What is Web API?
- An API (Application Programming Interface) is the means by which third parties can write code that interfaces with other code.
- A Web Service is a type of API, one that almost always operates over HTTP (though some, like SOAP, can use alternate transports, like SMTP).
- Web API is typically done as HTTP/SMTP (REST/SOAP), output can be eg: JSON/XML, input can be XML/JSON or plain data.
SOAP vs REST comparison
Origin
REST | SOAP |
– REST (Representational State Transfer) was Created in 2000 by Roy Fielding in UC, Irvine. – Developed in an academic environment, this protocol embraces the philosophy of the open Web |
– SOAP (Simple Object Access Protocol), was created in 1998 by Dave Winer et al in collaboration with Microsoft. – Developed by a large software company, this protocol addresses the goal of addressing the needs of the enterprise market. |
BASIC CONCEPT
REST | SOAP |
– Makes data vailable as resources (nouns), for example “user” or “invoice” | – Makes data available as services (verb + noun), for example “getUser” or “PayInvoice” |
ADVANTAGES
REST | SOAP |
– Follows the philosophy of the Open Web – Relatively easy to implement and maintain – Clearly separates client and server implementations – Communication isn’t controlled by a single entity – Information can be stored by the client to prevent multiple calls – Can return data in multiple formats (JSON, XML etc) |
– Follows a formal enterprise approach – Works on top of any communication protocol, even asynchronously – Information about objects is communicated to clients – Security and authorization are part of the protocol – Can be fully described using WSDL |
DISADVANTAGES
REST | SOAP |
– Only works on top of the HTTP protocol. – Hard to enforce authorization and security on top of it |
– Spends a lot of bandwidth communicating metadata. – Hard to implement and is unpopular among Web and mobile developers. – Uses only XML. |
WHEN TO USE
REST | SOAP |
– When clients and servers operate on a Web environment – When information about objects doesn’t need to be communicated to the client |
– When clients need to have access to objects available on servers – When you want to enforce a formal contract between client and server |
COMMON USE CASES
REST | SOAP |
– Social Media services – Social Networks – Web Chat services – Mobile Services – Synchronize applications |
– Financial services – Payment gateways – Telecommunication services |
POPULAR EXAMPLES
REST | SOAP |
– Facebook APIs – Google APIs – YouTube APIs – Twitter APIs – LinkedIn APIs – Instagram APIs |
– Salesforce SOAP API – Paypal SOAP API – Clickatell SMS SOAP API – Almost Banking Systems |
APIs Security
- IPs Whitelist
- Authentication (Oauth, Api Key…)
- Username/Password Scenarios
- Security Tokens + Signature
- Namespaces Required
- The Header
Caching Data
Why to optimize?
- Increase visitor retention/engagement and loyalty.
- Better ranking on Google Search (SEO).
- Reduce the response time.
- Improve page load time.
- Make the customer happier.
- Reduce network throughput in some types of optimization.
- Save customer money on bandwidth (mobile network).
- Helps the environment saving energy.
- COST !!!
COST !!!
- Reduce resource usage (CPU/Memory/DiskIO)
- Reduce network throughput
- Reduce requests queueing
- Reduce number or size of instances
- Increase number of concurrent requests per instance
Cache Types
- APC Cache
- Memcache
- Files Cache
- Severs Cache (Redis, Varnish)
Logging
Why to log?
- Storage any actions from users
- Tracking system problems
- Code checking
- Customer support quickly
- Logging
- Avoid legal risks
Logging Levels
- FATAL
- ERROR
- WARNING
- INFO
- DEBUG
Testing
Why should we do API testing?
Can help find/isolate problems:
- Security
- Robustness
- Functionality
- Testing
Reduce business costs