. (2009). Inter Views: Learning the Craft of Qualitative Research
Interviewing. Second Edition; Sage.

Dept of E&CE, PDA 2022-23 Page 21

 APPLICATION PROGRAMMING INTERFACE

[12] Karhu, K., Gustafsson, R., Lyytinenc, K. (2018). Exploiting and Defending Open Digital
Platforms with Boundary Resources: Android’s Five Platform Forks. Information Systems
Research SYSTEMS RESEARCH, Vol. 29, No. 2. ISSN 1047-7047 (print), ISSN 1526-
5536 (online).
[13] Malinverno, P., O'Neill, M. (2016). Magic Quadrant for Full Life Cycle API
Management. The Gartner Group. Document ID: G00277632.
[14] McGrath, G, Brenner, P. (2017). Serverless Computing: Design, Implementation, and
Performance. 2017 IEEE 37th International Conference on Distributed Computing Systems
Workshops (ICDCSW), Atlanta, GA, 2017, pp. 405-410.
[15] Mendoza, A., Gu, G., (2018). Mobile Application Web API Reconnaissance Web-to-
Mobile Inconsistencies and Vulnerabilities. IEEE Symposium on Security and Privacy.
[16] Merriam, S. B. (2009) Qualitative research: A guide to design and implementation. San
Francisco, CA: Jossey-Bass.
[17] Mitchell, B, (2019, August). The Layers of the OSI Model Illustrated. Retrieved from
https://www.lifewire.com/layers-of-the-osi-model-illustrated-818017.
[18] Monahan, D., (2017, April). Why There Is No API Security. Radware Blog. Retrieved
from https://blog.radware.com/security/2017/04/no-api-security/.
[19] Newman, L.H. (2017 July). How Netflix Ddos’d Itself to Help Protect The Entire
Internet. Wired. Retrieved from https://www.wired.com/story/netflix-ddos-attack.
[20] Niinioja, M., Moilanen, J. (2018, May). You Categorize your APIs? Osaango. Retrieved
from https://www.osaango.com/blog/why-should-you-categorize-your-apis
[21] Rajaram, B., Babu, C., Kishore, C., Kumar R, (2013). API based security solutions for
communication among web services, 2013 Fifth International Conference on Advanced
Computing (ICoAC), Chennai, pp. 571-575.
[22] Romano, A., (2018, March). The Facebook data breach wasn’t a hack. It was a wake-up
call. Vox. Retrieved from https://www.vox.com/2018/3/20/17138756/facebook-data-breach-
cambridge-analytica-explained.
[23] Rosenberg, M., Confessore, N., Cadwalladr, C. (2018, March). How Trump Consultants
Exploited the Facebook Data of Millions. Retrieved from
https://www.nytimes.com/2018/03/17/us/politics/cambridge-analytica-trump-
campaign.html.

Dept of E&CE, PDA 2022-23 Page 22

 APPLICATION PROGRAMMING INTERFACE

[24] Salem, E., Mazalevskis, C., (2017, July). API-Security-Checklist. Shieldfy. Retrieved
from https://github.com/shieldfy/API-Security-Checklist.
[25] Santos, W. (2017, March). API Directory Eclipses 17,000 as API Economy Continues
Surge. The Programmable Web. Retrieved from
https://www.programmableweb.com/news/programmableweb-api-directory-eclipses-17000
api-economy-continues-surge/research/2017/03/13.
[26] Shoemaker, A., Lambert, K. (2018, January). API Endpoints: The New DDoS Attack
Vector for Cybercriminals. Bright TALK. Retrieved from
https://www.brighttalk.com/webcast/14611/296621/api-endpoints-the-new-ddos-attack-
vector-for-cybercriminals.
[27] Siedlecki, Sandra L. (2020, January/February). Understanding Descriptive Research
Designs and Methods. Clinical Nurse Specialist. Retrieved from
https://journals.lww.com/cns-
journal/Fulltext/2020/01000/Understanding_Descriptive_Research_Designs_and.4.aspx.
[28] Siriwardena, P (2014). Advanced API Security – Securing APIs with OAuth 2,0, Open
ID Connect, JWS and JWE. Apress ISBN 978-1-4302-6818-5e-ISBN 978-1-4302-6817-8.
[29] Spring, T (2018, August). T-Mobile Alerts 2.3 Million Cyber Security Customers of Data
Breach Tied to Leaky API. Threat Post. Retrieved from https://threatpost.com/t-mobile-
alerts-2-3-million-Cyber Security Customers-of-data-breach-tied-to-leaky-api/136896.
[30] Stannard, A. (2015, August). The Inevitable Rise of the Stateful Web Application.
Petabridge. Retrieved from https://petabridge.com/blog/stateful-web-applications.
[31] W. Pei, J. Li, H. Li, H. Gao and P. Wang (2017). ASCAA: API-level security
certification of android applications, in IET Software, vol. 11, no. 2, pp. 55-63.
[32] Wheeler, C., (2018, February). Three New Attack Vectors That Will Be Born Out of IoT.
Liquid Web. Retrieved from https://www.liquidweb.com/blog/three-new-attack-vectors-
will-born-iot/.
[33] Wichers, D., Williams, J. (2018, March). Top Ten Most Critical Web Application
Security Risks. The OWASP Foundation. Retrieved from https://owasp.org/www-project-
top-ten/.

Dept of E&CE, PDA 2022-23 Page 23