2.0 Understanding and Using APIs Flashcards
2.1: what are 5 common HTTP request methods
Get
Post
Put (U for update)
Delete
Patch (A for append)
2.4: Response codes: 100’s
Informational
2.4: Response codes: 300’s
Redirect
2.4: Response codes: 200’s
Success
2.4: Response codes: 500’s
Server Errors
2.4: Response codes: 400’s
Error
2.4 Response code 403
You are not authorized to view this page (HTTP Error 403 - Forbidden)
2.4: Response code 404
The page cannot be found (HTTP Error 404 - File not found)
2.4: Response code 429
The HTTP return code of 429 indicates that the user has sent too many requests in a given amount of time. Intended for use with rate-limiting schemes.
2.1: what is the difference between PUT, POST, and PATCH
POST - Submits data to a specific destination
PUT - Replaces completly data at a specific destination
PATCH -makes a partial update on a resource
2.2 Describe common usage patterns related to webhooks
Webhooks set up on a host to push data to an API when certain events trigger it.
Example: At certain points in an Amazon order the webhooks will send data to the customer portal API to update order status
2.3 Identify the 6 constraints when consuming APIs (REST)
- Client-Server
- Stateless
- Cache
- Uniform Interface
- Layered System
- Code-On-Demand (optional)
2.3: What does the REST API restraint “Stateless” mean?
The server will not store anything about the last HTTP request from a client. Each request will be treated as new.
2.3: What does the REST API restraint “Uniform Interface” mean?
ses the same protocols all the time. Always HTTPS or only HTTP for example.
2.6 Identify the parts of an HTTP response: response code
The code is located in the first lines, optionally it will have text beside it.
2.6 Identify the parts of an HTTP response: headers
These are all Key:Value Pairs
2.6 Identify the parts of an HTTP response: body
Located after the headers. The body contains the payload. There is a blank line in between the headers and the body.
2.7 Utilize common API authentication mechanisms: API keys
An API key is a predetermined string that is passed from the client to the server. Anyone with this key can access the API in question.
2.7: What are the three different ways to pass API keys?
String-Based: You add ?examplekey123 to each API calls URI.
Request header: In the header you define the key. Example: X-API-Key: abcdef1234
Cookies: same as a Request header besides the name of the key. Example: Cookie: abcdef1234
2.7 Utilize common API authentication mechanisms: Basic
Basic calls for username password base 64 encoded and is not secure by default, use https with it to assist. Password is sent back and forth with each request.
2.7 Utilize common API authentication mechanisms: custom token
The user authenticates once, the server authenticates and then sends a cryptologically signed token back to the user (JWT in most cases) and then the user can use the token to authenticate from then on.
2.7 What is a JWT and what two componets is it comprised of?
JavaScript Web Tokens are the most popular form of token used today.
JWT = {JSON} + Cryptologic Signature
2.8 Compare common API styles REST
- Uniform Interface - Example: all calls have to use same tech, ie HTTP only or HTTPS
- Client-Server: The client and server cannot be on the same software, they need to be separate applications even if on the same computer.
- Statelessness: Every API call has to contain everything required to complete the requested operation
2.8 Compare common API styles RPC
RPC is a protocol that allows a program to execute code on a remote server as if it were a local procedure call. Unlike REST, which operates on resources, RPC emphasizes direct function calls, making it simpler for specific tasks but potentially less scalable for large systems.
