API Design and Management Flashcards
Types of API
Open API
Internal API
Partner API
Composite API
API that are used within an organization to facilitate communication between internal systems
Internal API (Private)
example: School Organization.
Private Organizations that only shares within their circle.
Cvsu indang –> Cvsu imus
These APIs are available to developers and users with minimal restrictions.
Open API (Public)
example: Facebook or twitter.
open for all and let its user to interact with their services.
API that are shared externally but with limited access. They are used to integrate with trusted partners, typically under strict agreements.
Partner API
example: Shopee, the trusted partner of shopee is ShopeePay, who offers seamless and cashless transactions.
another example is Messenger as trusted partner of Facebook in terms of messages and calls.
Mostly used in finance industries or businesses.
An API that allow developers to bundle multiple API calls into a single request.
Composite API
example: bank transfer
from Gcash -> Pesonet-> BPI, BPO, Landbank
Types of API Architecture
> RESTful Architecture (Representational State Transfer)
SOAP (Simple Object Access Protocol)
GraphQL
gRPC (Google Remote Procedure Call)
The most widely used API architectural style.
It leverages HTTP methods and stateless communication to interact with uniquely identified by a URI (Uniform Resource Identifier).
RESTful Architecture
Is a protocol that defines strict rules for exchanging structured information using XML.
SOAP (Simple Object Access Protocol)
Developed by Facebook, ______ is a query language for APIs that allows clients to request exactly the data they need.
GraphQL
Is an open-source RPC (Remote Procedure Call) framework that uses HTTP/2 for transport and Protocol Buffers (protobufs) as the interface description language.
gRPC
Securing API (5)
Authentication and Authorization
Rate Limiting
Data Encryption
Input Validation
CORS (Cross Origin Resource Sharing)
3 under Authentication and Authorization
API Keys
OAuth
JWT
Simple token that identify the client making the request.
API Keys
A more robust system that allows secure token-based authentication and authorization.
OAuth
These tokens allows users to securely transmit information between parties.
JWT (JSON Web Tokens)