Scribd
Upload
211 views4 pages

API Hacking RESTful API 1

RESTful APIs allow clients to access and manipulate textual representations of web resources using a standardized interface and simple operations like GET, POST, PUT, and DELETE. They operate on a client-server architecture and aim to be stateless, cacheable, layered, and use a uniform interface. A RESTful API exposes endpoints, or URLs, that are used to perform CRUD operations on collections of resources. Common request and response headers like Authorization, Content-Type, and middleware headers starting with "X-" provide information about authentication, content types, and API response times. API specifications like OpenAPI and RAML help standardize documentation and design of RESTful APIs.

Uploaded by

mogogot
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
211 views4 pages

API Hacking RESTful API 1

RESTful APIs allow clients to access and manipulate textual representations of web resources using a standardized interface and simple operations like GET, POST, PUT, and DELETE. They operate on a client-server architecture and aim to be stateless, cacheable, layered, and use a uniform interface. A RESTful API exposes endpoints, or URLs, that are used to perform CRUD operations on collections of resources. Common request and response headers like Authorization, Content-Type, and middleware headers starting with "X-" provide information about authentication, content types, and API response times. API specifications like OpenAPI and RAML help standardize documentation and design of RESTful APIs.

Uploaded by

mogogot
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 4

API Hacking- RESTful API ( P-2 )

API consumer can request resources


API Endpoints :
from API endpoints, which is a URL for
example.com/api/3/users interacting with part of API
example.com/api/v3/customers

example.com/api/users

example.com/users

Collection: a group of
resources such as
/api/profiles/users Acronym CRUD
Stands for Create, Read, Update and
Subcollection:
Delete
refers to collection within a particular
resource Create a process of making new
req. accomplished through POST
/api/users/{user_id}/settings
method

Gateway: Read data retrieval, through GET


filters bad request req.

Update: record modification through


monitor incoming traffic
POST OR PUT overwritten
route each req. to proper service or
Delete: Erasing record through
microservice
Delete or POST
it also handles security controls
such as authentication, encryption
6 Constraint
in transit using ssl, rate limit, load
balancing Restful API depends on 6
Constants, Rest is essentially a set
Microservices: of guidelines for an HTTP resource-
based architecture.
Modular piece of web app that handles
a specific function

API Hacking- RESTful API ( P-2 ) 1


💡 API Doc. might user colon or
square bracket or curly
1. Uniform Interface: RestAPI
Should have a uniform
interface, the req. devices
bracket
should not matter. All be able to
/api/v2/:customer_id or
access server in same way
/api/v2/[customer_id] or
/api/v2/{customer_id} 2. Client/ Server: RestAPI Should
have client/ Server architecture,
client are consumer of req. info.
Standard web API Types while server are provider of that
Restful API: info.

Rest stands for representation state 3. Stateless: RestAPI should not


transfer require stateful communication

it is set of Architectural constrant 4. Cacheable: Response from


that defines how web shoulid work Rest API Provider should
indicate weather the response
designed to improve upon
is cacheable
inefficiencies of other older APIs,
such as SOAP API 5. Layered System: Client should
be able to req. data from
Rest API Primiarly user the HTTP
endpoint without knowing about
method GET, POST, PUT &
the underlying server
DELETE to accomplish CRUD
architecture

6. Code on Demand (Optional):


Allows for code to be send to
the client for execution

RESTful API may be different. It may have different method beyond CRUD It’s our
set of authentication requirement, subdomain instead of Endpoint different rate-limit
requirement

It can be configured to call their RestAPI without adhering to the standard

An RestAPI GET req. used to find out how many bedsheet are in store inventory

GET /api/v3/inventory item/pillow HTTP/1.1 HTTP/1.1 200 OK


HOST: rest-shop.com Server: RESTful server/0.1
User-Agent: Google/11.0 Cache-control: no store
Content-type: application/json

API Hacking- RESTful API ( P-2 ) 2


Accept: application/json {
REQUEST "item":{
"id":00101
"name": "bedsheet"
"count": 25
rest-shop.com provided all information it had about "price":{
bedsheet consumer need to filter the response if "currency": "USD"
"value":"19.99"
they need some specific details like only name & }
value. }
}
RESPONSE

The amount of data sent back is depends on how


API is being programmed by the API providers

Some Common Headers from that it’s high probability that it


could be RESTful API

1. Authorization: used to pass the token or credentials to the API Providers

Authorization: Bearer Abdf123Ab

2. Content-type

used to indicate the type of media being transferred these diff from Accept, which
states the media type you want to receive.

application/json

application/xml

application/x-www-urlencoded

3. Middle (x) header

X-(anything) headers are known as middleware headers. They are fairly common
outside API req. as well.

x-response-time used to indicate how long response took to process

There are many but you get idea x-(anything) middleware headers can provide a lot
of useful information to API consumers and hackers alike

RESTful API Specification

API Hacking- RESTful API ( P-2 ) 3


API Specification are framework that help org. design their APIs, automatically create
consistent human-readable doc.

OpenAPI Specification 3.0 (OAS), known as Swagger - one of the leading


specifications for RESTful API. OAS helps organize and manage API by allowing
to describe endpoints, resources, operations and authentication, and
authorization req.

RESTful API Modeling Language. RAML is an open specification that works


with YAML for document formatting. Similar to OAS, RAML designed to
document, design, build, and test REST APIs

API Hacking- RESTful API ( P-2 ) 4

You might also like