Hello guys👋👋 ,Prajit here from the BUG XS Team and Cyber Sapiens United LLP Cybersecurity and Red Team Intern, in this I am regularly given some interesting tasks, In my 24th task I was given to research about different types of APIs.
What is an API?
Application Programming Interface (API) is a software interface that allows two applications to interact with each other without any user intervention. API is a collection of software functions and procedures.
In simple terms, API means a software code that can be accessed or executed. API is defined as a code that helps two different software’s to communicate and exchange data with each other.
What is REST API?
REpresentational State Transfer (REST) is an architectural style that defines a set of constraints to be used for creating web services. REST API is a way of accessing web services in a simple and flexible way without having any processing.
REST technology is generally preferred to the more robust Simple Object Access Protocol (SOAP) technology because REST uses less bandwidth, simple and flexible making it more suitable for internet usage.
It’s used to fetch or give some information from a web service. All communication done via REST API uses only HTTP requests.
A request is sent from client to server in the form of a web URL as HTTP GET or POST or PUT or DELETE request.
After that, a response comes back from server in the form of a resource which can be anything like HTML, XML, Image or JSON. But now JSON is the most popular format being used in Web Services.
What is SOAP API?
Simple Object Access Protocol (SOAP) is a standard messaging protocol for operating services like Windows and Linux to communicate via Hypertext Transfer Protocol (HTTP) and Extensible Markup Language (XML).
SOAP is an Application Programming Interface (API), which is a system that allows applications to interact. SOAP APIs can create, update, delete and recover records such as passwords, accounts and custom objects.
SOAP API is extensible, neutral and independent. This allows API developers to maintain accounts and run searches using all programming languages supported by web services.
Web protocols like HTTP can install and run on all operating systems, so with SOAP, you can receive responses independent of the language or platform.
In order to call a SOAP API, you’ll most likely need to include a SOAP library with your programming language. Although it’s possible to make SOAP API calls without SOAP libraries, it’s more efficient to work with an abstraction rather than crafting the messages yourself. The SOAP messages are verbose, mainly due to reliance on XML.
Difference between SOAP and REST API
What is GraphQL?
GraphQL is a query language and server-side runtime for application programming interfaces (APIs) that prioritises giving clients exactly the data they request and no more.
GraphQL is designed to make APIs fast, flexible, and developer-friendly. It can even be deployed within an integrated development environment (IDE) known as GraphiQL.
As an alternative to REST, GraphQL lets developers construct requests that pull data from multiple data sources in a single API call.
Additionally, GraphQL gives API maintainers the flexibility to add or deprecate fields without impacting existing queries.
Developers can build APIs with whatever methods they prefer, and the GraphQL specification will ensure they function in predictable ways to clients.
Some Tools For API Pentesting:
1. Postman:Launched initially as Chrome plugin, Postman has evolved to become a top-tier API testing tool. It is ideal for those who want to test APIs without coding in an integrated development environment using the same language as developers.
2. REST-assured: If you are looking for a framework to test REST services in Java, Rest-assured is a perfect choice.it is an open-source platform with Java Domain-specific language that makes testing REST service simpler.
3. Katalon Studio: Combining UI and Business levels for different environments, Katalon Studio provides a common place to create and execute API/Web services, UI functional, and mobile testing.
This is all for today’s writeup.
Thanks For Reading 😊
BUG XS Official Website: https://www.bugxs.co/