API (Application Programming Interface) is a set of definitions and protocols that enable different software applications to communicate and interact with each other.
Authentication, sometimes abbreviated as AuthN, is the process of verifying the identity of the user who initiated an API request. Some standard authentication methods include API keys, OAuth, JWT Authentication and basic authentication.
Authorization, sometimes abbreviated as AuthZ, is the process of granting or denying access to different operations, resources, or data in the API for an authenticated user.
The server, database, and application that work behind the scenes to deliver data and functionality to the frontend.
An HTTP method used to remove a specified resource from a server.
A denial of service (DoS) attack is a single attacker, attacking a single target by flooding the server with malicious requests. Preventing users from accessing online services and sites.
A distributed denial of service (DDoS) attack is a malicious attack attempting to disrupt the target's traffic. This is done by overwhelming the target's infrastructure with a bombardment of internet traffic or requests, the goal being to flood the servers or network, preventing users from accessing online services and sites.
The specific address (URL) where an API can be accessed. Each endpoint represents a distinct function or resource provided by the API. These endpoints act as the entry points for making requests to the API to perform various actions or retrieve specific data. The endpoints indicate how you access the resource, while the method indicates the allowed interactions (such as GET, POST, or DELETE) with the resource. The same resource usually has a variety of related endpoints, each with different paths and methods but returning different information about the same resource.
A security system that monitors and controls incoming and outgoing network traffic based on predetermined security rules.
The part of the application that interacts with the user, typically the user interface.
An HTTP method used to request data from a specified resource.
GraphQL is a query language for APIs. GraphQL provides a schema of the data in the API that enables users to define the structure of the data.
The type of action indicated in an API request, such as GET, POST, PUT, and DELETE. Determines if you are reading, creating, updating, or deleting a resource.
JavaScript Object Notation. A common data format for API responses, consisting of attribute-value pairs and arrays. OpenAPI specifications are often written in JSON.
Microservices are a software architecture and development style in which an application is broken down as a collection of smaller services that are independently deployable and loosely coupled. Each service handles a dedicated function inside a large-scale application.
OAuth (open authorization), is a widely adopted open standard authorization protocol that enables third-party applications, which are not directly integrated to obtain access to user accounts on an HTTP service. Access tokens are provided to third-party services without exposing user credentials, such as passwords.
OpenAPI (previously known as Swagger) is the most widely used specification format for describing and documenting an API's endpoints, methods, parameters, responses, and more.
The Open Web Application Security Project is a nonprofit foundation that works to improve software security all over the world The OWASP API Security Top 10 is a comprehensive document detailing the ten most critical security risks facing APIs.
Platform as a service (PaaS) is a category of cloud computing services that allows customers to provision, instantiate, run, and manage a modular bundle comprising a computing platform and one or more applications, without the complexity of building and maintaining the infrastructure typically associated with developing and launching the application(s), and to allow developers to create, develop, and package such software bundles.
An HTTP method used to send data to a server to create or update a resource.
An HTTP method used to update a current resource with new data.
REST stands for Representational State Transfer, a set of architectural principles for building web services. REST APIs are the most common APIs, they use standard HTTP methods such as GET, POST, PUT, and DELETE to perform operations on resources. REST APIs return data in easy-to-process formats like JSON.
Rate limiting is a way to restrict the number of requests a user can make. Requests over the limit can be throttled or blocked. Rate limiting is a technique that helps to protect your APIs from DDoS and brute force attacks, which consist of submitting a large number of requests within a short window of time.
Software as a service (SaaS) is a software distribution model in which a cloud provider hosts applications and makes them available to end users over the internet.
Software development kit (SDK) is a bundled set of instructions, software tools, and detailed documentation used by developers to create software applications for a specific platform.
An SQL injection is a way to inject code into a database to cause damage to it. Attackers execute unintended code on a server by injecting malicious SQL commands into a database query. If successful the attacker could gain unauthorized access to sensitive data.
A digital key used for authentication and authorization in accessing an API.
Webhooks enable applications to send data to another application as soon as a certain event takes. As they are event-driven Webhooks are often used for real-time notifications and data updates like getting a notification when an order has been placed on your site.