Web services (APIs)

What is Web API?

  • An API (Application Programming Interface) is the means by which third parties can write code that interfaces with other code.
  •  A Web Service is a type of API, one that almost always operates over HTTP (though some, like SOAP, can use alternate transports, like SMTP).
  • Web API is typically done as HTTP/SMTP (REST/SOAP), output can be eg: JSON/XML, input can be XML/JSON or plain data.

SOAP vs REST comparison


– REST (Representational State Transfer) was Created in 2000 by Roy Fielding in UC, Irvine.
– Developed in an academic environment, this protocol embraces the philosophy of the open Web
– SOAP (Simple Object Access
Protocol), was created in 1998 by Dave Winer et al in collaboration
with Microsoft.
– Developed by a large software company, this protocol addresses the goal of addressing the needs of the enterprise market.


– Makes data  vailable as resources (nouns), for example “user” or “invoice”– Makes data available as services (verb + noun), for example “getUser” or “PayInvoice”


– Follows the philosophy of the Open Web
– Relatively easy to implement and maintain
– Clearly separates client and server implementations
– Communication isn’t controlled by a single entity
– Information can be stored by the client to prevent multiple calls
– Can return data in multiple formats (JSON, XML etc)
– Follows a formal enterprise
– Works on top of any communication protocol, even asynchronously
– Information about objects is communicated to clients
– Security and authorization are part of the protocol
– Can be fully described using WSDL


– Only works on top of the HTTP
– Hard to enforce authorization and security on top of it
– Spends a lot of bandwidth communicating metadata.
– Hard to implement and is unpopular among Web and mobile developers.
– Uses only XML.


– When clients and servers operate on a Web environment
– When information about objects doesn’t need to be communicated to the client
– When clients need to have access to objects available on servers
– When you want to enforce a formal contract between client and server


– Social Media services
– Social Networks
– Web Chat services
– Mobile Services
– Synchronize applications
– Financial services
– Payment gateways
– Telecommunication services


– Facebook APIs
– Google APIs
– YouTube APIs
– Twitter APIs
– LinkedIn APIs
– Instagram APIs
– Salesforce SOAP API
– Paypal SOAP API
– Clickatell SMS SOAP API
– Almost Banking Systems

APIs Security

  • IPs Whitelist
  • Authentication (Oauth, Api Key…)
  • Username/Password Scenarios
  • Security Tokens + Signature
  • Namespaces Required
  • The Header

Caching Data

Why to optimize?

  • Increase visitor retention/engagement and loyalty.
  • Better ranking on Google Search (SEO).
  • Reduce the response time.
  • Improve page load time.
  • Make the customer happier.
  •  Reduce network throughput in some types of optimization.
  • Save customer money on bandwidth (mobile network).
  • Helps the environment saving energy.
  • COST !!!

COST !!!

  • Reduce resource usage (CPU/Memory/DiskIO)
  • Reduce network throughput
  • Reduce requests queueing
  • Reduce number or size of instances
  • Increase number of concurrent requests per instance

Cache Types

  • APC Cache
  • Memcache
  • Files Cache
  • Severs Cache (Redis, Varnish)


Why to log?

  • Storage any actions from users
  • Tracking system problems
  • Code checking
  • Customer support quickly
  • Logging
  • Avoid legal risks

Logging Levels

  • INFO


Why should we do API testing?

Can help find/isolate problems:

  • Security
  • Robustness
  • Functionality
  • Testing

Reduce business costs

Sliding Sidebar

About Me

About Me

Hello, my name is Dũng (Johnny). Welcome to my blog.

As I’m a developer, I write about topics related to the field of programming, mainly from a technical point of view. On this blog you’ll find posts which encourage discussion, information about development trends, case studies, reviews, tutorials, tips on how to improve your effectiveness, and anything else that might be fascinating to people from the IT industry.
I love PHP, NodeJS, Java,... and Fullstack.