API Hacking Deep Dive, Part 1: Your Starting Point in API Security
Welcome to the API pen testing Series! 😎
So what is API ??
API stands for “Application Programming Interface”. In simple words API helps us to connect two devices, It sets the rule’s for which two entity’s can share information. Almost like a mediator between one application and a other application.
Example
Imagine you’re in a restaurant, and you want to order food. You tell the waiter what you want, and they take your order to the kitchen. The waiter then brings back the food you ordered. In this example:
- You are like an app or user that needs something.
- The waiter is like the API, passing your request to the kitchen and then bringing the response back.
- The kitchen is the system (server) that makes the food based on the order.
Hope this clears up what an API is and how does it work.
In API pen testing “Endpoint” is a common word/terminology you will hear often.
What is a endpoint??
In APIs, endpoints are like specific addresses or points where information or services are provided. Each endpoint represents a specific action or set of data you can interact with.
Example : /posts ,/posts/{id}/comments
note : Don’t you worry that you don’t know what an endpoint is and looks like. As this series moves further you will get familiar with them.
Types of API
REST APIs:
- Description: Representational State Transfer (REST) APIs use standard HTTP methods (GET, POST, PUT, DELETE) for communication and are stateless, meaning each request from the client contains all the information the server needs to fulfill that request.
- Example: GitHub REST API.
Resource : REST API??
GraphQL APIs:
- Description: A query language for APIs that allows clients to request only the data they need. It provides a more flexible and efficient alternative to REST.
- Example: GitHub GraphQL API.
Resource: GraphQL??
Open APIs (Public APIs):
- Description: These are publicly available APIs that developers can use without restrictions. They are often provided by companies to allow third-party developers to build applications that utilize their services.
- Example: Twitter API, Google Maps API.
Internal APIs (Private APIs):
- Description: These APIs are used within an organization and are not exposed to external users. They enable different teams or systems within the organization to communicate and share data.
- Example: An internal API used by a company’s HR system to pull data from a finance system.
Partner APIs:
- Description: These APIs are shared with specific business partners and are not publicly available. Access is usually granted based on a partnership agreement.
- Example: APIs used by partners to integrate with a company’s services, such as a travel agency using an airline’s API for booking flights.
Please do your own exploration on API too, You will learn alot more!!
And that wraps up Part 1 of our deep dive into API hacking! I hope you enjoyed this exploration of what APIs are and how they function in the world of technology.
If you have come all the way here reading the blog, Thank you😀.
