In this blog post I will be describing what is API, discuss the Twitter API vulnerability data breach which happened on December 2021 and my REST API project.
What is an API?
An application program interface (API) is code that allows two software programs to communicate with each other. An API defines the correct way for a developer to request services from an operating system (OS) or other application, and expose data within different contexts and across multiple channels.
Any data can be shared with an application program interface. APIs are implemented by function calls composed of verbs and nouns; the required syntax is described in the documentation of the application being called.
How does APIs work?
The application sending the request is called the client, and the application sending the response is called the server.
APIs are made up of two related elements. The first is a specification that describes how information is exchanged between programs, done in the form of a request for processing and a return of the necessary data. The second is a software interface written to that specification and published.
The software that wants to access the features and capabilities of the API is said to “call” it, and the software that creates the API is said to “publish” it.
APIs authorize and grant access to data that is requested by users and other applications. Access is authenticated to a service or portion of functionality, against predefined roles that govern who or what service can access specific actions or data.
Types of APIs:
– SOAP APIs (Simple Object Protocol uses XML)
– RPC APIs (Remote Procedure Calls)
– Websocket APIs (used JSON)
– REST APIs (uses HTTP, most popular and flexible)
Twitter API vulnerability data breach
It was reported that 5.4 million Twitter users’ stolen data leaked online and more shared privately. This is a good example showing that not properly securing your API can leak information and how threat actors can use it.
Source: https://www.bleepingcomputer.com/news/security/54-million-twitter-users-stolen-data-leaked-online-more-shared-privately/
REST API project
In this REST API project I demonstrated how to retrieve patients medical records, update patients personal information such as: address, phone number etc, add a new patient to the system and delete existing patient medical records from the database. I used Postman to send my API requests and to test the code.