Web APIs
Web APIs
- Interface for software apps to communicate over the web.
- Acts as a bridge between server (data/functionality) and client (browser/app).
- Supports integration regardless of tech/language.
REST (Representational State Transfer) APIs
- Stateless, client-server model.
- Uses HTTP methods:
GET,POST,PUT,DELETE. - CRUD (Create, Read, Update, Delete) operations on resource URLs.
- Lightweight data (JSON/XML).
Example:
GET /users/123
SOAP (Simple Object Access Protocol) APIs
- Standardized, formal protocol using XML.
- Encapsulates messages in SOAP envelopes.
- Transmitted over HTTP or SMTP.
- Includes security, reliability, transaction features.
Example:
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:tem="http://tempuri.org/">
<soapenv:Header/>
<soapenv:Body>
<tem:GetStockPrice>
<tem:StockName>AAPL</tem:StockName>
</tem:GetStockPrice>
</soapenv:Body>
</soapenv:Envelope>
GraphQL
- Single endpoint; flexible query language.
- Avoids over-fetching/under-fetching (Common in REST APIs).
- Strong typing, introspection for evolvable APIs.
- make it easier to evolve APIs over time without breaking existing clients, making it a popular choice for modern web and mobile applications.
Example:
query {
user(id: 123) {
name
email
}
}
Advantages of Web APIs
- Standardized data access and manipulation.
- Supports third-party integrations (e.g., login, payments).
- Enables code reuse and composite apps.
- Foundation for microservices architecture: scalable, flexible, resilient.
Web APIs vs Web Servers
- Different structure and communication patterns.
- For fuzzing: focus on API endpoints/parameters over directories/files.
- Pay attention to request/response data formats.
| Feature | Web Server | API (Application Programming Interface) |
|---|---|---|
| Purpose | Primarily designed to serve static content (HTML, CSS, images) and dynamic web pages (generated by server-side scripts). | Primarily designed to provide a way for different software applications to communicate with each other, exchange data, and trigger actions. |
| Communication | Communicates with web browsers using the HTTP (Hypertext Transfer Protocol). | Can use various protocols for communication, including HTTP, HTTPS, SOAP, and others, depending on the specific API. |
| Data Format | Primarily deals with HTML, CSS, JavaScript, and other web-related formats. | Can exchange data in various formats, including JSON, XML, and others, depending on the API specification. |
| User Interaction | Users interact with web servers directly through web browsers to view web pages and content. | Users typically do not interact with APIs directly; instead, applications use APIs to access data or functionality on behalf of the user. |
| Access | Web servers are usually publicly accessible over the internet. | APIs can be publicly accessible, private (for internal use only), or partner (accessible to specific partners or clients). |
| Example | When you access a website like https://www.example.com, you are interacting with a web server that sends you the HTML, CSS, and JavaScript code to render the web page in your browser. |
A weather app on your phone might use a weather API to fetch weather data from a remote server. The app then processes this data and displays it to you in a user-friendly format. You are not directly interacting with the API, but the app is using it behind the scenes to provide you with the weather information. |