#### What is an API? --- #### Section 1: What is an API? **Definition:** An API (Application Programming Interface) is like a restaurant menu. It defines what services (or "dishes") are available and how you can request them. - **Restaurant Menu (API):** The menu lists all available dishes (services). - **Customer (Client):** You are the customer requesting food (client making requests to the API). - **Waiter (Server):** The waiter takes your order (API request) and brings back your dish (API response) from the kitchen (the backend system). --- #### **Section 2: Key API Terminology** - **API Endpoint:** The URL or address where the API is available, like the kitchen door where orders go in. - **Example:** `https://api.restaurant.com/v1/orders` (Here, `/orders` is the endpoint) - **HTTP Methods:** The different ways you can interact with the API. - **GET:** Request data (e.g., look at the menu). - **POST:** Send data (e.g., place an order). - **PUT:** Update data (e.g., modify your order). - **DELETE:** Remove data (e.g., cancel your order). - **API Parameters:** These are additional details included in the API request, similar to asking for a steak with a specific sauce. - **Example:** `/orders?dish=pasta&size=large` - **API Response:** The data sent back by the API after processing your request, similar to receiving the meal you ordered. - **Directory Fuzzing:** This is the process of brute-forcing the paths in a website or API to find hidden or unsecured directories or files. - **Example:** Searching for `/api/v1/admin` on an API to check if there's an unsecured admin panel. --- #### **Section 3: Types of APIs (The Types of Restaurants)** 1. **REST (Represent The State Transfer)** **Characteristics:** - Stateless (each request is independent, like ordering a meal without remembering previous orders). - Supports HTTP methods (GET, POST, PUT, DELETE). - Returns data in formats like JSON or XML. - URL-based structure (resource-focused). **Analogy:** A fast-food restaurant where each order is handled individually without remembering previous ones. 2. **SOAP (Simple Object Access Protocol)** **Characteristics:** - Protocol-based and uses XML for communication. - Strict structure with formal rules for request/response. - Supports advanced security features and transactions. **Analogy:** A fine-dining restaurant with a detailed reservation process, where the interaction is more formal and follows strict protocols. 3. **GraphQL** **Characteristics:** - Allows clients to specify the exact data they need in a query. - Fetches multiple resources in a single request (more efficient). containing flexibility for requesting data fields. **Analogy:** A restaurant where you can custom order exactly what ingredients you want on your plate without any extras. --- #### **Section 4: Tools for API Testing** **GUI-based Tools** 1. **Postman:** - User-friendly interface for making API requests. - Supports automated testing and creating collections of requests. - Ideal for beginners and for testing REST APIs. 2. **Insomnia:** - Clean interface for testing REST, GraphQL, and SOAP APIs. - Strong collaboration features for teams. **CLI-based Tools** 1. **cURL:** - Command-line tool for making API requests, commonly used for quick testing. - Supports various HTTP methods (GET, POST, PUT, DELETE). **Example:** ```bash curl -X GET 'https://api.restaurant.com/v1/orders?dish=pasta' ``` 2. **HTTPie:** - A more user-friendly alternative to cURL, making API requests simpler with a readable output. - Can be used directly from the command line. **Example:** ```bash http GET 'https://api.restaurant.com/v1/orders?dish=pasta' ``` --- #### **Section 5: Summary of API Testing Types** **1. Functional Testing** Verifies whether the API functions correctly according to specifications (e.g., testing different menu options in the restaurant analogy). **2. Load Testing** Tests how the API behaves under heavy traffic (similar to a restaurant serving many customers at once). **3. Security Testing** Ensures that the API is secure against threats such as unauthorized access, similar to checking that the kitchen staff (server) only accepts orders from customers (clients) with valid tickets. --- #### Helpful API Resources - [Official Postman Documentation](https://learning.postman.com/docs/getting-started/introduction/) - [HTTPie Command-line Documentation](https://httpie.io/docs/cli) - [Understanding REST APIs](https://restfulapi.net/) ---