Activity 1

1.1 Activity 1.1 Examine What is an API (Application Program Interface), types
and the benefits of APIs and evaluate the potential security issues
surrounding APIs with reference.

1. API (Application Program Interface)

1.1 What is API and How does it work?
What is API (Application Program Interface)?

API is an abbreviation for application programming interface, that is a collection of

specifications and protocols for developing and integrating application software. Simply
it is a set of computer code that allows data to be sent from one software product to
another. It also includes the conditions of this data exchange. A programming interface
allows a number of computer programs to communicate with one another. It is a form of
software interface that provides a service to other programs. Application programming
interfaces are made up of two parts;

 Technical standard defining data interchange alternatives among solutions in the

type of a request for processing and data supply protocols.
 It is represented by a software interface developed to the standard.

How does API (Application Program Interface) work?

APIs enable your product or service to interact with other goods and services without
requiring you to understand how they work. This can assist in simplifying app
development while also reducing costs and time. APIs offer flexibility, facilitate design
development, administrative tasks, and use, and create chances for creativity whether
creating new tools and products or maintaining current ones. APIs are often regarded as
agreements, with documentation representing a mutual agreement between the two
parties: If party 1 transmits a remote request in a specific format, party 2's program will
answer in the same manner.
Examples of API (Application Program Interface) work;
 Flight information is shared among airlines and travel websites.
 Google Maps integration in a ridesharing app (Uber).
 Audio streaming and media services provider apps (Spotify) which allows you to
browse for various types of music.

1.2 Benefits gained from API (Application Program Interface).

API development has allowed several corporate improvements and process efficiency.
Realizing the advantages of API creation enables you to collaborate with system owners
and other stakeholders to upgrade the agency's systems and realize their full potential.
Here are a few examples of these possibilities. APIs are also extremely valuable to this set
of experts. They enable developers to collaborate with stakeholders in order to improve
agency systems and so produce additional possibilities. These benefit can include;

 Automation; APIs enable computers to manage tasks that would normally need
human intervention. It is possible to have a single content change spread across
numerous areas of a site (or multiple websites) at the same time. Simply said,
APIs allow computers to handle tasks instead of humans. Agencies can use APIs
to improve work procedures to achieve greater efficiency and productive.
 Efficiency; By granting API access, material may be generated once and then
automatically posted or made accessible to several channels. Your agency's
material is prepared for simple sharing and redistribution, allowing you to reach
out to more users directly. Simply said, when an API is made public, the material
created may be instantly posted and given access to all channels. It facilitates
sharing and distribution.
 More scope; APIs may be utilized to deliver access to content and services to new
audiences and in particular settings by enabling anybody to develop a new
presentation layer—such as an application, a website, or a widget. Individuals
who don't access your website may be able to obtain agency services or
content via applications or any other websites which they access on a regular
basis.
 Integration; APIs make it easier to integrate or intertwine your information into
your websites or other apps. As a result, you may provide the user with a seamless
 and integrated user experience, as well as useful and up-to-date content. The
information is provided to users wherever it can be beneficial, not only how much
your team has already had time to update the content.
 Personalization; The ability to customize sessions with the content and services
which are valuable to the website's users, companies, and non-profits benefits
them. Every user or corporation may easily personalize the content and services
they use often by using APIs.
 Adaptation; APIs assist to accommodate unexpected future usage as needs
evolve. Having data accessible via API can help with faster and easier migration
of data as well as better data quality inspection and cleaning.

1.3 The need for APIs.

APIs are important from a technological viewpoint because they enable one computer
program's features to be utilized by another. They allow two separate programs to
interact with one another. APIs allow companies to expand faster compared to ever
before, and they provide a solution for companies that presently spend and over $590
billion each year connecting heterogeneous systems. APIs are generating a new wave of
innovation based on sharing services, similar to what the Web did for the Internet. APIs
and their capability to alter business operations are attracting the attention of companies
across all industrial sectors. 

As for companies and business sector; The fundamental explanation APIs are so
important in current marketplaces is because they enable rapid innovation. Adaptation is
easier, and much more individuals can influence to a company's development. They
provide two advantages: the firm can manufacture superior items without distinguishing
itself from competitors. APIs also facilitate commercialization. Being active on multiple
platforms allows businesses to sell more advertising space.

As for a developer; APIs can be utilized to provide a service to developers. Developers

are not required to start from scratch each and every time they construct a new program to
create a core application which strives to handle anything. Alternatively, companies can
contract out specific duties by utilizing pre-created components that perform much better.
1.4 Types of API
1.3.1 Public API
An open API (also known as a public API) is a publicly accessible application
programming interface that enables programmers to access an exclusive software
application or online service programmatically. Public APIs, often referred to as open
APIs, are APIs that have been made available for general usage. Everyone can request
data from every number of firms that utilize a public API. Open APIs are an important
element for mobile applications, including for numerous websites' simple integration with
key services. Google's Maps APIs are an illustration of a broadly applied public API.

1.4.2 Private API

A private API is an application programming interface whose application is hosted by

internal programmers. Private APIs provide front-end access to back-end data and
application functionalities. The interface serves as a point of access for programmers or
contractors working on certain operations. These programmers establish an API to
connect with the program that their company or
customer is operating in-house.
1.4.3 Partner API

APIs accessible by/to strategic corporate partners are referred to as partner APIs. These
are not open to the public and require special permission to enter. Partner APIs, like
public APIs, are indeed the top of the iceberg because they're the most noticeable and
utilized to interact outside of the company's limits.

They are often provided through a public API developer portal, which developers may
use in self-service manner. Although open/public APIs are totally open, using partner
APIs requires an enrollment procedure with an unique validation protocol.

1.5 The possible security problems associated with APIs with

reference.
Unsafe pagination

Usually APIs provide access to resources that are lists of entities such as users or widgets.
The API will normally classify and paginate such listing for an user using the program in
a browser to limit the amount of items delivered to the user.

Nevertheless, if somehow the entity contains PII or even other sensitive data, a hacker
may scrape its endpoint and obtain a summary of every entity inside the database. This
could be extremely risky if the entities inadvertently divulge crucial data. It will
additionally allow hackers to check your web application's usage statistics and gain access
to email lists.

DDoS attacks

Although APIs enable clients to access API platforms programmatically, it renders DDoS
prevention difficult. The majority of DDoS defense is built to withstand and deny bad
actor requests throughout DDoS attacks. This is more difficult with API programs since
all traffic seems to be bot traffic.

Incorrect coding

Whenever you begin with terrible coding, you expose yourself to major API security
issues right away. Inefficient code from of the beginning is a first-rate technique to
undermine your API.

Failure to handle authorization

Although the most 0od of API programmers utilize a worldwide Authentication method
such as OAuth or API keys to authenticate whoever the client is, it is challenging to
distinguish Authorization from Authentication.

Because authorization is particular to the functionality of the program, it's an issue that
programmers overlook while testing the web application. Unless the object IDs have
enough entropy, hackers may quickly test alternative ids via iteration and get access to the
system.

Inadvertent key exposure

The APIs are designed to be gained across an indeterminate period of time, increasing the
likelihood of a hacker gaining an API key that has not been expired.

While debugging a web application by using Postman or CURL, the API client has direct
access to a web application's login credentials. After that, it just requires an error for the
programmer to copy/paste the CURL command containing the API key into a
public discussion venue like Stack Overflow and others. API keys are generally bearer
credentials that do not need any identifiable details. The APIs are unable to employ
components such as two-factor authentication or one-time use credentials.

XML Dangers

It should be noted that the XML standard is linked to the SOAP protocol. The format
contains various security concerns that hackers may exploit. To prevent a security issue,
it's critical to stay on top of this format.
Inadequate logging and monitoring

Most breach studies show that it takes more than 200 days to notice a security breach. If
you ever do not have sufficient API logging and monitoring in hand, hackers can exploit
the same vulnerabilities or perhaps even explore for new ones.

https://www.moesif.com/blog/technical/api-security/API-Security-Threats-Every-API-
Team-Should-Know/