Functional Attack to API providers
We could have few security attacks to an API: SQL Injections In this attack, the attacker tries to identify input parameters used in a SQL
REST API Security
Basic Authentication In this case the user sends credentials in the HTTP Headers “Authorization: Basic <Encoded-Creds>” The <Encoded-Creds> string is a Base64 string with the
API Caching directives
The HTTP cache directive must be executed by all the devices in the chain (firewall, server, client, db,…) that manage the request/response The directive in
REST API Error handling
In this article we saw, in general, which HTTP methods and status code to use in CRUD operation. Now let’s see better which http status
Implementing REST API CRUD operations
Basically you should follow these principles: Use the correct HTTP method Use the correct HTTP status code HTTP method HTTP method Operation POST Create (or
REST API Endpoint, Resources, Action
Endpoints To invoke a REST AP you need an endpoint or url. A url consists of multiple parts. Best Practice Resources Don’t use verb but
Richardson Maturity Model
it is a model (developed by Leonard Richardson) that breaks down the principal elements of a REST approach into three steps: resource, HTTP verbs and
REST API Contraints
Is your architecture RESTFul? An architecture could be REST Like or RESTish To be RESTFull an architecture should follow 6 rules, known as RESTFul Architectures
What is an API
API (Application Programming Interface) are like user interfaces but targeted to be consumed by other applications rather than humans. This interface defines a contract between