Application programming interface

Organizations and practitioners alike need to understand and appreciate that cloud-based development and applications can vary from traditional or on-premise development. When considering an application for cloud deployment, one must remember that applications can be broken down into the following sub-components:

  • Data
  • Functions
  • Processes

These components can be further broken up, so that portions that have sensitive data run in a traditional data center and less sensitive data runs in a cloud computing environment. It is also important for developers to understand that, in many cloud environments, access is acquired through the means of an application programming interface (API). These APIs will consume tokens rather than traditional usernames and passwords. APIs can be broken down into two formats:

  • Representational state transfer (REST)
  • Simple object access protocol (SOAP)

REST defines a set of constraints and properties based on HTTP. These are referred to as RESTful web services and conform to the REST architectural style. By doing this they provide interoperability when computers communicate across the Internet. REST-compliant services allow the requesting systems to access and manipulate textual representations of web resources by using a standard set of stateless operations. SOAP, also referred to as simple object access protocol, is a more structured messaging protocol specification used predominately for exchanging structured information through web services across computer networks. The purpose of SOAP is to deliver extensibility, neutrality, and independence. It uses the XML information set for its message format and relies on application layer protocols, usually Hypertext Transfer Protocol (HTTP) or Simple Mail Transfer Protocol (SMTP), for message negotiation and transmission.

The application programming interfaces (APIs) are a means for a company to expose functionality to applications. Some benefits of APIs include the following:

  • Programmatic control and access
  • Automation
  • Integration with third-party tools

Consumption of APIs can lead to the use of insecure products by a company. Organizations must also consider the security of software (and APIs) outside of their corporate boundaries. Consumption of external APIs should go through the same approval process used for all other software being consumed by the organization. When leveraging APIs, ensure that API access is secured. This requires the use of SSL (REST) or message-level crypto (SOAP), access authentication, and logging of API usage.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset