What do you have on your mind when you hear the word API? Something technical, hard to understand or not interesting at all? What if I tell you interacting with an API can be fun & interesting thing to do. Well, Yes, I am telling you this. I am a person who started testing an API without knowing what status an API returns on success.
In the beginning, it might sound very technical that you have to test something which has no graphical user interface and have to talk in a technical language to access details which can be accessed in a lot more user friendly way but once you start learning what it is all about it would be much more fun to interact this way with an application because it would allow you to do a lot more with the boundaries of an application. In fact, it would allow you to stretch the boundaries of your application and also allow you to know the pros and cons of your application.
So, let me first tell you in simple language what an API is. It is an application programming interface. We all have gone through some complex definitions but it all sums up to one thing – an Application programming interface. It is nothing but a framework which allows you to talk with another application. Each application is built on the basis of some business logic which you will get defined at the API level. In fact, these business logics can be tested first using an API before going into the details of user interface. Now, before knowing how to use an API just know that each and every application follows some basic rules to communicate. If you want to know about any application, you need to know the Authentication rule it follows. Every application would use some keys to validate the user who is trying to communicate with it. Hence, first know the authentication mechanism of an application. For example, the popular eCommerce platform Magento 2 which supports the REST API follows NoAuth mechanism.
Using this authentication mechanism you have to generate a key to interact with the application. To get this auth token you need to give your user details. Once you know about the authentication mechanism you have to understand to access each resource you will have to hit a specific URL. The URL will be customized with an endpoint.
Now, the question is, what is an Endpoint? An endpoint is just a reference to a unique resource Identifier that accepts web requests. It is nothing but a connection-point to the web service. Every individual data record has its own endpoint. The endpoint is what you’ll point your HTTP client at to interact with. All resources are accessed through a common base path of /resource/ along with their dataset identifier.
Now, let’s come to the methods.
4 Commonly Used API Methods
- GET: It allows you to get some information about the module you are communicating with.
- POST: It is used to create new information.
- PUT: It is used to update or replace an existing resource
- DELETE: It is used to remove a resource
So we are done with authentication, URL and the method through which we want to access the resource or modify it.
Let’s look at the request structure:
REST API (Representational State Transfer):
In Rest API for sending and receiving messages, we use HTTP methods. It does not require a strict message definition, unlike web services and is easier to the user for understanding what information user wants to work on.
REST messages accepts the form either in the form of XML or JavaScript Object Notation (JSON).
There’s one last thing to do once you are all set to hit send i.e. the custom header. Remember the auth token I mentioned earlier? That needs to be passed along with your every request under the Header section as well as you have to specify the content-type of your request packet such as application/json etc.
I will give you an example of generating auth token for Magento 2 through postman. Here, you give your Magento URL (base URL) and along with that add:
rest/v1/integration/admin/token
It will look as:
<yourMagentoBaseURL>/rest/V1/integration/admin/token
Keep the method to POST (as you are posting some data to the application for verification) and in Body (Request Packet) give your user credential in this format:
{"username" : "<YourUsername>" , "password" : "<YourPassword>"}
Under header specify content-type as application/json.
Hit Send.
In response you should get a token with a success status response (200 OK) which you can put under Header section as Authentication bearer<YourToken> along with the content-type and access different resources using different endpoints.
Once you are done authenticating yourself to the application, use the token to get, update or create any information and test the application boundaries. Verify the status it returns on every action you perform and also see how much in response the application is exposing itself. Use the additional information in response and try to know more and experiment how far the application allows you to go with all it’s parameters.
Yes, there are limitations as due to the absence of GUI. The parameters and categorization is not known always and how to provide the inputs are also not known to the user but for some application where the API request packets are defined you can make full use of it and know more about these building blocks of an application. Let us know how does it work for you!
You may also like:
How to access Lightspeed POS APIs
Magento 2.0 API Issue in Attribute Set
API Usage Limit in Salesforce- Essential for external data exchange
