DEV Community

Sakshi
Sakshi

Posted on • Edited on

How does an API work???

Continuing where I left, this blog is next in series after short introduction of API design

HTTP makes the web work!!🌐

HTTP is protocol, XML is markup language, JSON is notation

REST is none of the above.

SOAP has a very fixed process, detailed scenarios, complex error handling.
REST has very few requirements, flexible based on needs and patterns.

HTTP is well understood protocol that is simple and powerful, every request and response has two parts, header and payload.
Payload is HTML, JSON, XML, or whatever comes there you can view, interact and process.

HTTP codes

2XX :

200 OK - Request successful
201 Created - Resources successfully created
202 Accepted - Identify that action is underway but not completed yet
204 No content - Delete a resource

3XX :

301 - Moved permanently
302 - Moved temporarily

4XX :

400 - Bad request
401 - Authentication required
402 - Forbidden
404 - Not found

HTTP Response Codes : 100s

100-199 : Informational
200-299 : Success
300-399 : Redirect
400-499 : Client Error
500-599 : Server Error

Content-Type - A header that identifies type of payload being provided by server from normal web browser, it'll be normal HTML.

Media types are named and structured payload that allow client to be customize to handle them.

REST API Constrains

  1. Client Server Architecture - API should be designed for this
  2. Stateless Architecture - Every request should be processed independently of each other
  3. Layered System
  4. Cacheable
  5. Code on demand
  6. Uniform interfaces

For details please refer

Authentication and Authorization

Authentication means establishing who you are, login with credentials.

Authorization established your permissions.
APIs have authorization factors, like who you are, your group membership, subscription level, context etc

  1. API keys
    Long string issues by API provider, appended to URL, not secure as URLs are not safe

  2. OAuth
    Authorization protocol, upon authentication, a token maps to an authentication description.

API Versioning

  • Versioning in URL
  • Versioning via the accept header

Thanks for reading πŸ™Œ

Top comments (0)