What is REST API?
REST APIs are a standard way of providing access to data from a web server to clients such as mobile apps, web sites, or Internet of Things devices. They can allow clients to create, remove, update, or delete data, or to provide some type of data analysis.
Typically, people do not interact with REST APIs directly. Instead, people interact with client software on their phone, browser, or another device, which in turn requests and modifies data from one or more REST APIs in the background. REST API is typically programmed with a web scripting language such as Python, Ruby on Rails, or PHP, which interacts with a database or other APIs. The REST API is accessible by URL, just like a website. Except instead of requesting a website with a web browser, another software client is requesting data. The scripting language is configured to run through a web server such as Apache or NGINX so that requests can be processed and responses can be delivered back to the client via the Internet. When a client submits a request via a URL, the server determines what action to take and how to process and present any data involved. It responds with a status code, some formatting headers, and structured data.
The client retrieves this data and converts it into something useful to the program or its users. The server treats each request as a new, unique request, meaning it does not store session variables or maintain any state information about the client. A REST API may have many clients and a client powers a REST API may also be a client for other REST APIs.
The data stored on a REST server is called a resource. This can be any type of data, from time-sensitive data such as stock quotes, real-world data such as contact information, documents, images, audio, or anything else. In some cases, the actual resource data is stored in a database on the server, but with REST this resource is typically represented in JSON, XML, or some other common format that is compatible with HTTP. JSON is the most popular.
The same resource can be represented in either JSON or XML, for example details of the book “War and Peace” by Leo Tolstoy represented in JSON:
{
"title": "War and Peace",
"author": "Leo Tolstoy",
"published_year": "1869",
"num_pages": "1225"
}The same book resource represented in XML:
<root>
<book>
<title>War and Peace</title>
<author>Leo Tolstoy</author>
<published_year>1869</published_year>
<num_pages>1225</num_pages>
</book>
</root>More information about the JSON data format can be found at http://json.org.
Using a common representation and the REST protocol, a client can access or modify a resource using a REST interface. Many REST APIs exist to perform a variety of tasks, from payment processing, marketing, finance, travel and logistics, sports, weather, and more. A few interesting APIs include:
- Stripe (stripe.com): allows developers to integrate credit card processing into their website so they can create an online store.
- From Data With Love (fromdatawithlove.com): predicts demographic information based on people’s name and job title.
- SkyScanner (skyscanner.com) provides flight prices and route tracking information.
- OpenWeatherMap (openweathermap.org) provides historical and current, and forecasted weather data.
- Yahoo! Finance (yahoo.com) provides stock quotes.
- DataDemograph (datademograph.com) provides demographic information for US addresses.
- Yelp (yelp.com) provides photos, menus, reviews, and hours of operations for restaurants.
- Rebrandly (rebrandly.com) creates custom tiny URLs.
Who Uses REST APIs?
Although REST is typically human-readable, it is designed to be used by other software known as a Client. REST APIs are made so that other software developers can add functionality to their software and apps. REST services are client-agnostic, meaning that any type of client software can interface with them. A web browser, a smartphone, a smartwatch, or any other software can interface with a REST server. The REST server does not know or care what type of client connects.
The REST API provides representations of resources, which can be used or displayed in any way the client sees fit. For example, FlightAware has a flight tracker API. Using this API, flight alert and tracker clients have been built for iPhone, Android, smartwatches, web browsers, and email clients to name a few. Any technology that can connect to the Internet and talk to an HTTP server can become a REST client.
For example, here are just a few clients that use the FlightAware API.
What makes REST APIs useful then is that they provide easy access to useful data so that other developers can create better applications with richer data in less time. In providing this, a REST API can make money by charging small amounts of money for many applications to access data simultaneously. For this reason, most REST APIs restrict who can access what data, what permissions are granted, and how many requests can be made in some period of time.
How do REST APIs Work?
REST APIs power all modern apps and websites. They are a protocol, a way of doing things rather than a specific programming language or technology. REST APIs generally provide a predictable mechanism to let a client take one or more actions with structured data at one or more endpoints.
The REST protocol requires that each function is accessible via a unique URL or Endpoint. HTTP methods represent actions, each endpoint represents a unique resource type, and structured data represents the resource.
In a traditional website, a user navigates their browser to a unique website address known as a Uniform Resource Locator or URL. The user’s browser downloads content and supporting files, typically HTML, JavaScript, images, and stylesheets from the web server at this address and renders them as a web page. Each link a user clicks on the web page causes the browser to access another web page URL and supporting files. Each page load is static and stateless, meaning that each page can be loaded independently. Forms can be used to add or alter a user’s data in the web application and altered user content can only be displayed when a new page is loaded. This paradigm provides slow user experience and is resource-intensive for both the server and the browser.
By loading data from URLs in the background, REST APIs allow web applications to update without rendering a whole new page. The resulting mobile apps and websites allow users to interactively modify their data across the Internet, without having to load a new page and supporting files. When well done, the result is websites that load and render in a few seconds and provide app-like interaction using content provided by potentially many data providers. This paradigm allows for faster development cycles on a broader number of platforms, a faster user experience, experience, reduced server load, and unlimited interaction.
An example of this is Facebook. Facebook provides APIs for its applications so that both the mobile apps and website access the same content and so the mobile apps and website behave like the same interactive application. Facebook’s APIs allow these apps to send and display status updates, images, comments, reactions, and messages. REST doesn’t create or modify data. It is the format that allows client and server software to talk to each other. Both client and server software may create or modify data, but the common language they use to communicate is REST.
Tyler Wall is the founder of Cyber NOW Education. He holds bills for a Master of Science from Purdue University, and also CISSP, CCSK, CFSR, CEH, Sec+, Net+, A+ certifications. He mastered the SOC after having held every position from analyst to architect and is the author of three books, 100+ professional articles, four online courses, and regularly holds webinars for new cybersecurity talent.
You can connect with him on LinkedIn.
Get 20% off all courses in our On-Demand catalog with coupon code “Welcome20”
Download the Azure Security Labs eBook from the Secure Style Store. These labs walk you through several hands-on fun labs in Microsoft Azure, leaving you with the know-how to create a gig in Fiverr or Upwork to start your cybersecurity freelancing.
Also available in the Secure Style Store, download the Job Hunting Application Tracker for FREE to keep track of all your job applications.
Check out my latest book Jump-start Your SOC Analyst Career: A Roadmap to Cybersecurity Success published June 1st, 2024 and winner of the 2024 Cybersecurity Excellence Awards.
