API Stands for Application Programming Interface API is a software to software interface, not a user interface. It is use to authenticate an application calling the API. APIs use to identify invalid or malicious requests.an API a set of rules how two machines talk to each other. It is a collection of functions, procedures, or methods that are available to be custom web development company in india executed by other software. There are two ways here that will help us understand:
- Identifier
- Authentication
TYPES OF APIs:
Four types of APIs
1- Public APIs: - open source type 2- Private APIs: - closed and internal type, (private APIs are normally not revealed to external users). 3- Partner APIs:- allow two different companies to enter into an exclusive data-sharing agreement. 4- Composite APIs:- combine different service or data APIs |
HOW DO APIS WORK?
There are four types of api work 1- GET: ask for the data from server 2- POST: sends new information to a server 3- PUT: makes changes to existing data on a server 4- DELETE: remove existing information from a server |
CHALLENGES IN API TESTING 1- Test Data Generation 2- Parameter Validation 3- Call Sequencing In Api Testing 4- Keeping Test Suite Updated 5- Monitoring Reporting. |
API REQUIREMENTS 1- SECURITY 2- TESTABILITY 3- SCALIBILITY 4- RELIABILITY 5- USABILITY |
WHY IS API TESTING IMPORTANT?
It easier to identify any bugs in the unit, database, and several levels.api tests are also faster to run and more isolated that ui tests. API testing does not focus on the individual components of an application. api is doneto reveal php web application development company in india all the bugs, deviations or inconsistencies from API. types of api testing: there are many types of API testing 1. functional testing 2. load testing 3. error detection testing 4. security testing 5. validation testing 6. penetration testing
|
HOW DO YOU SECURE USE API? 1. priority security 2. use a strong authentication 3. inventory and manage API 4. encrypt traffics using TLS 5. validate input 6. use rate limiting 7. use firewall 8. don’t expose data
|
SECURITY RISK
CLIENT SECURITY RISK 1. app source code exposure 2. shared passwords
BACKEND SECURITY RISK 1. phishing 2. rate limit 3. db exposure 4. clear text data at rest
NETWORK SECURITY RISKS 1. credential theft |
|
|
LIST OF APIS PROTOCOLS
1. SOAP(simple object access protocols) 2. REST (representational state transfer) 3. GRPC (google remote procedure call) 4. JSON-RPC( JavaScript object notation- remote procedure call) 5. GraphQL (graph query language) 6. Apache thrift |