API Design and Management

Question 1

Types of API

Answer 1

Open API
Internal API
Partner API
Composite API

Question 2

API that are used within an organization to facilitate communication between internal systems

Answer 2

Internal API (Private)

example: School Organization.

Private Organizations that only shares within their circle.

Cvsu indang –> Cvsu imus

Question 3

These APIs are available to developers and users with minimal restrictions.

Answer 3

Open API (Public)

example: Facebook or twitter.

open for all and let its user to interact with their services.

Question 4

API that are shared externally but with limited access. They are used to integrate with trusted partners, typically under strict agreements.

Answer 4

Partner API

example: Shopee, the trusted partner of shopee is ShopeePay, who offers seamless and cashless transactions.

another example is Messenger as trusted partner of Facebook in terms of messages and calls.

Mostly used in finance industries or businesses.

Question 5

An API that allow developers to bundle multiple API calls into a single request.

Answer 5

Composite API

example: bank transfer

from Gcash -> Pesonet-> BPI, BPO, Landbank

Question 6

Types of API Architecture

Answer 6

> RESTful Architecture (Representational State Transfer)
SOAP (Simple Object Access Protocol)
GraphQL
gRPC (Google Remote Procedure Call)

Question 7

The most widely used API architectural style.

It leverages HTTP methods and stateless communication to interact with uniquely identified by a URI (Uniform Resource Identifier).

Answer 7

RESTful Architecture

Question 8

Is a protocol that defines strict rules for exchanging structured information using XML.

Answer 8

SOAP (Simple Object Access Protocol)

Question 9

Developed by Facebook, ______ is a query language for APIs that allows clients to request exactly the data they need.

Answer 9

GraphQL

Question 10

Is an open-source RPC (Remote Procedure Call) framework that uses HTTP/2 for transport and Protocol Buffers (protobufs) as the interface description language.

Answer 10

gRPC

Question 11

Securing API (5)

Answer 11

Authentication and Authorization
Rate Limiting
Data Encryption
Input Validation
CORS (Cross Origin Resource Sharing)

Question 12

3 under Authentication and Authorization

Answer 12

API Keys
OAuth
JWT

Question 13

Simple token that identify the client making the request.

Answer 13

API Keys

Question 14

A more robust system that allows secure token-based authentication and authorization.

Answer 14

OAuth

Question 15

These tokens allows users to securely transmit information between parties.

Answer 15

JWT (JSON Web Tokens)

Question 16

APIs can be subject to abuse, such as being overwhelm with request.

Answer 16

Rate Limiting

Question 17

All data transmitted through APIs, especially sensitive data, should be encrypted using SSL/TLS

Answer 17

Data Encryption

Question 18

APIS should always validate incoming data, ensuring it matches expected formats and types, and should sanitize data before processing.

Answer 18

Input Validation

Question 19

____ policies control which domains can make requests to the API, helping to prevent unauthorized cross-site request and ensuring that only trusted domains interact with the API.

Answer 19

CORS (Cross Origin Resource Sharing)