Scribd Logo
Upload

Welcome to Scribd!

  • API Hacking RESTful API 1

    Uploaded by

    mogogot
    55 views4 pages

    Original Title

    API-Hacking-RESTful-API-1

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    55 views4 pages

    API Hacking RESTful API 1

    Uploaded by

    mogogot

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 4

    API Hacking- RESTful API ( P-2 )

    API consumer can request resources


    API Endpoints :
    from API endpoints, which is a URL for
    example.com/api/3/users interacting with part of API
    example.com/api/v3/customers

    example.com/api/users

    example.com/users

    Collection: a group of
    resources such as
    /api/profiles/users Acronym CRUD
    Stands for Create, Read, Update and
    Subcollection:
    Delete
    refers to collection within a particular
    resource Create a process of making new
    req. accomplished through POST
    /api/users/{user_id}/settings
    method

    Gateway: Read data retrieval, through GET


    filters bad request req.

    Update: record modification through


    monitor incoming traffic
    POST OR PUT overwritten
    route each req. to proper service or
    Delete: Erasing record through
    microservice
    Delete or POST
    it also handles security controls
    such as authentication, encryption
    6 Constraint
    in transit using ssl, rate limit, load
    balancing Restful API depends on 6
    Constants, Rest is essentially a set
    Microservices: of guidelines for an HTTP resource-
    based architecture.
    Modular piece of web app that handles
    a specific function

    API Hacking- RESTful API ( P-2 ) 1


    💡 API Doc. might user colon or
    square bracket or curly
    1. Uniform Interface: RestAPI
    Should have a uniform
    interface, the req. devices
    bracket
    should not matter. All be able to
    /api/v2/:customer_id or
    access server in same way
    /api/v2/[customer_id] or
    /api/v2/{customer_id} 2. Client/ Server: RestAPI Should
    have client/ Server architecture,
    client are consumer of req. info.
    Standard web API Types while server are provider of that
    Restful API: info.

    Rest stands for representation state 3. Stateless: RestAPI should not


    transfer require stateful communication

    it is set of Architectural constrant 4. Cacheable: Response from


    that defines how web shoulid work Rest API Provider should
    indicate weather the response
    designed to improve upon
    is cacheable
    inefficiencies of other older APIs,
    such as SOAP API 5. Layered System: Client should
    be able to req. data from
    Rest API Primiarly user the HTTP
    endpoint without knowing about
    method GET, POST, PUT &
    the underlying server
    DELETE to accomplish CRUD
    architecture

    6. Code on Demand (Optional):


    Allows for code to be send to
    the client for execution

    RESTful API may be different. It may have different method beyond CRUD It’s our
    set of authentication requirement, subdomain instead of Endpoint different rate-limit
    requirement

    It can be configured to call their RestAPI without adhering to the standard

    An RestAPI GET req. used to find out how many bedsheet are in store inventory

    GET /api/v3/inventory item/pillow HTTP/1.1 HTTP/1.1 200 OK


    HOST: rest-shop.com Server: RESTful server/0.1
    User-Agent: Google/11.0 Cache-control: no store
    Content-type: application/json

    API Hacking- RESTful API ( P-2 ) 2


    Accept: application/json {
    REQUEST "item":{
    "id":00101
    "name": "bedsheet"
    "count": 25
    rest-shop.com provided all information it had about "price":{
    bedsheet consumer need to filter the response if "currency": "USD"
    "value":"19.99"
    they need some specific details like only name & }
    value. }
    }
    RESPONSE

    The amount of data sent back is depends on how


    API is being programmed by the API providers

    Some Common Headers from that it’s high probability that it


    could be RESTful API

    1. Authorization: used to pass the token or credentials to the API Providers

    Authorization: Bearer Abdf123Ab

    2. Content-type

    used to indicate the type of media being transferred these diff from Accept, which
    states the media type you want to receive.

    application/json

    application/xml

    application/x-www-urlencoded

    3. Middle (x) header

    X-(anything) headers are known as middleware headers. They are fairly common
    outside API req. as well.

    x-response-time used to indicate how long response took to process

    There are many but you get idea x-(anything) middleware headers can provide a lot
    of useful information to API consumers and hackers alike

    RESTful API Specification

    API Hacking- RESTful API ( P-2 ) 3


    API Specification are framework that help org. design their APIs, automatically create
    consistent human-readable doc.

    OpenAPI Specification 3.0 (OAS), known as Swagger - one of the leading


    specifications for RESTful API. OAS helps organize and manage API by allowing
    to describe endpoints, resources, operations and authentication, and
    authorization req.

    RESTful API Modeling Language. RAML is an open specification that works


    with YAML for document formatting. Similar to OAS, RAML designed to
    document, design, build, and test REST APIs

    API Hacking- RESTful API ( P-2 ) 4

    You might also like