What is Web API?
- An API (Application Programming Interface) is the means by which third parties can write code that interfaces with other code.
- A Web Service is a type of API, one that almost always operates over HTTP (though some, like SOAP, can use alternate transports, like SMTP).
- Web API is typically done as HTTP/SMTP (REST/SOAP), output can be eg: JSON/XML, input can be XML/JSON or plain data.
SOAP vs REST comparison
|– REST (Representational State Transfer) was Created in 2000 by Roy Fielding in UC, Irvine.|
– Developed in an academic environment, this protocol embraces the philosophy of the open Web
|– SOAP (Simple Object Access|
Protocol), was created in 1998 by Dave Winer et al in collaboration
– Developed by a large software company, this protocol addresses the goal of addressing the needs of the enterprise market.
|– Makes data vailable as resources (nouns), for example “user” or “invoice”||– Makes data available as services (verb + noun), for example “getUser” or “PayInvoice”|
|– Follows the philosophy of the Open Web|
– Relatively easy to implement and maintain
– Clearly separates client and server implementations
– Communication isn’t controlled by a single entity
– Information can be stored by the client to prevent multiple calls
– Can return data in multiple formats (JSON, XML etc)
|– Follows a formal enterprise|
– Works on top of any communication protocol, even asynchronously
– Information about objects is communicated to clients
– Security and authorization are part of the protocol
– Can be fully described using WSDL
|– Only works on top of the HTTP|
– Hard to enforce authorization and security on top of it
|– Spends a lot of bandwidth communicating metadata.|
– Hard to implement and is unpopular among Web and mobile developers.
– Uses only XML.
WHEN TO USE
|– When clients and servers operate on a Web environment|
– When information about objects doesn’t need to be communicated to the client
|– When clients need to have access to objects available on servers|
– When you want to enforce a formal contract between client and server
COMMON USE CASES
|– Social Media services|
– Social Networks
– Web Chat services
– Mobile Services
– Synchronize applications
|– Financial services|
– Payment gateways
– Telecommunication services
|– Facebook APIs|
– Google APIs
– YouTube APIs
– Twitter APIs
– LinkedIn APIs
– Instagram APIs
|– Salesforce SOAP API|
– Paypal SOAP API
– Clickatell SMS SOAP API
– Almost Banking Systems
- IPs Whitelist
- Authentication (Oauth, Api Key…)
- Username/Password Scenarios
- Security Tokens + Signature
- Namespaces Required
- The Header
Why to optimize?
- Increase visitor retention/engagement and loyalty.
- Better ranking on Google Search (SEO).
- Reduce the response time.
- Improve page load time.
- Make the customer happier.
- Reduce network throughput in some types of optimization.
- Save customer money on bandwidth (mobile network).
- Helps the environment saving energy.
- COST !!!
- Reduce resource usage (CPU/Memory/DiskIO)
- Reduce network throughput
- Reduce requests queueing
- Reduce number or size of instances
- Increase number of concurrent requests per instance
- APC Cache
- Files Cache
- Severs Cache (Redis, Varnish)
Why to log?
- Storage any actions from users
- Tracking system problems
- Code checking
- Customer support quickly
- Avoid legal risks
Why should we do API testing?
Can help find/isolate problems:
Reduce business costs