Web Api

What is an web API?

Before we understand what is Web API, let’s see what is an API (Application Programing Interface).

As per Wikipedia’s Definition of API: In computer programming, an application programming interface (API) is a set of subroutine definitions, protocols, and tools for building software and applications.

To put it in simple terms, API is some kind of interface which has a set of functions that allow programmers to access specific features or data of an application, operating system or other services.

Web API as the name suggests, is an API over the web which can be accessed using HTTP protocol. It is a concept and not a technology. We can build Web API using different technologies such as Java, .NET etc. For example, Twitter’s REST APIs provide programmatic access to read and write data using which we can integrate twitter’s capabilities into our own application.

Why we use web APIs?

1. Back End for Native Mobile Applications:

If you are looking for a back end to develop native applications for mobile devices that do not support SOAP, ASP/NET Web API can serve your purpose. Almost any native application running on mobile device other than the Windows one can use ASP/NET Web API as backend. Hence, a web API is good for using with native applications which require web services but not SOAP support.

2. Develop AJAX based Web Applications:

ASP/NET web API is an ideal choice for development of client web applications that heavily rely on AJAX and do not require extensive configuration settings like WCF REST services.

Light Weight and Easy Creation of Services:

The Web API supports a light architecture powering HTTP services to reach broader range of clients. As compared to WCF, it is much easier and quicker to create services using ASP/NET Web API.

Hence, Web APIs can be helpful in various significant ways in web application development especially when it is an ASP/NET web application.

Examples for web APIs.

• YouTube API — Allows you to display videos on a web site.
• Twitter API — Allows you to display Tweets on a web site.
• Facebook API — Allows you to display Facebook info on a web site.

Limitations of web APIs.

There is a lot of conveniences and advantages to APIs, but business leaders should also be aware of the disadvantages. As a single point of entry, an API is a gateway and can become a hacker’s primary target. Once the API is compromised, all other applications and systems become vulnerable.

Nine of the top ten vulnerabilities listed in the OWASP Top 10 now mention APIs — and since APIs can be accessed over the internet, they will have all the same disadvantages as any other Internet-based resource. APIs are vulnerable to man-in-the-middle attacks, CSRF attacks, XSS attacks, SQL injection, and DDoS attacks.