Scribd
Upload
6 views19 pages

All About Api

The document provides a comprehensive overview of API-related terminology, including definitions and examples for concepts such as API, API Call, API Economy, and API Security. It covers various aspects of APIs, including their integration, lifecycle, and security measures, as well as tools and methodologies for managing and testing APIs. Additionally, it discusses the differences between building your own API and using third-party APIs, along with practical code examples.

Uploaded by

ankitgiri2306
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
6 views19 pages

All About Api

The document provides a comprehensive overview of API-related terminology, including definitions and examples for concepts such as API, API Call, API Economy, and API Security. It covers various aspects of APIs, including their integration, lifecycle, and security measures, as well as tools and methodologies for managing and testing APIs. Additionally, it discusses the differences between building your own API and using third-party APIs, along with practical code examples.

Uploaded by

ankitgiri2306
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 19

1.

API (Application Programming Interface)

API ka matlab hota hai ek set of rules aur protocols jo do software applications ko ek doosre se baat karne dete hain.

Example: Jab tu Zomato pe order karta hai, toh Zomato ka app Google Maps ke API ko use karke restaurant ki location show karta hai.

2. API Call

Jab hum API se kuch request bhejte hain (jaise login karte waqt username aur password enter karte hain), usse API Call kehte hain.

Example: Tu Instagram pe "Login" pe click karta hai, toh backend me ek API call hoti hai jo tere credentials ko server tak bhejti hai.

3. API Economy

Ye term batata hai ki businesses kaise APIs ka use karke paisa kama rahe hain.

Example: Uber ne Google Maps ki API use ki, isse unhone apna kaam asaan kar liya bina nayi maps service develop kiye.

1
@Code_Wraith
4. API Endpoint

Endpoint basically wo URL hota hai jaha API request jaati hai.

Example: Agar tu ek weather app banata hai, toh "https://api.weather.com/current" ek endpoint ho sakta hai jaha se tu current weather data
lega.

5. API Integration

Do alag-alag software ya applications ko API ke through connect karna.

Example: Shopify aur PayPal ko integrate karna taki payment automatic ho jaye.

6. API Gateway

API Gateway ek middleman hota hai jo API requests ko f㘶lter, monitor, aur manage karta hai.

Example: Agar tu Netf㘶ix ka server access kar raha hai, toh pehle teri request API Gateway se hokar jayegi.

7. API Lifecycle

API ki journey from start to end.

@Code_Wraith
Stages: Creation Management Consumption Retirement
Example: Ek API develop hui, market me aayi, use hui, aur jab outdate ho gayi toh band kar di gayi.

8. API Request

Jab hum API ko data ya action perform karne ke liye request bhejte hain.

Example: Jab tu "GET" request bhejta hai, toh server se data fetch hota hai.

9. API Key

Ek unique code jo API access ko secure karta hai.

Example: Jab tu koi third-party service use karta hai, toh wo API Key ki madad se authenticate karti hai.

10. API Layer

Ek interface hota hai jo back-end services aur front-end applications ko connect karta hai.

Example: Jaise tu Netf㘶ix pe search karta hai, API Layer hi data ko fetch karke display karti hai.

11. API Portal

API Portal wo jagah hoti hai jaha developers ko APIs ki saari information milti hai.

1
@Code_Wraith
12. API Security

API Security ka matlab hai API ko hackers, misuse aur attacks se protect karna.

Techniques: Authentication, Authorization, Tokens, Multi-Factor Authentication (MFA).


Example: Agar tu apni API me sirf verif㘶ed users ko access dena chahta hai, toh API Key ya OAuth (like Google login) use kar sakta hai.

13. Apigee

Apigee ek API Management Tool hai jo Google ka hai. Ye API ko manage, secure aur analytics provide karta hai.

Example: Agar tu multiple APIs handle kar raha hai, toh Apigee un sab ko ek proxy layer me wrap kar ke secure kar dega.

14. APIsec

APIsec ek company hai jo automated tools ka use karke APIs ke security f㘶aws detect karti hai.

Example: Tere ko agar APIs me vulnerabilities check karni ho, toh APIsec tools ka use karke tu code ko production me jaane se pehle test
kar sakta hai.

15. Application Framework

Application Framework ek predef㘶ned structure hota hai jo developers ko software ya apps banane me madad karta hai.

@Code_Wraith
Example: Agar tu Django (Python) ya Express.js (Node.js) use karta hai, toh wo application frameworks hai jo backend development ko
asaan banate hain.

16. Burp Suite

Burp Suite ek penetration testing tool hai jo web applications me security vulnerabilities dhoondta hai.

Example: Tu isse API requests ko intercept karke dekh sakta hai ki headers, parameters, aur responses me koi f㘶aw toh nahi.

17. CI/CD (Continuous Integration/Continuous Deployment)

CI/CD ek process hai jisse code changes ko automate karke fast aur safe deploy kiya jata hai.

Example: Agar tu GitHub me code push karta hai aur automatically tera server update ho jaye, toh ye CI/CD ka magic hai.

18. CRUD (Create, Read, Update, Delete)

CRUD basic operations hote hain jo databases me perform kiye jate hain.

Example: Jab tu Instagram pe post banata hai (Create), dekhte hai (Read), edit karta hai (Update), ya delete karta hai (Delete) — ye sab
CRUD operations hai.

19. Cache

@Code_Wraith
Cache ek temporary storage hoti hai jo data ko fast access ke liye rakhti hai.

Example: Agar tu ek baar ek webpage kholta hai, toh agle time me wo fast load hota hai kyunki uska data cache me saved hota hai.

20. Client

Client wo device ya software hota hai jo server se data request karta hai.

Example: Tera phone, jab tu WhatsApp kholta hai aur messages fetch karta hai, toh tera phone client hai aur WhatsApp ka server server hai.

21. DDoS (Distributed Denial of Service)

DDoS ek attack hota hai jisme ek server pe itni saari requests bheji jati hai ki wo server down ho jaye.

Example: Jaise agar ek website pe 1000 fake users ek saath login kare, toh server overload ho jayega aur real users ko access nahi milega.

22. Resource

Resource wo data ya content hota hai jo API ke through accessible hota hai.

Example: Tere weather app me "Current Temperature" ek resource hai jo API se fetch hota hai.

23. Request

Request wo data hota hai jo client server ko bhejta hai.

@Code_Wraith
Example: Jab tu "GET /users" request bhejta hai, toh server se sab users ki list milti hai.

24. Response

Response wo data hota hai jo server request ke reply me bhejta hai.

Example: Agar tu YouTube pe search kare "Latest Songs," toh server response me songs ki list bhejega.

25. Response Code

Response Code ek numerical code hota hai jo request ki success ya failure ko batata hai.

Common Codes: 200 (OK), 404 (Not Found), 500 (Server Error)
Example: Agar tu galat URL hit kare, toh tujhe "404 Not Found" error dikhega.

@Code_Wraith
1
26. Payload

Payload wo data hota hai jo API request ya response ke through bheja jata hai.

Example: Agar tu "POST" request ke through registration form submit karta hai, toh user data (name, email, password) payload ke form me
server ko bheja jata hai.

27. Pagination

Jab data bohot zyada hota hai toh usse chhote-chhote pages me divide karna Pagination kehlata hai.

Example: Jab tu Amazon pe products dekh raha hota hai aur "Next Page" pe click karta hai, toh wo API call pagination ka use karke sirf
specif㘶c page ka data laati hai.

1
@Code_Wraith
28. Method

Methods APIs me batate hain ki request ka purpose kya hai. Common methods:

GET: Data fetch karna


POST: Data bhejna ya create karna
PUT: Data update karna
DELETE: Data delete karna
Example: Agar tu "GET /users" call bhejta hai toh server se users ki list milegi.

29. Query Parameters

Query Parameters wo f㘶lters hote hain jo API request ke URL me add kiye jate hain, taki specif㘶c data mile.

Example: Agar tu "GET /products?category=mobile&price<5000" bhejta hai, toh tujhe sirf wo mobiles milenge jinke price 5000 se kam hai.

30. Authentication

Authentication ka matlab hota hai user ki identity verify karna.

Example: Jab tu Netf㘶ix pe login karta hai, toh API user credentials check karke access deti hai.

31. Rate Limiting

Rate Limiting APIs me requests ki maximum limit set karta hai taki misuse na ho.

@Code_Wraith
Example: Agar tu kisi API ko 100 requests per minute ki limit ke saath use kar raha hai, aur tu 101 requests bhejega toh tujhe "429 Too Many
Requests" error milega.

32. API Documentation

API Documentation wo manual hoti hai jisme API ka poora use, endpoints, parameters, aur examples diye hote hain.

Example: Postman ya Swagger jaha se tu API ko test kar sakta hai aur uske usage ko samajh sakta hai.

33. Logic Flaw

Logic Flaw ek vulnerability hoti hai jab application unexpected behavior show karti hai.

Example: Agar login page me tu valid credentials ke bina bhi access le sake, toh ye logic f㘶aw hai.

34. JSON (JavaScript Object Notation)

JSON ek data format hai jo APIs me data exchange ke liye use hota hai. Ye human-readable aur machine-readable dono hota hai.

Example: { "name": "Wraith", "role": "Hacker" } — JSON me data key-value pairs me hota hai.

35. Microservices

@Code_Wraith
Microservices architecture me ek application ko chhote-chhote independent services me tod diya jata hai.

Example: Amazon ki site me cart, payment, search — sab apne alag-alag microservices hote hain.

36. Monetization

API Monetization ka matlab hai API se paisa kamaana.

Example: PayPal ki API use karne ke liye wo developers se fees charge karte hain.

37. OWASP (Open Web Application Security Project)

OWASP ek organization hai jo web application security ke best practices aur tools provide karta hai.

Example: OWASP Top 10 list me web applications ki common vulnerabilities jaise SQL Injection, XSS, etc. cover hoti hain.

38. Over-Permissioned Container

Over-Permissioned Container wo container hota hai jise server ke zyada permissions mil jati hain jo risky ho sakti hai.

Example: Agar koi Docker container ko unnecessary root access mil jaye toh attacker poore server ko compromise kar sakta hai.

39. Parameters

@Code_Wraith
Parameters wo variables hote hain jo functions ya APIs ko input provide karte hain.

Example: Agar tu API request me "userId=123" bhejta hai, toh "userId" parameter ho gaya.

40. Penetration Testing (Pen Testing)

Pen Testing ek process hai jisse systems aur applications me security vulnerabilities ko dhoondha jata hai.

Example: Burp Suite ya ZAP tools se API ko test karke security loopholes f㘶nd karna.

41. Production Environment

Production Environment wo environment hota hai jaha application real users ke liye live hoti hai.

Example: Jab tera website localhost se server pe deploy ho jaye aur real users use karne lage, wo production environment hai.

42. REST (Representational State Transfer)

REST ek architectural style hai APIs ke liye jisme client aur server stateless hote hain.

Example: Agar tu RESTful API se "GET /users" call karta hai, toh server bas data bhejega bina kisi session ko store kiye.

43. Red Team

@Code_Wraith
Red Team cybersecurity professionals ki team hoti hai jo organization ke systems ko hack karke unke security f㘶aws detect karti hai.

Example: Ek company apni security ko test karne ke liye red team hire karti hai jo ek real-world attack simulate karti hai.

44. SDK (Software Development Kit)

SDK developers ko tools, code snippets aur documentation provide karta hai kisi specif㘶c platform ke liye apps banane me.

Example: Agar tu Android apps banata hai, toh Android SDK tere ko sab tools aur libraries provide karega.

45. SDLC (Software Development Life Cycle)

SDLC ek process hai jisme software development ke har phase ko systematically cover kiya jata hai.

Stages: Planning Development Testing Deployment Maintenance

46. SOAP (Simple Object Access Protocol)

SOAP ek protocol hai APIs ke liye jo XML format use karta hai aur zyada secure aur structured hota hai.

Example: Bank aur f㘶nancial services me SOAP APIs use hoti hain kyunki wo data security pe zyada focus karti hain.

47. SQL Injection

@Code_Wraith
SQL Injection ek attack hai jisme attacker application ke SQL queries me malicious code inject karta hai.

Example: Agar login form me ' OR '1'='1' likhne se login ho jaye, toh wo SQL Injection hai.

48. Webhook

Webhook ek event-driven API hoti hai jo data ko automatically push karti hai jab specif㘶c event trigger hota hai.

Example: Jab tu GitHub pe code push karta hai aur tera Telegram bot auto-update ka message bhejta hai, wo webhook se possible hota hai.

49. ZAP (Zed Attack Proxy)

ZAP OWASP ka ek free security tool hai jo automatic vulnerability scanning aur penetration testing ke liye use hota hai.

Example: Isse tu apni APIs ko security loopholes ke liye scan kar sakta hai.

Yeh lo bhai, poori API terminology ka knowledge ekdum easy aur real-time examples ke saath! Ab bata, aur kuch specif㘶c chahiye ya isme se koi
topic aur detail me samajhna hai?

@Code_Wraith
50. THIRD PARTY API

Example :- Maan lo tumhe Random User Data API ka response chahiye, jo ekdum free hai aur use karna bhi
easy hai.

* API Ka Example:

API Name: Random User Generator


Endpoint: https://randomuser.me/api/
Description: Ye API random user data (name, email, photo, location) provide karti hai.
Method: GET

# code

# API Endpoint
url = "https://randomuser.me/api/"

# API Call
response = requests.get(url)

# Response ko JSON me convert karna


data = response.json()

# Useful information ko print karna


user = data['results'][0]
print("Name:", user['name']['first'], user['name']['last'])
print("Email:", user['email'])
print("Location:", user['location']['city'], user['location']['country'])
print("Profile Picture:", user['picture']['large'])

@Code_Wraith
51. DIFFRENCE BETWEEN OWN API OR THIRD PARTY API

1. Khud ki API Banana (Building Your Own API):

Mtlb Tum apne server par ek API create karte ho jo specific data ya functionality provide kare.
Tum decide karte ho ki endpoints, methods, aur data format kaisa hoga.

Use Case:
Agar tumhe apni website ya app ke liye custom functionality chahiye, jaise:
Ek blog site me articles fetch karna (GET /articles).
Ek e-commerce site me order create karna (POST /orders).

Example:
Agar tum Python Flask use karte ho apni API banane ke liye:

# code

from flask import Flask, request, jsonify

app = Flask(__name__)

# API Endpoint
@app.route('/greet', methods=['GET'])
def greet_user():
name = request.args.get('name', 'Guest')
return jsonify({'message': f'Hello, {name}!'})

if __name__ == '__main__':
app.run(port=5000)
URL: http://localhost:5000/greet?name=Wraith
Response: {"message": "Hello, Wraith!"}
@Code_Wraith
2. Dusri Site ki API Use Karna (Using Third-Party API):

Mtlb Tum already existing API ko use karte ho apni application me.
Tumhe sirf API ka endpoint aur documentation chahiye hota hai.

Use Case:
Agar tumhe Google Maps, Payment Gateway (Stripe, PayPal), ya Weather API ka data chahiye.
Tum apni site pe login with Google/Facebook jaise features add kar rahe ho.

# code

import requests

# Third-Party API Call


response = requests.get('https://api.openweathermap.org/data/2.5/weather', params={
'q': 'Delhi',
'appid': 'your_api_key_here'
})

print(response.json())

Isme tum sirf API Key aur parameters bhejte ho.


Tumhe poori API banane ki zarurat nahi, sirf request bhejni hoti hai.

@Code_Wraith
@Code_Wraith
I am @Code_Wraith, a cybersecurity expert with a passion for teaching and sharing knowledge.
Join our Telegram channel 'Dark Froxt' for the latest in cybersecurity, cracking, and ethical hacking.
Stay ahead in the world of technology and enhance your skills with our expert guidance!

CHANNEL :- https://t.me/+1sHHe24EHDFmMGU1

CONTACT :- @Code_Wraith

Mail :- [email protected]

@Code_Wraith

You might also like