Basic concepts of API

What is SOAP?

SOAP stands for Simple Object Access Protocol. It is a XML-based protocol for accessing web services. It is platform independent and language independent. By using SOAP, you could interact with other programming language applications. It is independent of the Transmission Protocol (could be HTTP, FTP, TCP, UDP).

SOAP relies exclusively on XML to provide messaging services. Any XML can be a SOAP if it contains the following:
The wrapping of the XML inside of a SOAP body
The wrapping of the SOAP body within a SOAP envelope
The optional inclusion of a SOAP header block
XML Namespace (xmlns) is required to indicate that this is a SOAP Request
Encoding style directives for the serialization of data
The binding of the whole thing to a protocol

What is REST?

REST stands for Representational State Transfer. It relies on a stateless, client-server, cache-able communications protocol and in virtually all cases, the HTTP protocol is used. It is an architecture style for designing networked applications. The idea is that, rather than using complex mechanisms such as RPC or SOAP to interact other applications, a simple HTTP is used to make calls. These Web services are a lightweight alternative to the heavy, SOAP-based standards. Platform-independent (you don’t care if the server is Unix, the client is a Mac, or anything else), Language-independent (C# can talk to Java, etc.), Standards-based (runs on top of HTTP), and Can easily be used in the presence of firewalls. You can use any format for representing the resources, as REST does not put a restriction on the format of a representation.You can decide to use JSON or XML. If you are building Web services that will be used by Web pages for AJAX calls, then JSON is a good choice. XML can be used to represent more complex resources.


What are HTTP Requests & Response?

HTTP allows for communication between a variety of hosts and clients, and supports a mixture of network configurations. To make this possible, it assumes very little about a particular system, and does not keep state between different message exchanges. This makes HTTP a stateless protocol. The communication usually takes place over TCP/IP, but any reliable transport can be used. The default port for TCP/IP is 80, but other ports can also be used. Communication between a host and a client occurs, via a request/response pair. The client initiates an HTTP request message, which is serviced through a HTTP response message in return.

Sample HTTP Request message:
POST /index.html HTTP/1.1
Connection: Keep-Alive
Accept: image/gif
Accept-Language: us-en

Sample Response message:
HTTP/1.1 403 Forbidden
Content-Type: text/html
Content-Length: 35
Connection: Keep-Alive

What are the HTTP Methods?

The Most commonly used HTTP verbs (or methods) are POST, GET, PUT, and DELETE. These correspond to create, read, update, and delete operations,  respectively. There are a number of other verbs, but are utilized less frequently. Of those less-frequent methods, OPTIONS and HEAD are used more often than others.

The HTTP GET method is used to retrieve (or read) a representation of a resource.GET returns a representation in XML or JSON and an HTTP response code of 200
(OK). In an error case, it most often returns a 404 (NOT FOUND) or 400 (BAD REQUEST).

The HTTP POST request message has a content body that is normally used to send parameters and data. Unlike using the request URI or cookies, there is no upper limit on the amount of data that can be sent and POST must be used if files or other variable length data has to be sent to the server.

PUT is most-often utilized for update capabilities, PUT-ing to a known resource URI with the request
request body containing the newly-updated representation of the original resource.

DELETE is pretty easy to understand. It is used to delete a resource identified by a URI.

The OPTIONS method is used by the client to find out the HTTP methods and other options supported by a web server

The TRACE method is used to echo the contents of an HTTP Request back to the requester which can be used for debugging purpose at the time of development

What are the Status Codes?

HTTP status codes are returned by web servers to describe if and how a request was processed. The codes are grouped by the first digit:

1xx – Informational

2xx – Successful

200 code is used when a request has been successfully processed

3xx – Redirection

The requested resource has been temporarily moved and the browser should issue a request to the URL supplied in the Location response header.

The requested resource has not been modified and the browser should read from its local cache instead. The Content-Length header will be zero or absent because content is never returned with a 304 response

4xx – Client Error

Anonymous clients are not authorized to view the requested content
The requested resource does not exist on the server

5xx – Server Error

An internal error occurred on the server. This may be because of an application error or configuration problem

The service is currently unavailable, perhaps because of essential maintenance or overloading

What is Basic Authentication & Digest Authentication?

HTTP Basic Authentication:

The “basic” authentication scheme is based on the model that the client must authenticate itself with a user-ID and a password for each realm
HTTP Basic authentication implementation is one of the easiest ways to secure web pages because it doesn’t require cookies, session handling, or the development of login pages. If the user agent wishes to send the userid “Dollar” and password “MyPassword”, it would use the following header field:

Authorization: Basic QWxhASFVpbjpvcGSADNlc2FtZQ==

HTTP Digest authentication:

The client sends a hashed form of the password to the server. Although, the password cannot be captured over HTTP, it may be possible to replay requests using the hashed password.

 Source of the content: Nothing can be missed from Google

16 thoughts on “Basic concepts of API

  1. Anonymous May 24, 2016 / 7:24 am

    Awsm post


  2. Nancy July 9, 2016 / 9:48 am

    Nice explanation, thanks!


  3. rashmi September 27, 2016 / 12:31 pm

    its really helpful


  4. Anonymous April 4, 2017 / 12:41 pm



  5. Adip Made June 11, 2019 / 9:30 am

    simply understandable
    Thank you


    • Hari Charan July 4, 2019 / 8:21 pm

      Thanks, let me know if you have any good subjects to be posted. I am thinking post few articles on Security later this month


Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s