Higher Nationals

Internal verification of assessment decisions – BTEC (RQF)

INTERNAL VERIFICATION – ASSESSMENT DECISIONS
Programme title Higher National Diploma in Computing

Assessor Mis Kawshi Ekanayaka Internal Verifier

Unit(s) Unit 29 – Application Program Interfaces

Assignment title online shopping system for OZQ company

Student’s name Parindya Sathsarani

List which assessment criteria Pass Merit Distinction

the Assessor has awarded.

INTERNAL VERIFIER CHECKLIST

Do the assessment criteria awarded match

those shown in the assignment brief? Y/N

Is the Pass/Merit/Distinction grade awarded

justified by the assessor’s comments on the Y/N
student work?
Has the work been assessed Y/N
accurately?
Is the feedback to the student:
Give details:
• Constructive? Y/N
• Linked to relevant assessment criteria? Y/N
Y/N
• Identifying opportunities for
improved performance?
Y/N
• Agreeing actions?
Does the assessment decision need Y/N
amending?
Assessor signature Date

Internal Verifier signature Date

Programme Leader signature (if required) Date
Confirm action completed
Remedial action taken
Give details:

Assessor signature Date

Internal Verifier Date

signature
Programme Leader Date
signature (if required)
Higher Nationals - Summative Assignment Feedback Form
Student Name/ID Parindya Sathsarani

Unit Title Unit 29 – Application Program Interfaces

Assignment Number 1 Assessor

Submission Date
18/08.2023 Date Received 18/08.2023
1st submission

Re-submission Date Date Received 2nd

submission
Assessor Feedback:
LO1 Examine what an API is, the need for APIs and types of APIs
Pass, Merit & DistinctionP1 M1 D1
Descripts

LO2 Apply the knowledge of API research to design an application that incorporates relevant APIs for a
given scenario or a substantial student chosen application
Pass, Merit & DistinctionP2 M2 D2
Descripts

LO3 Implement an application in a suitable development environment

Pass, Merit & DistinctionP3 M3 D3
Descripts

LO4 Document the testing of the application, review and reflect on the APIs used
Pass, Merit & DistinctionP4 M4 D4
Descripts

Grade: Assessor Signature: Date:

Resubmission Feedback:

Grade: Assessor Signature: Date:

Internal Verifier’s Comments:

Signature & Date:

* Please note that grade decisions are provisional. They are only confirmed once internal and external moderation has taken place and grades
decisions have been agreed at the assessment board.

Assignment Feedback

Paridya sathsarani samarasinghe

 Formative Feedback: Assessor to Student

Action Plan

Summative feedback

Feedback: Student to Assessor

Assessor Date
signature
[email protected] 18/08.2023
Student m Date
signature

Paridya sathsarani samarasinghe

 Pearson Higher Nationals in
Computing
Unit 29 – Application Program
Interfaces

Paridya sathsarani samarasinghe

General Guidelines

1. A Cover page or title page – You should always attach a title page to your assignment. Use previous
page as your cover sheet and make sure all the details are accurately filled.
2. Attach this brief as the first section of your assignment.
3. All the assignments should be prepared using a word processing software.
4. All the assignments should be printed on A4 sized papers. Use single side printing.
5. Allow 1” for top, bottom , right margins and 1.25” for the left margin of each page.

Word Processing Rules

1. The font size should be 12 point, and should be in the style of Times New Roman.
2. Use 1.5 line spacing. Left justify all paragraphs.
3. Ensure that all the headings are consistent in terms of the font size and font style.
4. Use footer function in the word processor to insert Your Name, Subject, Assignment No, and Page
Number on each page. This is useful if individual sheets become detached for any reason.
5. Use word processing application spell check and grammar check function to help editing your
assignment.

Important Points:

1. It is strictly prohibited to use textboxes to add texts in the assignments, except for the compulsory
information. eg: Figures, tables of comparison etc. Adding text boxes in the body except for the
before mentioned compulsory information will result in rejection of your work.
2. Carefully check the hand in date and the instructions given in the assignment. Late submissions will
not be accepted.
3. Ensure that you give yourself enough time to complete the assignment by the due date.
4. Excuses of any nature will not be accepted for failure to hand in the work on time.
5. You must take responsibility for managing your own time effectively.
6. If you are unable to hand in your assignment on time and have valid reasons such as illness, you
may apply (in writing) for an extension.
7. Failure to achieve at least PASS criteria will result in a REFERRAL grade .
8. Non-submission of work without valid reasons will lead to an automatic RE FERRAL. You will then
be asked to complete an alternative assignment.
9. If you use other people’s work or ideas in your assignment, reference them properly using
HARVARD referencing system to avoid plagiarism. You have to provide both in-text citation and a
reference list.
10. If you are proven to be guilty of plagiarism or any academic misconduct, your grade could be
reduced to A REFERRAL or at worst you could be expelled from the course

Paridya sathsarani samarasinghe

Student Declaration

I hereby, declare that I know what plagiarism entails, namely to use another’s work and to present it as my
own without attributing the sources in the correct form. I further understand what it means to copy
another’s work.

1. I know that plagiarism is a punishable offence because it constitutes theft.

2. I understand the plagiarism and copying policy of Edexcel UK.
3. I know what the consequences will be if I plagiarise or copy another’s work in any of the
assignments for this program.
4. I declare therefore that all work presented by me for every aspect of my program, will be my own,
and where I have made use of another’s work, I will attribute the source in the correct way.
5. I acknowledge that the attachment of this document signed or not, constitutes a binding
agreement between myself and Pearson, UK.
6. I understand that my assignment will not be considered as submitted if this document is not
attached to the assignment.

[email protected] 18/08.2023

Student’s Signature: Date:

(Provide E-mail ID) (Provide Submission Date)

Paridya sathsarani samarasinghe

Higher National Diploma in Business
Assignment Brief
Student Name /ID Number Parindya Sathsarani
Unit Number and Title Unit 29- Application Program Interfaces

Academic Year 2021/2022

Unit Tutor

Assignment Title

Issue Date

Submission Date 18/08.2023

IV Name & Date

Submission format

Part 1 – Report: The submission should be in the form of an individual written report. This should
be written in a concise, formal business style using single spacing and font size 12. You are required
to make use of headings, paragraphs and subsections as appropriate, and all work must be
supported with research. You must provide in-text citations and the reference list using Harvard
referencing system.

Part 2: Fully functional web solution.

The recommended word count for the report is 4,000–4,500 words excluding annexures. Note
that word counts are indicative only and you would not be penalised for exceeding the word.
Minimum word count – 4,000
Maximum word count – 5,500

Paridya sathsarani samarasinghe

Scenario
“ELEKS “ is a Top 100 Global Outsourcing company. You work as an apprentice web developer for
ELEKS . As part of your role, you have been asked to create an online shopping system for OZQ
company.
Online shopping has grown its popularity over the years, mainly because people find it convenient
and easy to shop from the comfort of their own home or office. This is one of the most enticing
factors about online shopping Because of these reasons OZQ company has decided to develope an
online shopping system.
OZQ-cart has facilitates business-to-consumer sales through its website. OZQ-cart system helps to
buy any type of item online by choosing the listed products from the website. Following are the
functional requirements of the system.

 Registration – Customers can view the store but only the members can buy items. To
become a member of the website, the customer need to register for the membership.
 Login page - The Login page is peripheral of the secure area of the system and allows the
user to log onto the web application. The user can view the store and add their order to the
shopping cart.
 Shopping cart – Member can add their searched items to the cart.
 User Profile - The User Profile page is an area that allows the users to maintain their own
information. The user can browse and search the items and add to the shopping cart.
 Item Search and Select - Each customer must be able to view the status of the placed order.
 Feedbacks – user can provide opinions/ feedback to the site.

Following are the non-functional requirements of the system.

 Performance
 Usability
 Reliability and availability
 Security

Develop a web based solution for the above scenario.

Activity 1 - Examine what an API is, the need for APIs and types of APIs.

Paridya sathsarani samarasinghe

 1.1 Examin What is an API (Application Program Interface) ,types and the benefits of APIs and
evaluate the potential security issues surrounding APIs with reference .
1.2 Examin the differences between API and SDK and Assess a range of APIs that covers a range
of users of the proposed solution.

Activity 2 - Apply the knowledge of API research to design an application that incorporates
relevant APIs for a given scenario or a substantial student chosen application
2.1 Apply the knowledge of API research and Analyse the alternative solutions similar to the
proposed system that could be enhanced by a suitable API. Design an application that will
utilize a range of APIs for the proposed solution and justify the design choices used.

Activity 3 - Implement an application in a suitable development environment

3.1 Develop an application with suitable android and web-site wireframes for the proposed
system design in task 2. Provide all the interfaces of the system and the appropriate codes
of it.

Activity 4 - Document the testing of the application, review and reflect on the APIs used
4.1 Design and complete a ‘black box’ and ‘white box’ testing methods for the developed
system and update the system according to the results. Critically evaluate the APIs used
within your application and results of your Test Plan. Include a review of the overall
success of your multipage website and provide a data security report of the application you
developed for the above sceanrio.

Observation Sheet

Paridya sathsarani samarasinghe

 Activity Activity Learning Feedback
No Outcome (Pass/ Redo)
1 Examine what an API is, the need for APIs and types LO1
of APIs.

2 Apply the knowledge of API research to design an LO2

application that incorporates relevant APIs for a
given scenario or a substantial student
Chosen application.
3 Implement an application in a suitable development LO3
environment.
4 Document the testing of the application, review and LO4
reflect on the APIs used.

Comments:

Assessor Name :…………………………………………….

Date :…………………………………………….

Assessor Signature :…………………………………………………………………………

Grading Rubric

Grading Criteria Achieved Feedback

LO1 Examine what an API is, the need for APIs and types
Paridya sathsarani samarasinghe
 of APIs

P1 Examine the relationship between an API and a

software development kit (SDK).
M1 Asses a range of APIs for a particular platform that
covers a range of uses.
D1 Evaluate potential security issues surrounding APIs

LO2 Apply the knowledge of API research to design an

application that incorporates relevant APIs for a given
scenario or a substantial student chosen application
P2 Analyse an existing application that could be extended
with a suitable API.

M2 Design an application that will utilise an API for a

given purpose.

D2 Create a design for a chosen substantial application

that will utilise a range of APIs, justifying choices..

LO3 Implement an application in a suitable development

environment
P3 Build on an existing application framework to
implement an API.

M3 Develop an application that utilises an API.

D3 Construct an application utilising multiple APIs,

following the designs in LO2
LO4 Investigate scenarios with respect to design
PatternsLO4 Document the testing of the application,
review and reflect on the APIs used

P4 Design and complete a ‘white box’ test of the

application, recording the results.

M4 Conduct ‘black box’ tests of your application,

recording the results.
M5 Update the application accordingly with the results.

Paridya sathsarani samarasinghe

 D4 Critically evaluate the APIs used within your
application. Provide a data security report of your
application.

Paridya sathsarani samarasinghe

Contents
Paridya sathsarani samarasinghe
Introduction....................................................................................................................................................15
Application Program Interface (API)..............................................................................................................16
Advantages of API..........................................................................................................................16
Disadvantages of API......................................................................................................................17
How API Works..............................................................................................................................19
How APIs are Used for Building OZQ System..............................................................................19
Main types of API..........................................................................................................................................20
Public APIs.....................................................................................................................................20
Partner APIs....................................................................................................................................20
Private APIs....................................................................................................................................21
Composite APIs..............................................................................................................................21
Different types of APIs used in software development...................................................................................21
Web APIs........................................................................................................................................21
Mobile API......................................................................................................................................21
Production API................................................................................................................................22
Development API............................................................................................................................22
API protocols and architectures......................................................................................................................22
Rest api............................................................................................................................................22
Soap API.........................................................................................................................................23
Rpc api............................................................................................................................................23
the benefits of API..........................................................................................................................................23
Integration.......................................................................................................................................23
Automation task..............................................................................................................................24
Wider reach....................................................................................................................................24
Efficiency........................................................................................................................................24
Persanalization................................................................................................................................24
Example for API.............................................................................................................................................24
Twitter bots.....................................................................................................................................25
Log-in using XYZ...........................................................................................................................25
Pay with paypal...............................................................................................................................25
Google maps...................................................................................................................................26
e-commerce.....................................................................................................................................26
Adaptation.......................................................................................Error! Bookmark not defined.
Good user experience......................................................................Error! Bookmark not defined.
Partnerships.....................................................................................Error! Bookmark not defined.
What is the SDK.............................................................................................................................26
What is the difference between an API and SDK...........................................................................27
API vs SDK comparison.................................................................................................................27
Youtube API....................................................................................Error! Bookmark not defined.

Paridya sathsarani samarasinghe

 Twillio API......................................................................................Error! Bookmark not defined.
Google gadget API..........................................................................Error! Bookmark not defined.
Amazon S3 API...............................................................................Error! Bookmark not defined.
Wikipedia API.................................................................................Error! Bookmark not defined.
Instagram graph API.......................................................................Error! Bookmark not defined.
Wireframes for OZQ system...........................................................................................................27

Paridya sathsarani samarasinghe

Introduction

Application development involves Designing a computer program or a combination of programs to

handle tasks like inventory tracking. Consumer billing. Account maintenance. Speeding up
corporate processes. Boosting application efficacy. Application development is riskier than
traditional programming (particularly for requirement capturing and testing). The Application
Development sector has changed quickly. Customers looking for software solutions and application
development experts have experienced upheaval in recent years. Application Development involves
conceiving, specifying, designing, programming, documenting, testing, and bug-fixing. Application
development is the process of creating and managing source code, but it also covers everything
between the concept of the intended software and its final manifestation. Software development
may include research, new development, prototyping, modification, reuse, re-engineering, and
maintenance. The software can be created to meet the needs of a specific customer (custom
software), a group of potential users (commercial and open source software), or an individual (for
example, a scientist may create software to automate a mundane task). Embedded software
development requires integrating the development process with the growth of the controlled
physical object. System software is written separately from applications and programming.
Software engineering was created to improve software quality control by applying the engineering
paradigm's systematic methodology. Software project management models, methods, processes, and
models are available. Agile software development is more modern than the waterfall model.

Paridya sathsarani samarasinghe

Application Program Interface (API)

A set of established guidelines known as an API, or application programming interface, allows

various apps to communicate with one another. company can open their application data and
functionality to external third-party developers, business partners, and internal departments within
their company by using it as an intermediary layer that handles data transfers between systems.
An API's definitions and standards enable businesses to link the numerous daily applications,
saving staff time and eradicating the silos that impede innovation and cooperation. The interface for
app communication is provided through API documentation for developers, simplifying application
integration.

Advantages of API

APIs make it easier to integrate and manage existing applications and services and to design and
develop new ones. However, they provide developers and organisations with additional essential
advantages.

 Improved collaboration.
 Accelerated innovation.
 Data monetization.
 System security.
 End-user security and privacy

Improved collaboration.
Nearly 1,200 cloud applications are used by the average organisation, many of which are not
connected (link is external to IBM.com). APIs make integration possible, allowing these platforms
and apps to communicate with one another without interruption. Businesses may streamline
procedures and enhance teamwork through this integration. Many companies wouldn't be connected
without APIs, leading to information silos that would harm productivity and performance.

Accelerated innovation.
With the flexibility that APIs provide, businesses can connect with new business partners,
offer new services to their current market, and ultimately access new markets that have the potential
to produce enormous profits and accelerate digital transformation. For instance, Stripe started as an
API with only seven lines of code. Since then, the business has worked with many of the largest

Paridya sathsarani samarasinghe

corporations in the world, expanded to provide loans and corporate cards, and recently received a
valuation of USD 36 billion (link is external to ibm.com).

Data monetization.
To attract developers to their brand and cultivate relationships with possible business
partners, many firms opt to provide APIs for free, at least initially. If the API allows access to
priceless digital assets, the company can make money by charging for access. The API economy is
used to describe this. In just ten months after launching its self-service developer portal to sell
various API packages, AccuWeather (link leaves ibm.com) attracted 24,000 developers, sold 11,000
API keys, and established a flourishing community.

System security
APIs provide levels of protection between the two when they communicate, separating the
infrastructure of the requesting application from that of the answering service. For instance, API
calls typically require authentication credentials; further security during data exchange can be
provided by HTTP headers, cookies, or query strings, and an API gateway can regulate access to
reduce security risks further.

End-user security and privacy

APIs can give individual users an additional layer of security as they do for networks. The
user can accept or reject website requests for their location when they are made using a location
API. When APIs request access to programs and their data, many web browsers and mobile
operating systems, like iOS, have built-in permission mechanisms. Permissions are used by file
systems like Windows, Mac, and Linux when an app needs to access files via an API.

Disadvantages of API

Application Programming Interfaces (APIs) provide a means for various software parts or systems
to interact and communicate with one another, but they also have several drawbacks. Here are a few
typical disadvantages of APIs:

 Complexity

Paridya sathsarani samarasinghe

  Dependency on Third Partie.
 Security Concerns
 Versioning and Compatibility
 Performance Overhead

Complexity
APIs can complicate the development process, especially when working with third-party
APIs. Comprehending the documentation, endpoints, arguments, and answers can be challenging,
which could result in mistakes and make debugging more complex.

Dependency on Third Partie.

Your application's functioning may become reliant on the dependability and accessibility of
the external service if you use third-party APIs. The functionality or performance of your
application may be affected if the external service goes offline or goes through changes.

Security Concerns
If an API is not adequately protected, it may become vulnerable to security threats.
Malicious actors may use poorly designed or unprotected APIs to obtain unauthorised access to
systems, data, or capabilities.

Versioning and Compatibility

Changes to an API's structure, endpoints, or behaviour may be made as it develops. This
may cause compatibility problems with apps that rely on earlier API versions. To avoid user
disturbances, developers must carefully control versioning and handle backward compatibility.

Performance Overhead
APIs increase the level of communication between different software components. This may
lead to performance overhead because of network latency, data serialization/deserialization, and
additional processing required for communication.

How API Works

Paridya sathsarani samarasinghe

A straightforward approach to comprehending how APIs function is to consider a prevalent
example, such as third-party payment processing. An e-commerce website may ask users to "Pay
with Paypal" or another third-party system when they purchase. To establish the connection, this
function depends on APIs.
 An API requests information when a customer clicks the payment button, a call. The API's
Uniform Resource Identifier (URI) is used to process this request, which comes with a
request verb, headers, and occasionally a request body.
 The API calls the external program or web server, in this case, the third-party payment
system, after receiving a legitimate request from the product webpage.
 The server replies to the API with the data that was requested.
 The API sends the data to the application that requested it, in this case, the product website.

The queries and responses are all handled by an API, even though the data transfer will vary based
on the utilised web service. Since APIs communicate data within the computer or programme and
are not visible on the user interface, they appear to the user as a seamless connection.

How APIs are Used for Building OZQ System

I'd be pleased to assist you in understanding how APIs (Application Programming Interfaces) can
be utilised in the "OZQ System" context if you could give me further context or information about
what the term means. The utilisation of APIs depends on the particular needs and features of the
system in question because they provide a means for various software systems to interact and
communicate with one another. APIs may be utilised for several functions, including data
interchange, system integration, automation, and more if the "OZQ System" is a software system or
application. Please elaborate on the "OZQ System" or explain its context so that I can respond to
you in a more pertinent and correct way.

Main types of API

Paridya sathsarani samarasinghe

Application Programming Interfaces, or APIs, are protocols and rule sets that enable interaction
between various software programs. They allow developers to access specific features or data from
a service, library, or platform without comprehending the underlying code. The most common API
types are as follows:

 Public APIs
 Partner APIs
 Private APIs

Public APIs

Public APIs are comparable to open APIs, although they frequently charge fees. That also
means they typically include some key for authorization or authentication to keep track of usage.
Public APIs often use a freemium model.

Public APIs are frequently among the most robust and advanced because they are created with the
general public in mind. They are also essential for gaining access to some of the advantages of
APIs, such as revenue and brand awareness. According to Google's most recent State of the API
report, these are just a few reasons why 31% of API developers rank making APIs publicly
available as their top priority.

Partner APIs

Who can access the service through a partner API is more constrained. They come in both
free and paid forms. Partner APIs frequently feature more stringent policies around authorization,
authentication, and security because they are only made available to specific parties.

Partner APIs are among the most well-known and frequently used APIs. An illustration of a partner
API is eBay's APIs. Some facets of the Twitter API are also. Once you have an API key, you can
access several of Twitter's legacy endpoints using the Twitter Essential API. Elevated or Elevated+
is the higher level, only accessible to approved partners.

Paridya sathsarani samarasinghe

Private APIs

Private or internal APIs are only meant for usage inside a business or organization. They are
the most prevalent API since they can be created quickly and don't have to be as durable as goods
for general use.

Internal APIs have now been included in almost all facets of work. Typical internal API consumers
are sales teams, marketing, or HR divisions. Internal APIs include chat platforms, collaborative
coding tools, and more. As the backbone for collaborative platforms and environments, they are
crucial to microservices architecture design.

Composite APIs

A design strategy for sequentially grouping API calls into one API call is called a composite API. A
client can use a chain of calls to make one API request and receive one response rather than making
many round trips to the server.

Composite APIs are used when numerous calls are made sequentially, sent to the server at once in a
single API request, and receive a single answer. Or, we may say that Composite APIs are used
when we batch them sequentially, transmit them, and obtain one response.

Different types of APIs used in software development

Web APIs

An API protocol outlines the guidelines for API requests, including acceptable commands and
acceptable data formats. Different API architectures specify various restrictions on communication.

As the name implies, a web API is an API that can be accessed using the HTTP protocol. It is not a
technology; it is a concept. Different technologies, including Java,.NET, and others, can be used to
create Web API. As an illustration, Twitter's REST APIs give programmatic access to read and
write data, allowing us to incorporate Twitter's features into our application. (Brooks, G, 2013)

Mobile API

The requirements for mobile apps are specifically catered for by a mobile API, often known as a
mobile application programming interface (API). The ability to connect with server-based or cloud-
based systems is provided to mobile applications so they can access backend services, data, or

Paridya sathsarani samarasinghe

functions. APIs for mobile application programming (APIs) are essential for creating native or
hybrid mobile applications since they allow developers to establish connections with servers, get
data, and carry out different actions (Brooks, G, 2013)

Production API

An Application Programming Interface (API) that has completed all necessary development and
testing stages and is now ready for deployment in a live or production environment is referred to as
a Production API. To satisfy the required performance, security, and reliability standards, the
product underwent extensive testing and quality assurance procedures. In order to efficiently handle
the needs of real-world traffic and usage scenarios, production application programming interfaces
(APIs) are made available to end users or other applications. (Brooks, G, 2013)

Development API

Production APIs are Application Programming Interfaces (APIs) that have finished all required
development and testing phases and are prepared for deployment in a live or production
environment. The product underwent rigorous testing and quality assurance methods to meet the
needed performance, security, and reliability standards. Production application programming
interfaces (APIs) are made available to end users or other programmes in order to effectively handle
the demands of real-world traffic and usage scenarios. (Brooks, G, 2013)

API protocols and architectures

The proper architecture and protocol are crucial since API communicates commands and data. The
three types of API protocols and architecture are as follows. They are RPC, SOAP, and DHTML.
An API protocol outlines the guidelines for API requests, including acceptable commands and
acceptable data formats. Different API architectures specify various restrictions on communication..

Rest api

Representational state transfer (REST) is an architectural style that is widely acknowledged as a

leading construction technique for APIs. The client/server approach of the REST architecture
efficiently divides the front and back ends of the API. This design strategy gives programmers and
implementers a lot of flexibility. The stateless nature of the Representational State Transfer (REST)
architectural type, in which the API does not save any data or status information between
subsequent requests, distinguishes it from other architectural types. The caching methods built into

Paridya sathsarani samarasinghe

the Representational State Transfer (REST) architecture allow replies from slow or non-time-
sensitive APIs to be stored. (Brooks, G, 2015)

Soap API

The simpler of the two models, SOAP (Simple Object Access Protocol), might be more well-
known. Together with schemas, SOAP defines a fully strongly typed messaging system that is
closely based on XML. Each operation the supplier offers is specifically documented, along with
the request and response XML format. Each enter argument is also explained and assigned to a
type, such as an integer, a string, or a few additional complex objects. (2021; Soapui)

Rpc api
A remote procedure call (RPC) occurs when computer software instructs a process to run in a
specific address space (typically on another computer on a shared network), even though the
developer did not explicitly code the information for the remote interaction. That is, whether the
subroutine is close or far away from the software running, the programmer essentially writes the
same code. This type of client-server communication often occurs through a request-response
message-passing system. (IBM, 2021)

the benefits of API

APIs, or Application Programming Interfaces, are essential components of modern software

development and play a crucial role in enabling communication and interaction between different
software applications, services, or systems. The benefits of APIs are numerous and have led to the
widespread adoption of this technology. Here are some of the key benefits of using APIs

Integration

APIs make embedding content from any website or piece of software easier. This guarantees
improved, smooth information transfer and a comprehensive customer experience Application
Programming Interfaces (APIs) make it possible to incorporate your content into different websites
and applications without any difficulty. By doing so, one may guarantee a seamless and coherent
user experience and give the user relevant and up-to-date information. Information is disseminated
everywhere it may be useful to the intended receivers, not just in places where the team has had a
chance to update the content. ( 2021 Businessapac)

Paridya sathsarani samarasinghe

Automation task

The foundation of a significant portion of automation approaches, for which APIs become essential,
is the integration of programs. Integrations automate administrative tasks to create a seamless,
practical transition between linked packages. Your business can save money, time, and effort thanks
to automation and the integration of approaches. ( 2021 Businessapac)

Wider reach

Application Programming Interfaces (APIs) can enable the development of a wide range of
presentation layers, including but not limited to applications, websites, and widgets. This facilitates
the distribution of services and information to previously unexplored user demographics while also
permitting tailoring to accommodate specific circumstances and provide individualized user
encounters. Individuals who choose not to browse websites can acquire agency information or
access services through applications or alternative websites with which they regularly interact.

Efficiency

API access allows for the efficient production of material that can be developed once and then
distributed or made available across several channels. The agency's content is strategically prepared
to facilitate its diffusion and redistribution, allowing for the direct delivery of its mission to a larger
population of individuals.

Persanalization
The website's user base consists of both corporations and non-profit organizations. These users
benefit from a customizable feature that allows them to tailor their experiences by incorporating
information and services that are highly relevant to their specific needs.

Example for API

To fully comprehend application programming interfaces (APIs), it is vital to possess knowledge
regarding their practical implementations and real-world applications. The following section
presents a collection of nine illustrative instances of Application Programming Interfaces (APIs)
that demonstrate a range of API classifications.

Twitter bots

Paridya sathsarani samarasinghe

Assume that an individual dedicates a significant portion of their time to using the social media
platform Twitter. In that scenario, the individuals in question probably had an encounter with an
automated software application, colloquially referred to as a bot.

At this particular point in time. Twitter serves as a platform for numerous automated bots that
utilize the Twitter API to carry out diverse tasks in an automated fashion. Over a decade ago, the
percentage of tweets produced by automated Twitter accounts, commonly known as bots, was 24%.
Without question, it is evident that there has been a substantial increase in their degree of
engagement in modern times. The increasing prevalence of automated software agents poses a
difficulty in distinguishing those that exhibit exceptional qualities from the general population.

Nevertheless, examining several notable Twitter bots within the framework of presenting API
illustrations is vital. A widely favored option among enthusiasts is the Twitter bot,
MagicRealismBot, which generates imaginative storylines at four-hour intervals. This creative
process entails incorporating diverse components from numerous genres, resulting in a compact
message of 280 characters, as typically seen in tweets.

Log-in using XYZ

The underlying idea pertains to the proposition that folks can bypass the necessity of upholding a
distinct account with its corresponding dataset while enrolling in or utilizing virtually any internet-
based service. In numerous situations, individuals have chosen to employ the functionalities of "log
in using Facebook" or "log in using Google." There is a need to enhance the perceived value of
creating a new account on a particular site. Fortunately, a feasible remedy was readily available.
Nevertheless, it is imperative to remember that our platform is not intrinsically affiliated with
Google, Facebook, Twitter, or any other social media site. In order to establish a connection
between two platforms, it is necessary to utilize an Application Programming Interface (API) when
accessing a platform using log-in credentials from other platforms. This serves as an illustration of
an application programming interface (API) within its intrinsic environment.

Pay with paypal

In the context being discussed, PayPal serves as an illustrative instance of an Application
Programming Interface (API). PayPal is a prominent fintech platform that enables the integration of
personal financial data with customers' PayPal accounts. This system enhances the ease and security
of executing money transactions. PayPal is intentionally incorporated into various websites
requiring financial transactions, from eBay to Airbnb. Websites that integrate with PayPal do not

Paridya sathsarani samarasinghe

have direct access to the user's banking or credit card details. Implementing application
programming interfaces (APIs) has played a significant role in establishing the existing security
protocols.

Google maps
The Google Maps API offers customers a comprehensive set of geographic functionalities, enabling
them to retrieve geographical data. Kindly search for dining establishments, specialty retail outlets,
and other commercial businesses near the present geographical coordinates. Whether an individual
is a Senior Developer with extensive software development experience or a passionate technology
user, the API sample mentioned in this context may have been applied more frequently than one
might realize. The Google Maps API presents a range of information, including business hours,
reviews, contact details, and other pertinent data, within the convenience box displayed on the
screen. Similarly, when users click on the map symbol within the box above, they will be redirected
to either the Google Maps program or the Google Maps website.

e-commerce
E-commerce encompasses business transactions via digital platforms, namely exchanging products
and services. For instance, PayPal is a service that is intricately linked to the realm of electronic
commerce. Both Amazon and Facebook have trademark marketplaces that represent the Internet
commerce industry. Application Programming Interfaces (APIs) are crucial in electronic commerce,
providing e-commerce platforms with vital features such as heightened security, improved
performance, and expanded scalability. The effective operation of electronic commerce platforms,
such as site search and currency conversion functionality, depends on the utilization of application
programming interfaces (APIs).
The incorporation of microservice architecture holds significant importance within the realm of
electronic commerce. Many electronic commerce platforms utilize microservices to encapsulate
functionality into separate, independently deployable services. This application development
methodology incorporates decentralization and business functionality, essential components a
monolithic design must encompass. Nevertheless, it is imperative to emphasize that integrating
microservices into a cohesive application is achieved through utilizing APIs, mainly owing to their
flexibility to be deployed independently.

Software development kit (SDK)

Software program improvement kit is what SDK stands for. The SDK, often known as a devkit, is a
set of tools for developing software for a particular platform that includes building blocks,

Paridya sathsarani samarasinghe

debuggers, and frequently a framework or institution of code libraries containing tasks specific to
an operating system (OS). (IBM, 2021)

difference between an API and SDK

Since APIs and SDKs are similar, it may be challenging to distinguish precisely how they vary or
when to choose to use one over the other. The fact that SDKs usually contain one or more APIs and
help enforce them is another potential source of misunderstanding. An SDK will only sometimes go
along with an API, though. An SDK platform comes with a set of tools to build those applications.
In contrast, an API is specifically designed to carry out the function of allowing communication
between applications. APIs enable programs to interact with each other, but they need to be more on
their own to produce cutting-edge software. In other words, an API is usually better for your
business if you want to submit some unique features. An SDK will provide the tools you need to get
your new business off the ground if you start from scratch. 2021 (RapidAPI)

API vs SDK comparison

Wire frames for OZQ system Login Page

Paridya sathsarani samarasinghe

 Figure 1 Wire frames for OZQ system

Registor Page

Figure 2 Wire frames for OZQ system

Paridya sathsarani samarasinghe

Home Page

Figure 3 Wire frames for OZQ system

My Cart

Figure 4 Wire frames for OZQ system

Paridya sathsarani samarasinghe

Design an application that uses the API for a given purpose

Figure 5 Wire-frames for OZQ system (the author,2023)

Login Page

Figure 6 Wire-frames for OZQ system (the author,2023)

Paridya sathsarani samarasinghe

Registor Page

Figure 7 Wire-frames for OZQ system (the author,2023)

Cart

Figure 8 Wire-frames for OZQ system (the author,2023)

Paridya sathsarani samarasinghe

Create a design for a selected significant application that uses
a range of APIs.

Many users using OZQ cart can use it to access the website. As a re-author, the author must choose
the appropriate API framework for these applications. The author has invented many API
frameworks like Reset API, ASP.NET Web, API, Graph etc. An architectural style that follows
specified requirements, such as Agent Transfer or REST. It typically takes advantage of HTTP
when used for web APIs and can be used with REST over any protocol to enable web API
activation. This means that developers can take use of a REST API design without installing
libraries or other tools. Keeping this in mind, the author suggests the best way to create an
application using ASP.NET Web API, because data can be easily communicated through HTML
language, which

Developing Web application

Figure 9 code(the author,2023)

Connect to Database

Paridya sathsarani samarasinghe

Figure 10 code(the author,2023)

Login Page Code

Figure 11 code(the author,2023)

Paridya sathsarani samarasinghe

Login PHP Code

Figure 12 code(the author,2023)

Registor Page

Figure 13 code(the author,2023)

Registor page PHP code

Paridya sathsarani samarasinghe

Figure 14 code(the author,2023)

Dashboad Page

Figure 15 code(the author,2023)

Shopping Cart System

Paridya sathsarani samarasinghe
Figure 16 code(the author,2023)

The developed system should be tested using black box and

white box testing method test plan.

Test case 01

Paridya sathsarani samarasinghe

 Test No Input data Expected result Actual result (Pass or
Fail)

01 Email Incorrect email Incorrect email Pass

[email protected] or password or password

Password
12345OZQ

Table 1 Test case 01 (Author 2021)

Figure 17 Test case 01 (Author 2021)

Test case 02

Test by Anuda Bhashitha

Test No Input data Expected Actual result (Pass or Fail)

result

Paridya sathsarani samarasinghe

 02 name – Nipuna You're Not You're Not Pass
Email completely completely
[email protected] Full-fill Full-fill
Contact -
Password - 123456

Table 2 Test case 02 (Author 2021)

Figure 18 Test case 02 (Author 2021)

Test case 03

Test No Input data Expected result Actual result (Pass or Fail)

03 Emil -
[email protected] Login Login Pass
successful successful
Password -
OZQ12345
Table 3 Test case 03 (Author 2021)

Paridya sathsarani samarasinghe

Critically evaluate the API used in your application. Provide a
data protection report on your application.
The author uses REST API with ASP.NET Web API for this OZQ system. This is because
ASP.NET makes it easy to create services that reach a wide range of clients, including browsers and
mobile devices.

So, in recent years, it is clear that HTTP is not only for HTML pages. ASP.NET Web API is a set of
components that simplify HTTP programming. Because it is built on top of the ASP.NET MVC
runtime, Web API automatically handles HTTP low-level transport information. Furthermore, Web
API naturally exposes the HTTP programming model. One of the goals of Web API is not to
abstract the HTTP reality. On the contrary, the web

The API is flexible and easy to extend. The REST architectural style has proven to be an effective
way to leverage HTTP. It is not the only valid approach for HTTP.

Accordingly OZQ is the website and the author uses the remaining API with ASP.NeT Web API for
OZQ. For more information, these are the security mechanisms used by the OZQ app, such as
signing in with Google and Facebook, authorization, and HTTP. In HTTPS, ASP.NET Core allows
developers to easily configure and manage security, and ASP.NET Core has authentication,
authorization, data security, HTTPS validation, and management features.

Use Google and Facebook to sign in,

Enabling the login mechanism of the OZQ shopping cart system provides more security for the
website and allows Facebook and Google users to use their platforms for app authentication, they
use different APIs. It is best to use OAuth 1.0, OAuth 2.0, OpenID, OpenID Friend Connect, and
these social access technologies.

If the user feels that they have lost their password, they can reset it and get benefits across many
websites. Often, the service that provides the authentication functionality provides other
information. These can be used to post profile updates.

Cookie-based authentication – Cookie-based authentication is when you store some identifier in a

cookie and use it to automatically identify the API request. This means that the cookie needs some
mechanism to set it first so that all (eligible) requests from the same host are automatically included

Paridya sathsarani samarasinghe

in the cookie so that it is not vulnerable to subsequent requests. Token-based authentication –
Token-based authentication is a variant of cookie-based authentication, but gives you more control.
Essentially, you generate a token similar to a cookie-based authentication system, but you include it
with requests.

Session-based authentication – API-based session-based authentication requires some way of

associating a session with a client. This is often very simple to set up, but can suffer if your API is
deployed across multiple servers. Accordingly, the authors used these mechanisms as mechanisms.

Paridya sathsarani samarasinghe