Integrations and APIs

(OBJ 4.7)

Integration

• Combining subsystems or components into a single, functioning system
• To ensure that they are all functioning together

API (Application Programming Interface)

• Set of rules and protocols used for building and integrating application software
• Using a specific Data Exchange format.
• Enable software developers to access functions or features of another application programmatically
• By using an API, we can automate
  • Administration
  • Management
  • Monitoring

API Communication

• APIs facilitate communication between different parts of a microservice or service-oriented architecture
• Allows automation of administration, management, and monitoring of services and cloud-based infrastructures
• Common communication methods used by APIs
  • REST (Representational State Transfer)
    • Architectural style that uses standard HTTP methods, status codes, URIs, and MIME types for interactions
    • Primarily uses JSON for data transfer
    • Lightweight protocol suitable for integrating with existing websites without extensive modifications
      • REST is more straightforward and adaptable to utilize
  • SOAP (Simple Object Access Protocol)
    • Protocol that defines a strict standard with a set structure for the message, usually in XML format
      • SOAP has a structured message format in XML
    • Known for robustness, additional security features, and transaction compliance
    • Suitable for enterprise-level web services with complex transactions and regulatory compliance requirements

Benefits of API Integrations

• Improved efficiency and consistency
• Allows direct integration of third-party applications into web applications
  • Call on someone else function, let them do they work and just share the results back to us
• Most cloud based providers allows us to perform
  • Provisioning
  • Configuration
  • Deprovisioning
• Reduces the need to build entire services from scratch
• Example
  • Udemy has an API that allows anyone to programmatically read and respond to any Q&A posts

API Testing with CURL

• CURL

  • A tool for transferring data to or from a server using various supported protocols
    • HTTP
    • HTTPS
    • FTP
    • FTPS
    • SCP
    • SFTP
    • TFTP
    • DICT
    • TELNET
    • LDAP
    • FILE

• Commonly used protocols for API testing are HTTP and HTTPS

• Use CURL to send data to an API and receive a response for testing

  Example using the basic command curl --data [argument] [URL of the API]

  ┌──(macc㉿kaliLab)-[~/Downloads]
  └─$ curl --data "firstname=boolean&lastname=world" https://httpbin.org/post
  {
    "args": {},
    "data": "",
    "files": {},
    "form": {
      "firstname": "boolean",
      "lastname": "world"
    },
    "headers": {
      "Accept": "*/*",
      "Content-Length": "32",
      "Content-Type": "application/x-www-form-urlencoded",
      "Host": "httpbin.org",
      "User-Agent": "curl/8.14.1",
      "X-Amzn-Trace-Id": "Root=1-688672a5-0738534a41c7567418e451cd"
    },
    "json": null,
    "origin": "201.146.60.37",
    "url": "https://httpbin.org/post"
  }
  

• For the httpbin API, we will receive something in a JSON format that has data that includes a list of arguments and fields that came back from that particular API.

• CURL allows sending data to an API and receiving a JSON response

• Helpful for software developers and cybersecurity professionals, especially in penetration testing scenarios