Higher Nationals

Internal verification of assessment decisions – BTEC (RQF)

INTERNAL VERIFICATION – ASSESSMENT DECISIONS

Programme title Higher National Diploma in Computing

Assessor Internal
Verifier
Unit 29 – Application Program Interfaces
Unit(s)

Assignment title online shopping system for OZQ company

Student’s name
List which assessment Pass Merit Distinction
criteria the Assessor has
awarded.
INTERNAL VERIFIER CHECKLIST

Do the assessment criteria awarded

match those shown in the assignment Y/N
brief?
Is the Pass/Merit/Distinction grade awarded
justified by the assessor’s comments on the Y/N
student work?
Has the work been assessed
Y/N
accurately?
Is the feedback to the student:
Give details:
• Constructive?
Y/N
• Linked to relevant assessment
Y/N
criteria?
Y/N
• Identifying opportunities for
improved performance?
• Agreeing actions? Y/N
Does the assessment decision need
Y/N
amending?

Assessor signature Date

Internal Verifier signature Date

Programme Leader signature (if
Date
required)
Confirm action completed
Remedial action taken
Give details:

Assessor signature Date

Internal
Date
Verifier
signature
Programme Leader
Date
signature (if
required)
Higher Nationals - Summative Assignment Feedback Form
Student Name/ID

Unit Title Unit 29 – Application Program Interfaces

Assignment Number 1 Assessor

Date
Submission Date
Received 1st
submission
Date Received 2nd
Re-submission Date
submission
Assessor Feedback:
LO1 Examine what an API is, the need for APIs and types of APIs
Pass, Merit & P1 M1 D1
Distinction Descripts

LO2 Apply the knowledge of API research to design an application that incorporates relevant APIs for a
given scenario or a substantial student chosen application
Pass, Merit & P2 M2 D2
Distinction Descripts

LO3 Implement an application in a suitable development environment

Pass, Merit & P3 M3 D3
Distinction Descripts

LO4 Document the testing of the application, review and reflect on the APIs used
Pass, Merit & P4 M4 D4
Distinction Descripts

Grade: Assessor Signature: Date:

Resubmission Feedback:

Grade: Assessor Signature: Date:

Internal Verifier’s Comments:

Signature & Date:

* Please note that grade decisions are provisional. They are only confirmed once internal and external moderation has taken place and grades decisions
have been agreed at the assessment board.
Assignment Feedback
Formative Feedback: Assessor to Student

Action Plan

Summative feedback

Feedback: Student to Assessor

Assessor signature Date

Student signature Date

Pearson Higher Nationals in

Computing
Unit 29 – Application Program Interfaces
General Guidelines

1. A Cover page or title page – You should always attach a title page to your assignment. Use previous page
as your cover sheet and make sure all the details are accurately filled.

2. Attach this brief as the first section of your assignment.

3. All the assignments should be prepared using a word processing software.

4. All the assignments should be printed on A4 sized papers. Use single side printing.

5. Allow 1” for top, bottom , right margins and 1.25” for the left margin of each page.

Word Processing Rules

1. The font size should be 12 point, and should be in the style of Times New Roman.

2. Use 1.5 line spacing. Left justify all paragraphs.

3. Ensure that all the headings are consistent in terms of the font size and font style.

4. Use footer function in the word processor to insert Your Name, Subject, Assignment No, and Page
Number on each page. This is useful if individual sheets become detached for any reason.

5. Use word processing application spell check and grammar check function to help editing your
assignment.

Important Points:

1. It is strictly prohibited to use textboxes to add texts in the assignments, except for the compulsory
information. eg: Figures, tables of comparison etc. Adding text boxes in the body except for the before
mentioned compulsory information will result in rejection of your work.

2. Carefully check the hand in date and the instructions given in the assignment. Late submissions will not
be accepted.

3. Ensure that you give yourself enough time to complete the assignment by the due date.

4. Excuses of any nature will not be accepted for failure to hand in the work on time.

5. You must take responsibility for managing your own time effectively.
 6. If you are unable to hand in your assignment on time and have valid reasons such as illness, you may
apply (in writing) for an extension.

7. Failure to achieve at least PASS criteria will result in a REFERRAL grade .

8. Non-submission of work without valid reasons will lead to an automatic RE FERRAL. You will then be
asked to complete an alternative assignment.

9. If you use other people’s work or ideas in your assignment, reference them properly using HARVARD
referencing system to avoid plagiarism. You have to provide both in-text citation and a reference list.

10. If you are proven to be guilty of plagiarism or any academic misconduct, your grade could be reduced to
A REFERRAL or at worst you could be expelled from the course

Student Declaration

I hereby, declare that I know what plagiarism entails, namely to use another’s work and to present it as my own
without attributing the sources in the correct form. I further understand what it means to copy another’s work.

1. I know that plagiarism is a punishable offence because it constitutes theft.

2. I understand the plagiarism and copying policy of Edexcel UK.
 3. I know what the consequences will be if I plagiarise or copy another’s work in any of the assignments for
this program.
4. I declare therefore that all work presented by me for every aspect of my program, will be my own, and
where I have made use of another’s work, I will attribute the source in the correct way.
5. I acknowledge that the attachment of this document signed or not, constitutes a binding agreement
between myself and Pearson, UK.
6. I understand that my assignment will not be considered as submitted if this document is not attached to
the assignment.

Student’s Signature: Date:

(Provide E-mail ID) (Provide Submission Date)
Higher National Diploma in Business
Assignment Brief
Student Name /ID Number
Unit Number and Title Unit 29- Application Program Interfaces
Academic Year 2021/2022
Unit Tutor
Assignment Title
Issue Date
Submission Date
IV Name & Date

Submission format

Part 1 – Report: The submission should be in the form of an individual written report. This should
be written in a concise, formal business style using single spacing and font size 12. You are
required to make use of headings, paragraphs and subsections as appropriate, and all work must
be supported with research. You must provide in-text citations and the reference list using Harvard
referencing system.

Part 2: Fully functional web solution.

The recommended word count for the report is 4,000–4,500 words excluding annexures. Note
that word counts are indicative only and you would not be penalised for exceeding the word.
Minimum word count – 4,000
Maximum word count – 5,500

Scenario
“ELEKS “ is a Top 100 Global Outsourcing company. You work as an apprentice web developer for
ELEKS . As part of your role, you have been asked to create an online shopping system for OZQ
company.
Online shopping has grown its popularity over the years, mainly because people find it convenient
and easy to shop from the comfort of their own home or office. This is one of the most enticing
factors about online shopping Because of these reasons OZQ company has decided to develope an
online shopping system.
OZQ-cart has facilitates business-to-consumer sales through its website. OZQ-cart system helps to
buy any type of item online by choosing the listed products from the website. Following are the
functional requirements of the system.

 Registration – Customers can view the store but only the members can buy items. To
 become a member of the website, the customer need to register for the membership.
 Login page - The Login page is peripheral of the secure area of the system and allows the
user to log onto the web application. The user can view the store and add their order to the
shopping cart.
 Shopping cart – Member can add their searched items to the cart.
 User Profile - The User Profile page is an area that allows the users to maintain their own
information. The user can browse and search the items and add to the shopping cart.
 Item Search and Select - Each customer must be able to view the status of the placed
order.
 Feedbacks – user can provide opinions/ feedback to the site.

Following are the non-functional requirements of the system.

 Performance
 Usability
 Reliability and availability
 Security

Develop a web based solution for the above scenario.

Activity 1 - Examine what an API is, the need for APIs and types of APIs.
1.1 Examin What is an API (Application Program Interface) ,types and the benefits of APIs
and evaluate the potential security issues surrounding APIs with reference .
1.2 Examin the differences between API and SDK and Assess a range of APIs that covers a
range of users of the proposed solution.

Activity 2 - Apply the knowledge of API research to design an application that incorporates
relevant APIs for a given scenario or a substantial student chosen application
 2.1 Apply the knowledge of API research and Analyse the alternative solutions similar to the
proposed system that could be enhanced by a suitable API. Design an application that will
utilize a range of APIs for the proposed solution and justify the design choices used.

Activity 3 - Implement an application in a suitable development environment

3.1 Develop an application with suitable android and web-site wireframes for the proposed
system design in task 2. Provide all the interfaces of the system and the appropriate codes
of it.

Activity 4 - Document the testing of the application, review and reflect on the APIs used
4.1 Design and complete a ‘black box’ and ‘white box’ testing methods for the developed
system and update the system according to the results. Critically evaluate the APIs used
within your application and results of your Test Plan. Include a review of the overall
success of your multipage website and provide a data security report of the application
you developed for the above sceanrio.

Observation Sheet
 Activi Activity Learnin Feedback
ty g (Pass/ Redo)
No Outcom
e
1 Examine what an API is, the need for APIs and LO1
types of APIs.

2 Apply the knowledge of API research to design LO2

an application that incorporates relevant APIs
for a given scenario or a substantial student
Chosen application.
3 Implement an application in a suitable LO3
development environment.
4 Document the testing of the application, review LO4
and reflect on the APIs used.

Comments:

Assessor Name :…………………………………………….

Date :…………………………………………….

Assessor Signature :…………………………………………………………………………

Grading Rubric

Grading Criteria Achieved Feedback

LO1 Examine what an API is, the need for APIs and
types of APIs

P1 Examine the relationship between an API and a

software development kit (SDK).
M1 Asses a range of APIs for a particular platform that
covers a range of uses.
D1 Evaluate potential security issues surrounding APIs

LO2 Apply the knowledge of API research to design an

application that incorporates relevant APIs for a given
scenario or a substantial student chosen application
P2 Analyse an existing application that could be
extended with a suitable API.

M2 Design an application that will utilise an API for a

given purpose.

D2 Create a design for a chosen substantial application

that will utilise a range of APIs, justifying choices..

LO3 Implement an application in a suitable

development environment
P3 Build on an existing application framework to
implement an API.
 M3 Develop an application that utilises an API.

D3 Construct an application utilising multiple APIs,

following the designs in LO2
LO4 Investigate scenarios with respect to design
PatternsLO4 Document the testing of the application,
review and reflect on the APIs used

P4 Design and complete a ‘white box’ test of the

application, recording the results.

M4 Conduct ‘black box’ tests of your application,

recording the results.
M5 Update the application accordingly with the
results.
D4 Critically evaluate the APIs used within your
application. Provide a data security report of your
application.

Table of Contents
Activity 1 - Examine what an API is, the need for APIs and types of APIs..............................................17

1.1 Examin What is an API (Application Program Interface) ,types and the benefits of APIs and
evaluate the potential security issues surrounding APIs with reference ...............................................17

1.1.1 What is API?.............................................................................................................................17

1.1.2 How API Works........................................................................................................................17

1.1.3 Types of API.............................................................................................................................17

1.1.4 Benefits of using API................................................................................................................19

1.1.4 Explain potential security issues surrounding APIs.............................................................19

Inadequate Validation........................................................................................................................19

Hesitating over API utilization..........................................................................................................20

 Risks of XML....................................................................................................................................20

Going overboard with control............................................................................................................20

API incompetence..............................................................................................................................20

Injection Attacks................................................................................................................................20

DoS Attacks.......................................................................................................................................21

Broken Authentication.......................................................................................................................21

Sensitive Data Exposure....................................................................................................................21

Broken Access Control......................................................................................................................21

Parameter Tampering.........................................................................................................................21

1.2 Examin the differences between API and SDK and Assess a range of APIs that covers a range of
users of the proposed solution...............................................................................................................22

1.2.1 Evaluate the differences between API and SDK......................................................................22

1.2.2 Evaluate the range of APIs for a particular platform that covers a range of users...................23

Activity 2 - Apply the knowledge of API research to design an application that incorporates relevant
APIs for a given scenario or a substantial student chosen application......................................................25

2.1 Apply the knowledge of API research and Analyse the alternative solutions similar to the
proposed system that could be enhanced by a suitable API. Design an application that will utilize a
range of APIs for the proposed solution and justify the design choices used........................................25

2.1.1 Alternative APIs for OZQ-Cart.................................................................................................25

2.1.2 Design an application that will utilize an API for a given purpose..................................................27

2.1.3 design for a chosen substantial application that will utilize a range of APIs. Justify the choice. 31

Activity 3 - Implement an application in a suitable development environment........................................32

3.1 Develop an application with suitable android and web-site wireframes for the proposed system
design in task 2. Provide all the interfaces of the system and the appropriate codes of it.....................32

Android Wireframes..........................................................................................................................32

Website wireframe.............................................................................................................................34
 ER Diagram.......................................................................................................................................38

Use Case Diagram.............................................................................................................................39

API Code...........................................................................................................................................40

Database.............................................................................................................................................45

Activity 4 - Document the testing of the application, review and reflect on the APIs used......................49

4.1 Design and complete a ‘black box’ and ‘white box’ testing methods for the developed system and
update the system according to the results. Critically evaluate the APIs used within your application
and results of your Test Plan. Include a review of the overall success of your multipage website and
provide a data security report of the application you developed for the above sceanrio.......................49

4.2 Critically evaluate the results of your Test Plan and include a review of the overall success of
your multipage website..........................................................................................................................62

4.3 Critically evaluate the APIs used within your application. Provide a data security report of your
application..............................................................................................................................................64

Data Security Report for OZQ-Cart..................................................................................................65

References..................................................................................................................................................67
Figure 1 - Home page................................................................................................................................30
Figure 2 - about us.....................................................................................................................................31
Figure 3 - User Registration......................................................................................................................31
Figure 4 - Product Search..........................................................................................................................32
Figure 5 – cart............................................................................................................................................32
Figure 6 - order Confirmation....................................................................................................................33
Figure 7 - Order Confirm...........................................................................................................................33
Figure 8 -Android Wireframes...................................................................................................................35
Figure 9- Android Wireframes...................................................................................................................36
Figure 10- Android Wireframes.................................................................................................................36
Figure 11 - Web-site Wireframes..............................................................................................................37
Figure 12- Web-site Wireframes...............................................................................................................37
Figure 13 -Web-site Wireframes................................................................................................................38
Figure 14 -Web-site Wireframes................................................................................................................38
Figure 15 -Web-site Wireframes................................................................................................................39
Figure 16 -Web-site Wireframes................................................................................................................39
Figure 17 -Web-site Wireframes................................................................................................................40
Figure 18 -Web-site Wireframes................................................................................................................40
Figure 19 -Web-site Wireframes................................................................................................................41
Figure 20 - ER Diagram............................................................................................................................41
Figure 21 - Use Case Diagram...................................................................................................................42
Figure 22 - User controller........................................................................................................................43
Figure 23 -Cart controller..........................................................................................................................44
Figure 24 – Login......................................................................................................................................45
Figure 25 – Item.........................................................................................................................................45
Figure 26-feedback controller....................................................................................................................46
Figure 27 - get Order.................................................................................................................................47
Figure 28 – database..................................................................................................................................48
Figure 29 – database..................................................................................................................................49
Figure 30- database....................................................................................................................................50
Figure 31 – database..................................................................................................................................51
Figure 32 - Home page..............................................................................................................................55
Figure 33 - invalid username and password..............................................................................................56
Figure 34 - Login Success.........................................................................................................................57
Figure 35 - After the login (home page)....................................................................................................57
Figure 36 - about us...................................................................................................................................58
Figure 37 - User Registration....................................................................................................................59
Figure 38 - Product Search........................................................................................................................59
Figure 39 – Login......................................................................................................................................60
Figure 40 - Registered Form......................................................................................................................61
Figure 45 - Search Result..........................................................................................................................62
Figure 41 - Item Details.............................................................................................................................63
Figure 42 – Cart.........................................................................................................................................64
Figure 43 - Buy Now.................................................................................................................................64
Figure 44 -payment Completed.................................................................................................................65
Activity 1 - Examine what an API is, the need for APIs and types of APIs.
1.1 Examin What is an API (Application Program Interface) ,types and the benefits of APIs and
evaluate the potential security issues surrounding APIs with reference .

1.1.1 What is API?

An application programming interface (API) is a set of protocols and tools for constructing utility
software. It is a set of honestly described strategies of communication between a numbers of software
components. Most companies, especially tech companies, have built APIs for their clients or for interior
use. Your API comes in when your website’s server communicates with Google’s server to create a
match with all of these details. In relation to client experience, it is the API that allows clients to create
the calendar invite without leaving your website.

1.1.2 How API Works

An application programming interface is a set of rules that define how computers, applications, or
machines can speak to each other. You can suppose of it this way: the normal user interface is supposed
for use by means of a human being, while APIs are intended for use with the aid of an utility or
computer. (mulesoft.com,2020)
Most net APIs sit between the software and the net server. The user initiates an API name that tells the
utility to do something, then the software will use an API to ask the net server to do something. The API
is the intermediary between the utility and the net server, and the API name is the request. And every
time you use software program to speak with other software program or online internet servers, you’re
the use of APIs to request the records you need. (mulesoft.com,2020)
It’s necessary to word that whilst web APIs are the most common, APIs aren’t restrained to the web.
There are APIs for absolutely each and every laptop or device that expects to engage with other
machines or systems. (mulesoft.com,2020).

1.1.3 Types of API

API are broadly divided into internal and external based on how they are adopted and shared in a
system.
 Internal APIs
  Production API
 Development API
 Mock API
 Fuzzing API

1. Internal APIs
Internal APIs are exclusively meant for building internal applications to use within the company or
organization or customize it for partners to facilitate service-oriented architectures. Using private or
Internal APIs, organizations can streamline business and integrate their internal applications across their
customers and partners.
2. Production API
Eventually, every app will need a production API. This is the server that sends real data from the
database, makes updates to it, and enforces all the permissions and business logic. It should not return
data to users who should not see it, and it does not allow users to update information they do not have
permission to change. Production APIs need to be fast and scalable, because they will handle all the apps
real-world traffic. Most apps already have a production API, so there is not any need to go into more
detail on them
3. Development API
A development API is one that stands in for the production API like a body double: All it has to do is
look the part. Development APIs are perfect for working on the client before the production API is
available, allowing front-end progress to continue, even though there's no real data or database backing
it yet. Development APIs usually do not persist data to a database and just keep everything in memory.
It's often useful to have some example data that loads when the server starts
4. Mock API
Mock APIs are the simplest of the APIs listed here. It has written a version in Go with only 200 lines and
an even shorter one in JavaScript. Neither has any external dependencies because neither does anything
other than listen for what to mock and return it when the request is made. They don't have any
application-specific logic
5. Fuzzing API
A fuzzing API does the unexpected. It returns random, inconsistent data and exposes how the client
copes. Fuzzing APIs do a much better job than humans at running into problematic edge cases and
testing our implicit assumptions. The simplest fuzzing API is one that returns data in the shape the client
expects, but with random data. It's a shallow API that doesn't have any logic other than random data
generation
1.1.4 Benefits of using API
By using API business can gain more benefits. API allow the capabilities of one computer program to be
used by another. It means by which two different programs are able to communicate. For an example, if
a system needs to show the maps for the users, then the developers can use a google Map API to get the
service for the system. They can manage the functions using these APIs. And also, they can save the cost
by using these APIs. Therefore, are lots of public APIS. Therefore, the systems can use these free API if
they want.
APIs enable companies to grow their businesses more quickly than ever before, with APIs, computers
rather than people can manage the work. Through APIs, agencies can update work flows to make them
quicker and more productive. with an API an application layer can be created which can be used to
distribute information and services to new audiences which can be personalized to create custom user
experiences. It is a benefit can gain by using an API. APIs can customize the content and services that
they use the most. Companies don't have to pay for several different software applications and the
hardware to make them all work. Through an API developer can connect different systems and work
them all. It reduces the cost. If the system has to develop all the features and, they can simply. These
APIs are easy to use and operate, therefore, these APIs can easily support for the systems. Then users
can gain facilities easily.
API-powered apps are also compatible with more devices and operating systems, providing more
seamless experiences. End users can easily perform their task by using these Apps. A website uses a
URL address to make a call to a server and pull up a webpage in a browser. APIs also facilitate calls to a
server, but they execute it more simply. They connect the web, allowing developers, applications, and
sites to tap into databases and services (or, assets). APIs do this by acting like a universal converter plug
offering a standard set of instructions. It responded faster and provide a good service for the end users.

1.1.4 Explain potential security issues surrounding APIs

Inadequate Validation
The most common web application security weakness is the failure to properly validate input
from the client or environment. This weakness leads to almost all of the major vulnerabilities in
applications, the input data need to validate properly. If untrusty data may harm the API and the system
data. An Inadequate Validation may be an access point for the third party. Then they can access the API
and manage the system and access the system data. From this point, they can steal the API keys,
passwords and usernames. It is a potential security issue surrounding APIs.

Hesitating over API utilization

Sometimes management can neglect to track APIs and their utilization numbers. From this point, can
incur many charges and leave yourself open to security risks due to exposed APIs. The system gets slow
and the third part can access APIs and access sensitive data.

Risks of XML
XML format is intertwined with the SOAP protocol. This format has several areas of security risks
where hackers can focus on. It’s important to keep on top of this format to avoid a security breach. These
flaws can be used to extract data, execute a remote request from the server, scan internal systems,
perform a denial-of-service attack, and execute other attacks. The business impact depends on the
protection needs of all affected application and data.

Going overboard with control

As soon as API calls come in, your API is exposed. It’s always prudent to set limits on API password
configurations, connections, as well as making re-authentication mandatory for overuse. Then API will
crash and all the data may lose or hand in to a third party. Therefore, an API needs to manage the
overboard and reposes for users.

API incompetence
The design API may not provide assumed functions. It may be a security issue for the system. The API
is not performed well and it may include some bugs. Then these bugs mat helps to hacker to access the
API and get the data from the system. Therefore, an API need to develop with standards. Then hackers
cannot easily access the API. Then system data can secure.

Injection Attacks
Injection attacks means a dangerous code is embedded into an unsecured software program to stage an
attack. Injects SQL commands that can read or modify data from a database. As a result of injection
attack an attacker obtaining unauthorized access to information or carry out other damages. If a bank
system API get an injection Attack, then their data may access by a third party. It will be a huge lost for
the bank and their client. (restcase.com, 2019)

DoS Attacks
In a Denial of Service (DoS) attack, the attacker in most cases pushes enormous messages requesting the
server or network to establish requests consisting of invalid return addresses. The attack is capable of
rendering a RESTful API into a non-functional situation if the appropriate security precautions are not
adopted. (restcase.com, 2019)

Broken Authentication
These particular problems can make an attacker to either bypass or take control of the authentication
methods made use of by a web program. Missing or inadequate authentication can result in attack
whereby JSON web tokens, API keys, passwords, etc. can be compromised. (restcase.com, 2019)

Sensitive Data Exposure

Exposure of sensitive data caused by lack of encryption in transit or at rest may result in an attack.
Sensitive Data Exposure happens whenever an application is unable to properly secure sensitive data.
(restcase.com, 2019)

Broken Access Control

Access control, in some cases known as authorization, is how a web software allows access to functions
and contents to certain people rather than everybody. Missing or inadequate access control can permit
the attacker to gain control of other user’s accounts, alter access privileges, change data etc.
(restcase.com, 2019)

Parameter Tampering
It’s an attack that is based on the manipulation of parameters exchanged between client and server in
order to modify application data, such as user credentials and permissions, price and quantity of
products, etc. Usually, this information is stored in cookies, hidden form fields, or URL query strings,
and is used to increase application functionality and control. (restcase.com, 2019)
1.2 Examin the differences between API and SDK and Assess a range of APIs that covers a range
of users of the proposed solution.

1.2.1 Evaluate the differences between API and SDK

What is SDK?
A software program improvement kit (SDK) is a set of software program development tools that
approves the creation of purposes for a positive software program package, software program
framework, hardware platform, pc system, video game console, operating system, or similar
development platform. To put it simply, an SDK is a tool box that regularly includes APIs, pieces of
code, or other rules for growing software. Companies make their SDKs on hand to developers in order
to help them effortlessly integrate with their services. (nordicapis.com,2020)

Different Between API and SDK

APIs and SDKs are similar, so it can be tough to apprehend exactly what the difference between the two
is, or when you ought to select to use one or the other. Another feasible source of confusion comes from
the fact that SDKs often include one or extra APIs and assist implement them. However, an API won’t
continually have an accompanying SDK. While an API is purpose built to operate a precise function of
permitting verbal exchange between applications, an SDK is an integrated platform that boasts a set of
tools to create these applications. (nordicapis.com,2020)
APIs facilitate and permit interaction between applications, but they by myself are now not adequate to
create a company new app. In other words, an API might be higher for your task if you are searching to
add a few particular features. If you are beginning a totally new project, an
SDK will furnish the tools you want to get up and running. (nordicapis.com,2020) Non-Technical
Explanation of API and SDK
If you are making an attempt to provide an explanation for the distinction between an API and an SDK
to a non-developer or anybody who is much less acquainted with the concepts, think about the use of the
one of a kind parts of a house as an analogy. In this situation, the SDK represents the entire house: all of
the rooms, furniture, telephone lines, and different components. An API represents simply the telephone
strains that permit verbal exchange in and out of the house. (nordicapis.com,2020)
Though this isn’t a best example, the house analogy helps carry the imperative differences between an
API and an SDK to any individual who might now not be as acquainted with technical concepts.
(nordicapis.com,2020)

1.2.2 Evaluate the range of APIs for a particular platform that covers a range of users.

Visual studio

“Visual Studio is an Integrated Development Environment (IDE) developed by Microsoft to develop

GUI (Graphical User Interface), console, Web applications, web apps, mobile apps, cloud, and web
services, etc. With the help of this IDE, you can create managed code as well as native code. It uses the
various platforms of Microsoft software development software like Windows store, Microsoft
Silverlight, and Windows API, etc. It is not a language-specific IDE as you can use this to write code in
C#, C++, VB (Visual Basic), Python, JavaScript, and many more languages. It provides support for 36
different programming languages.

Pros & Cons of Visual Studio

Table 1 - Pros & Cons of Visual Studio

Pros Cons
Code organization and looking for files, classes, The user interface can be a bit daunting to new
and
people
functions in Solution Explorer is fast and reliable.
Debugging feature in Visual Studio is There's no support for opening multiple
more solutions
important. in one 'program,' which is a bummer.
Code highlighting & syntax coloring Too heavy to install.
Powerful tool to create apps. Sometimes it slows down the system when
users going to build a project.
Postman
Postman is a collaboration platform for API development. Postman's features simplify each step of
building an API and streamline collaboration so you can create better APIs. Postman used to directly
develop and test the APIs. Postman too, easy for testing the API.

Table 2 advantages and disadvantages of Postman

Advantages
API testing is a great feature.
It provides an import option so we can easily
import using Swagger or paste requested
content.
Sharing is so easy.
GUI is easy to use.
Lots of compatibility and support for various
protocols, headers, request bodies, etc.
Disadvantages
Free version provides limited sharing across
the team. If the free version can upgrade the
sharing
limit, then it would be more helpful.
Syncing of changes sometimes does not work
well
and had to restart some time.
More guides would be helpful because
sometimes it
takes a while to figure out something.

According to these platforms these are some platforms that can use for API development. Postman is a
common platform used for API development. The main advantage is the Postman GUI s are easy to use
and simple to understand. Postman provide import function and it more useful in development.
However, it has some drawbacks. Postman Free version provides limited sharing across the team. If the
free version can upgrade the sharing limit, then it would be more helpful. Sometimes the postmen
software gets stuck and have to restart again.
Dream factory is another platform that can use for API development. The free Dream factory platform
contain more features. The Dream factory software have great security and user documentation. Its
straightforward integration to SQL backends. However, Dream factory has some drawbacks. Sometimes
Upgrading to a new version can be challenging. It will be a disadvantage for the users. Sometimes
debugging feature not perform well. Then it will be a problem for the users. Sometimes Dream factory
API database query options not as powerful as SQL language options. Free version doesn't include e-
mail, phone or chat support. Visual Studio is another Platform that used for API development. According
to this OZQ cart scenario, the author used Visual Studio IDE to develop the API. The Visual Studio IDE
provided live coding assistance regardless of the programming language they are utilizing. The
platforms built-in IntelliSense offers hints and descriptions of APIs and auto-completes lines for better
speed. Finding bugs in the code is difficult sometimes. Therefore, the Visual Studio platform support for
debugging and fix error for all included language. Visual Studio is a powerful tool to create apps and
Code organization and looking for files, classes, and functions in Solution Explorer is fast and reliable.
These feature helps to operate the IDE. Then developers can easily use the IDE. However, Visual Studio
IDE also have some drawbacks. The user interface can be a bit daunting to new people and there's no
support for opening multiple solutions in one 'program,' which is a bummer. It may be a problem in
sometimes. Sometimes it slows down the system when users going to build a project and too heavy to
install. However, the author used Visual Studio IDE as the API development platform. It is a quality IDE
and easy for use to Author. Therefore, the Author select it for this scenario. The author can gain above
mention advantages.

Activity 2 - Apply the knowledge of API research to design an application that incorporates
relevant APIs for a given scenario or a substantial student chosen application
2.1 Apply the knowledge of API research and Analyse the alternative solutions similar to the
proposed system that could be enhanced by a suitable API. Design an application that will utilize a
range of APIs for the proposed solution and justify the design choices used.

2.1.1 Alternative APIs for OZQ-Cart

OZQ-cart is an online shopping system that facilitates business-to-consumer sales through its website.
OZQ-cart system helps to buy any type of item online by choosing the listed products from the website.
According to that there are lot of alternative APIs in the market for an Online shopping system.

Shopify API
Shopify API may be a tool that permits code suppliers to receive access to the information from
Shopify-based on-line stores and use it for his or her functions. The API supports every XML and JSON,
and works with such styles of protocol requests as GET, POST, PUT, and DELETE. a desirable issue
value thought is ways in which supported by Shopify API. It works with various ways in which akin to
class, Customer, Order, Product, etc. (you can notice all of them within the API Reference section at the
left bottom of the documentation). every of the ways in which has functions it may be used for and
certain properties. Shopify updates its API all of the time. SaaS app suppliers who ought to figure with
Shopify store data have to be compelled to hear it. they need to look at unendingly what the Shopify API
version has connectedness. Otherwise, the API connection won't be constant and reliable. (api2cart.
com,2020)

Google Ad Sense API

The Google AdSense API is correct for developers whose users manufacture their own content through
blogging, net business enterprise, forum/wiki/community creation, or the alternative application where
substantial web site is generated. victimization the AdSense API, developers can let users converge for
AdSense through their computer or program, generate careful performance reports for users, and elect
but the AdSense revenue is shared with our distribution besides users can produce accounts to store
publisher computer knowledge, then generate ad code snippets and filter unwanted ads. A previous
SOAP version has been deprecated in favor of REST with responses formatted as JSON.

Google Calendar API

The Calendar data API lets users perform most of the operations a regular Google Calendar user can on
the Google Calendar computer. Google Calendar permits consumer applications to look at and update
calendar events at intervals the sort of Google data API, GData, feeds. The Calendar data API lets users
incorporate Calendar utility into their own application or computer. Users will edit calendars,
manufacture and delete events, question for events that match explicit criteria, send invites, and more.
There are many getable uses for the Calendar data API. as degree example, users can manufacture an
online side for a gaggle calendar that uses Google Calendar API As a side. Or a public calendar goes to
be generated for Google Calendar to indicate, supported Associate in Nursing organization event
information. Or users can search relevant calendars to indicate a listing of future events on those
calendars.
PayPal API

PayPal offers on-line payment solutions and has over 153 million customers worldwide. The PayPal
API makes powerful utility accessible to developers by exposing varied choices of the PayPal platform.
practicality includes but isn't limited to invoice management, human action method and account
management.

PriceTree.
PriceTree is an example for Price Comparison APIs. It can be used in an app, blog, or website. It helps
vendors display various prices from online stores. It also lets independent sellers monitor the market and
adjust their own price to appear more competitive. (Cummings, 2019)

These are some alternative APIs that can used for the OZQ-cart and improve the features. OAuth
2.0 API is an API that can used to improve the security of the website. This OZQ-cart is an online
shopping cart and, all the transactions perform through the internet Therefore, they need to consider
about the security of the website. Therefore, this OAuth 2.0 API suitable for this scenario. OAuth 2.0
API is mainly different from other APIs. It mainly focusses about the security. OAuth 2.0 supports a
variety of token types. WS-Security tokens, JWT tokens, legacy tokens, custom tokens, and more can be
configured and implemented across an OAuth 2.0 implementation. Shopping.com API and Google
Shopping Content API are quite similar and these APIs also can used for OZQ-Cart. These APIs are
belonging to ecommerce category and these APIs mainly focus about product category and the product
list. Through these APIs, merchants can access the Cart and sell their products. eBay and most of the
famous shopping carts used these APIs to facilitate their websites. If OZQ-Cart used these APIs, they
also can have more advantages. PriceTree is another API that can used for OZQ-cart. Connecting the
product catalogue to a price comparison API, they can receive periodic notifications regarding price
fluctuations in the industry. This allows make necessary adjustments to the price of their own products.
It will help to improve the profit and sales of the site. These APIs can used for OZQ- Cart.

2.1.2 Design an application that will utilize an API for a given purpose.
Figure 1 - Home page
 Figure 2 - about us

Figure 3 - User Registration

Figure 4 - Product Search

Figure 5 – cart
Figure 6 - order Confirmation

Figure 7 - Order Confirm

2.1.3 design for a chosen substantial application that will utilize a range of APIs. Justify the choice.

According to this scenario ASP.NET Web API framework use for develop the web API. “ASP.NET Web
API is a framework that makes it easy to build HTTP services that reach a broad range of clients,
including browsers and mobile devices. ASP.NET Web API is an ideal platform for building RESTful
applications on the ASP.NET Framework (Tutorialspoint.com, 2019)”. The most common use case of
using Web API is for building RESTful services. OZQ-Cart system needs to develop a Web API and, the
author hopes to build a REST API. Therefore, the ASP.NET framework is more suitable to build a
RESTful services API.
REST APIs uses multiple standards like HTTP, JSON, URL, and XML while SOAP APIs is largely
based on HTTP and XML. As REST API deploys multiple standards, so it takes fewer resources and
bandwidth as compared to SOAP that uses XML for the creation of Payload and results in the large sized
file (Malik, 2019). According to these differences the author selected REST API to build for the OZQ-
online shopping Cart. ASP.NET Framework support for building RESTful services.
Python as a scripting language is fast and productive. It can use to create web-based applications quickly
and the code is highly readable as the fundamental idea behind Python is to incorporate an easily
readable code. Python syntax is easy to understand, well-defined and extensible. APIs built over python
are highly scalable and have an unmatched speed and one of the best frameworks that can be used to
develop a python API is Flask. APIs built over python are highly scalable and have an unmatched speed
and one of the best frameworks that can be used to develop a python API is Flask. This framework and
language also can used to develop the Web API. The Flask has limited support and documentation.
Therefore, the author selects the ASP .NET framework to build the Web API.

ASP .NET works on top of the HTTP protocol, and uses the HTTP commands and policies to set a
browser-to-server two-sided communication and cooperation. ASP.NET significantly reduces the
amount of code required for building large and complex applications which can increase overall
development speed and reduce development costs. It is a main reason to select ASP.NET to develop the
Web API. PHP language also can used to develop the Web API. However, author select the ASP.NET for
develop the Web API. PHP is inexpensive, secure, fast, and reliable.

ASP.NET may be easier to use and maintain because of its class library system. ASP.NET is free and it
is a well-designed Language. ASP .NET Core is multiplatform, that means it can develop on OS X,
Linux and Windows and also, can deploy it to OS X, Linux, FreeBSD or Windows servers. Many people
think it is limited to Windows or Microsoft, but it is not. ASP.NET provides continuous monitoring and
it has a complementary design and rich toolbox in the form of Visual Studio. ASP.NET is easy to learn
and easy to work with it. ASP.NET also have some drawbacks. It has limited support for testing and
SEO and sometimes it has performance issues. However, ASP.NET offers built-in security features
through windows authentication or other authentication methods. According to these advantages and
disadvantages, author select ASP.NET framework for develop the Web API for OZQ-Cart.

Activity 3 - Implement an application in a suitable development environment

3.1 Develop an application with suitable android and web-site wireframes for the proposed system
design in task 2. Provide all the interfaces of the system and the appropriate codes of it.

Android Wireframes
Figure 8 -Android Wireframes
Figure 9- Android Wireframes
 Figure 10- Android Wireframes

Website wireframe
Figure 11 - Web-site Wireframes

Figure 12- Web-site Wireframes

Figure 13 -Web-site Wireframes
Figure 14 -Web-site Wireframes
Figure 15 -Web-site Wireframes
Figure 16 -Web-site Wireframes

Figure 17 -Web-site Wireframes

Figure 18 -Web-site Wireframes

Figure 19 -Web-site Wireframes

ER Diagram

Figure 20 - ER Diagram

Use Case Diagram

Figure 21 - Use Case Diagram
API Code
User controller

Figure 22 - User controller

Cart controller

Figure 23 -Cart controller

Figure 24 – Login
Figure 25 – Item
Figure 26-feedback controller
Figure 27 - get Order
Database
Figure 28 – database
Figure 29 – database
Figure 30- database
Figure 31 – database
Activity 4 - Document the testing of the application, review and reflect on the APIs used
4.1 Design and complete a ‘black box’ and ‘white box’ testing methods for the developed system
and update the system according to the results. Critically evaluate the APIs used within your
application and results of your Test Plan. Include a review of the overall success of your multipage
website and provide a data security report of the application you developed for the above sceanrio.

Test plan Content

 Introduction

 Testing objectives

 Test Scope

 Test Approach

 Test case Template

 Testing procedure

Introduction
OZQ-cart is an online shopping system that facilitates business-to-consumer sales through its website.
OZQ-cart system helps to buy any type of item online by choosing the listed products from the website.
The OZQ-cart have more data to store like item detail, user details order details, payment details… etc.
The author used MYSQL statements to create the database. And Adobe Dreamweaver software and
HTML, CSS, PHP and JavaScript languages to create interfaces and to develop the site. Author used
Visual studio IDE to develop the API using .Net. The author has used a test plan to test the system.

Test objectives.
Main object is to prove all the functions perform perfectly. To verify user and system requirements
contribution to the database. To find errors and make best solutions for it.

Test scope
This is an online shopping cart and it has various functions, such as register user, order a item, add an
item to the cart … etc. Author created various test cases for system testing. Author check actual result
and await result for the test cases and compare the result and finalize a conclusion.
Test Approach
System Testing is the testing of a complete and fully integrated software product. Usually, software is
only one element of a larger computer-based system. Ultimately, software is interfaced with other
software/hardware systems. System Testing is actually a series of different tests whose sole purpose is to
exercise the full computer-based system. (Guru99.com, 2019)
Two Category of Software Testing
 Black Box Testing
 White Box Testing

Black Box Testing

Black-box testing is a method of software testing that examines the functionality of an application based
on the specifications. It is also known as Specifications based testing. It is used to check the
performance of the program without knowing the internal structure of the application. It means the tester
not accessing the source code and test the system. According to the OZQ-Cart system, also use Black-
box testing to test the website functionalities. The tester not require the technical or programming
knowledge to do the test. OZQ-Cart system also tested by using black box testing.

There are some advantages can be identified of Black Box Testing.

 Source code is not required
 Mostly suited and effective for large code segments
 Testers can test the application with no knowledge of implementing or programming language.
 Tests are done from user’s viewpoint

Disadvantages of Black Box Testing also there.

 Limited test cases can be executed
 The tester cannot target specific code segments or error areas, it affects for the blind coverage
 It is difficult to design the test cases
 Quality of coding and standards will be unidentified

White Box Testing

White box testing is a testing technique, that examines the program structure and derives test data from
the program logic/code. The other names of glass box testing are clear box testing, open box testing,
logic driven testing or path driven testing or structural testing. In White box testing, tester tests
functional flow, variable values and calculations of the source code to identify that output is expected or
not.

Advantages of White Box Testing:

 It tells errors in hidden codes
 Helps to optimize the code
 Can remove extra lines of the code that can bring in hidden defects
  It is very easy to find which kind of data can help to test the application effectively due to the
tester has knowledge of source code

Disadvantages of White Box Testing:

 Skilled testers are required to perform white box testing, the cost is increased.
 It needs specialized tools like code analyser and debugging tools for white box testing.
Therefore, it is difficult to maintain white box testing

Testing Procedure
These are the testcase author used to test the website. Author has selected some persons and gave to test
all functions one by one. Then the author can recognize all errors in the system. And also, the user can
identify the efficiency, performance, speed, accuracy and all other things in the system by this testing
procedure.

Test Case

Test case no: - 01

Test case name: - Type the login page URL and load the home page

Test case Input data Expected result Actual result Test

outcome
(Pass/Fa
il
)
 Tester has Typed Display the Home Display the Home Pass
page page
URL on the search
bar in the web
browser

Figure 32 - Home page

Test case no: - 02

Test case name: Enter the invalid user name and password in the login menu

Test case Input data Expected result Actual result Test

outcome
 (Pass/Fa
il
)
Enter the invalid Userna Error message Error message Pass
me:
user name and
shane
password in the
Passwo
login menu
rd 123

Figure 33 - invalid username and password

Test case no: - 03
Test case name: Enter the valid user name and password in the login menu

Test case Input data Expected result Actual result Test outcome
(Pass/Fail)

Enter the valid user Usernam Display the registered Display the Pass
e: user registered users
name and password users home page
home page the
in the login menu Password:123
users

Figure 34 - Login Success

 Figure 35 - After the login (home page)

Test case no: - 04

Test case name: Check all the buttons in the Home page
Test case Input data Expected result Actual result Test outcome
(Pass/Fail)
Click “Register” Display Register
Click the Display Register Page Pass
button Page
button

Click “Login” Click the Display Login Page Display Login Page Pass
button button
Click “Shopping Display Shopping Display Shopping
Click the Pass
cart” button Cart Page Cart Page
button
Click “about us” Display About us Display About us
Click the Pass
button Page Page
button
Figure 36 - about us
Figure 37 - User Registration
 Figure 38 - Product Search

Figure 39 – Login

Test case no: - 05

Test case name: Register a user
 Test case Input data Expected result Actual result Test outcome
(Pass/Fail)
Register a user User name : Display “Registered Display Pass
Test
Password: Successfully” alert box “Registered
Test and
Confirm save data in the database. Successfully”
Password: Test alert
Your Full box and save data
Name:Test
Email::Test@g in the database.
mail.com

Figure 40 - Registered Form

Test case no: - 06

Test case name: Search an item
 Test case Input data Expected result Actual result Test outcome
(Pass/Fail
)
Search Item Click “Search Display product page Display product page Pass
Item” button for Searched Result for Searched Result

Figure 41 - Search Result

Test case no: - 07

Test case name: View item details

Test case Input data Expected result Actual result Test

outcome
(Pass/Fa
il
)
 View item details Type “hair Display hair pins Display hair pins items Pass
pins” in search items details details
bar

Figure 42 - Item Details

Test case no: - 08

Test case name: View cart details

Test case Input data Expected result Actual result Test

outcome
(Pass/Fail
)
 View cart details Click shopping Display shopping Cart Display shopping Cart Pass
Cart icon details page details page

Figure 43 – Cart

Test case no: - 10

Test case name: Buy an item
Test case Input data Expected result Actual result Test
outcome
(Pass/Fa
il
)
Buy an item Click “Buy It Display Payment Display Payment Pass
Now” button details page details page
 Figure 44 - Buy Now

Figure 45 -payment Completed

4.2 Critically evaluate the results of your Test Plan and include a review of the overall success
of your multipage website

OZQ-Cart system tested by using Black box testing and white Box testing. According to the test plan, it
includes 11 test cases. The first test case “Type the Home page URL and load the Home page”. In their
tester try to figure out, when type the URL the home page is loaded or not. According to the test results,
the test case “Pass”. It shows the home page when user type the URL. This test case more important. It
is the first page interact with the user when using the OZQ-Cart. Therefore, this test case needs to pass
and perform well. the next test case is to validate the login page. Firstly, tester enter invalid user name
and password to verify the validation perform well. if the system validates the username and password,
then the system needs to show an error message when user name and password invalid. According to the
test results, the test case “Pass”. It means, the system shows error message when user input an invalid
username or password. It improves the system security and this validation needs to perform well.
according to test result OZQ-Cart login validation is perform well. It improves the security of the
system. The next test case is also, for login interface. The test case is “Enter the valid user name and
password in the login menu”. If the username and password correct, then the registered users home page
needs to display. According to the test results, the test case “Pass”. It means, the system navigates to the
registered users home page when the username and password both are correct. The OZQ-Cart login
validation performs well and it needs to be performed well. if the login validation is not performed well,
then the system security is not improving and users may not satisfy about the system. They will turnover
for another online shopping Cart due to security issues.
The next test case is to test all the buttons in the home page. the home page contains 3 buttons. They are
“Register, Login and shopping cart icon”. The tester test when the button clicks perform well or not. All
the 3 buttons perform well. when the tester clicks them, it shows relevant pages for the tester. If the user
needs to register or login then they can use these buttons. According to the test results, the test case
“Pass”. It means the home page buttons are working properly. The next test case is “Register a user”.
From this test case tester try to figure out the register page is working properly and show the messages
for the user after stored data for the database. According to the test results, the test case “Pass”. It means,
it stores data for the database and show the message for the users. The register function is working
properly in the OZQ-Cart.
The next test case is “View item details”. The tester tries to figure out, the searching option is working
properly. Tester type as “Hari pins” in search bar and search. It shows the items available regarding hair
pins. According to the test results, the test case “Pass”. It means searching option is working properly in
the OZQ-Cart. The searching option is more important in this website. Because, users mostly used this
searching option to find the things that they want. Therefore, it needs to perform well. test result shows
that, OZQ-Cart searching option is working well.
The next test case is “View one item details”. The tester tries to figure out, when selecting a one
searching suggestion, it shows the full details or not. According to the test results, the test case “Pass”. It
means it shows the full details about selected item. The next test case is “View cart details”. Every page
contains a shopping cart icon. Users can add searched and preferred items for that cart. According to the
test results, the test case “Pass”. After clicking the shopping cart icon, it shows the added items for the
shopping cart. It is easy for the users to save the prefeed items and buy it in the next time. It is an
important feature for users and, According, to the test results it performs well.
The next test case is “Buy an item”. It is also an important function. The tester tries to figure out buying
function working properly. After click the “Buy It Now” button item details page, then the website needs
to navigate for payment details page. According to the test results, the test case “Pass”. It shows the
payment details page and use needs to add shipping details and select the payment to buy the product.
After filling the details, user need to click the “confirm and pay” button. OZQ-Cart “buying function”
performs well according, to the test results. The next two test cases about user personal details viewing
and updating. When user click the user icon, the user details needs to show in the page. According to the
test results, the test case “Pass”. It shows the relevant details of the page. if the user needs to update the
user details, there is link to update the personal details. After click that link, they can edit the details and
save it. If the details updated correctly, then the successful message needs to show. According to the test
results, the test case “Pass”. It means, the user personal details viewing and updating functions working
properly. The next test case is submitting a feedback. According to the test results, the test case
“Pass”. It means, users can submit feedback for the OZQ-Cart system. According to the Whitebox
testing test results, all the test cases pass and it means system functions are perform well and the internal
structure is performed well. According to these test cases, overall the OZQ- Cart system, working
properly. It is easy to use and in perform well. all the test cases are passed and it shows the performance
of the website. Overall the OZQ-Car website is success.

4.3 Critically evaluate the APIs used within your application. Provide a data security report of
your application.

OZQ-Cart system used a one customized Web API and it built using ASP.NET framework. It is
customized for the OZQ -Cart and it contains different controllers. Web API works on HTTP. It can be
called or consumed by any kind of application like Mobile App, Desktop App, and Web Application etc.
The RESTful Web APIs are accessible by a variety of HTTP clients like Windows 7, Windows 8,
Android, iPhone, iPad, WPF Client, Windows Phone 8 etc. OZQ-Cart system used a RESTful service
API. These APIs uses low bandwidth. (XML or JSON data) and can pass html content if required.
OZQ- shopping cart RESTful Web API support to handle data of the system. It used different controllers
and functions to manage the data. It used item controller, user controller and etc. these controllers
contain different methods to manage the tasks of the OZQ- shopping cart. Above mention advantages
can gain by using the Web API for OZQ- shopping cart. OZQ- shopping cart uses RESTful API. It gives
an opportunity to retrieve products, customers and orders remotely via XML web service. users can also
request for the data search and retrieve a specific item from the catalog. Shipments and brands can also
be retrieved and modified according to their needs.
These APIs helps to organize even a very complex application into simple resources. RESTful APIs
were designed to take advantage of existing protocols. It means that developers have no need to install
additional software or libraries when creating a REST API. One of the key advantages of REST APIs is
that they provide a great deal of flexibility. REST API contain a lightweight architecture and is good for
devices, which have limited bandwidth like smart cell phones. Then users can use the OZQ- shopping
cart without stuck or freezing.
OZQ- shopping cart is an online one and there are lots of users using the website. Therefore, OZQ-
shopping cart need to cache a lot of requests then REST is the perfect solution. Therefore, author select
the RESTful API for the OZQ- shopping cart. Sometimes, clients could request for the same resource
multiple times. This can increase the number of requests which are sent to the server. By implementing a
cache, the most frequent queries results can be stored in a middle location. whenever the client requests
for a resource, it will first check the cache. If the resources exist then, it will not proceed to the server.
Caching can help in minimizing the number of trips which are made to the web server. Therefore, it
helps to maintain the server and it helps to protect the server. If all the request forward to the server, then
the OZQ- shopping cart website get crash or stuck in the middle. Then users get difficult to shopping
and they will be dissatisfied about the service. Therefore, OZQ- shopping cart used the RESTful Web
API to handle these requests. These are some reasons to select a RESTful API for the OZQ- shopping
cart. It provides more benefits for the OZQ- shopping cart and for users.
Data Security Report for OZQ-Cart

Content of the Data Security Report

1. Introduction
2. Purpose of this document
3. Security Mechanisms

1. Introduction

OZQ-cart is an online shopping system that facilitates business-to-consumer sales through its website.
OZQ-cart system helps to buy any type of item online by choosing the listed products from the website.
The OZQ-cart have more data to store like item detail ,user details, order details, payment details… etc.
The author used MYSQL statements to create the database. And Adobe Dreamweaver software and
HTML, CSS, PHP and JavaScript languages to create interfaces and to develop the site. Author used
Visual studio IDE to develop the API using .Net.

2. Purpose of this document

Security is an important feature for any system. A quality system or a website needs to implement
security feature for the system. OZQ-cart is an online shopping system and it also needs to consider
about data security. It is a product selling website and, all the money transactions are performed through
the internet. All the user’s sensitive data like credit card numbers exchange through this system. This
document is design to identify security mechanism used by the OZQ-cart and the security stability. This
document shows the details of the mechanism used by OZQ-cart.
3. Security Mechanisms

Security mechanism used for develop the system

OZQ- shopping cart use some security mechanism to improve the security of the website. Login and
logout are a security mechanism that used to improve the security of the website. It is easy to use for the
users the easy to develop for the developers. In their Username and password mechanism to check
validity of user or anonymous user is the basic one. Input validations are also applied for OZQ-
shopping cart system to improve the security. When user register the email, verification is applied for the
system. They system can store valid details. After, user passed the first step of authentication it may have
to manage and provide access management, which is mostly done by token mechanism. The main areas
of vulnerability arise from defects in how tokens are generated, allowing an attacker to guess the tokens
issued to other users, and defects in how tokens are handled, enabling an attacker to capture other users’
tokens. OZQ- shopping cart used a token validity time check and difficult encrypted tokens which are
not easily guessed by an attacker. These are some security mechanisms used by OZQ- shopping cart to
improve the security.
An SSL (Secured Socket Layer) certificate is the security standard. It basically encrypts data online
buyers input in the site or shopping cart to protect it from online threats. The encrypted data then goes to
the server or payment processing gateway. An SSL certificate also gives customers the confidence to buy
products on the site. OZQ- shopping cart also use SSL (Secured Socket Layer) certificate for the
website. It helps to improve the security of the website.
OZQ- shopping cart mainly used online transitions. Therefore, it needs to improve the security. OZQ-
shopping cart used an address and credit card verification system for the website. Then they can improve
the security of the website and gives customers the confidence to buy products on the site. The website
and backend software updated is important and OZQ- shopping cart updated automatically once a
month. These are some security mechanisms used by the OZQ- shopping cart. These security
mechanisms improve the security of the system and customers can confidently buy products from the
OZQ- shopping cart.
References

 Beal, V. (2019). API - application program interface. [online] Available at:

https://www.webopedia.com/TERM/A/API.html [Date].

 Differencebetween.net. (2019). Difference Between API and SDK | Difference Between. [online]
Available at: http://www.differencebetween.net/technology/software-technology/difference-
between-api-and-sdk/ [Date].

 restcase.com. (2019). TOP 7 REST API Security Threats. [online] Available at:
https://blog.restcase.com/top-7-rest-api-security-threats/ [Date].

 TrustRadius.com. (2019). postman Reviews. [online] Available at:

https://www.trustradius.com/products/postman/reviews [Date].

 GeeksforGeeks.org. (2019). Introduction to Visual Studio. [online] Available at:

https://www.geeksforgeeks.org/introduction-to-visual-studio/ [[Date]].

 TrustRadius.com. (2019). Visual Studio IDE reviews. [online] Available at:

https://www.trustradius.com/products/visual-studio-ide/reviews [[Date]].

 datawarehouse4u.info. (2019). DreamFactory API: Overview and Review. [online] Available at:
https://www.datawarehouse4u.info/reviews/api-management-software/dreamfactory-overview- and-
review [Date]

 ProgrammableWeb. (2019). Shopping.com. [online] Available at:

https://www.programmableweb.com/api/shoppingcom [[Date]

 ProgrammableWeb. (2019). Google Shopping Content. [online]

Available at: https://www.programmableweb.com/api/google-shopping-content [[Date]].
 Guru99.com. (2019). What is System Testing? Types & Definition with Example. [online] Available
at: https://www.guru99.com/system-testing.html [[Date]].

 Tutorialspoint.com. (2019). White box Testing - Tutorialspoint. [online] Available at:
https://www.tutorialspoint.com/software_testing_dictionary/white_box_testing.htm [[Date]].