Please enable JavaScript.
Coggle requires JavaScript to display documents.
Web application and data exchange research IA3- APIs - Coggle Diagram
Web application and data exchange research IA3- APIs
Possible Data exchange file type
AJAX
Advantages/disadvantages
Function
Security
JSON
Advantages/disadvantages
Function
Security
XML
Advantages/disadvantages
Function
Security
Data can be exchanged over the internet using a variety of methods. A t the network layer the data can be unicast, broadcast or multicast. At the session or application layer the data exchange can be synchronous or asynchronous and can be published in a variety of forms in the presentation layer.
Which format would be the most efficient and thus the best to use
APIs requirements
RESTful API
Application program interface (API) that uses HTTP requests to access and use data (S.Gillis 2021)
It uses less bandwidth, making it more suitable for efficient internet usage (S.Gillis 2021)
REST refers to the representation state transfer and is a flexible and light weight to integrate application (IBM Cloud Education, 2021).
Client request is made via a RESTful API, it transfers a representation of the state of the resource to the requester or endpoint (Red Hat, 2020)
This information, or representation, is delivered in one of several formats via HTTP: JSON (Javascript Object Notation), HTML, XLT, Python, PHP, or plain text (Red Hat, 2020)
Has to conform to the criteria to be considered RESTful
A client-server architecture made up of clients, servers, and resources, with requests managed through HTTP (Red Hat, 2020).
Stateless client-server communication, meaning no client information is stored between get requests and each request is separate and unconnected (Red Hat, 2020).
Cacheable data that streamlines client-server interactions (Red Hat, 2020).
A uniform interface between components so that information is transferred in a standard form (Red Hat, 2020).
API (application programming interface)
Set of rules that define how application or device connect and communicate with each other (IBM Cloud Education, 2021).
Security
tokens
Keys
Authentication
Authorization
Web application Requirements
Provide people with a platform to search for a band/singer
Display an image of the band/ singer that has been searched
Generate a menu of playable music vidoes from the searched band/singer's collection
play the corresponding video when a menu image is clicked
Possible User requirements
Information on different music, artists and bands
quickly retrieve information
Information regarding what bands are playing near where they live
Watch and listen to music videos
Data Requirements
Open API Datasets
Securely exchanged between computer systems
Contains the information presented on the web application's interface
Display following data from API datasets
A dynamic dataset
Search result for a requested band/ artist name
Accompanying image for the requested band/artist
menu listing of the band's songs
Allow video to be played
LastFM Brisbane City Council API datasets
iTunes API datasets
Potential security and privacy threats
External data sets
Gain access to API dataset relevant to web application
File format of the dataset
Incorporation of dynamic data feeds of up-to-date events and resource information
Enable user to view information and media
Ensure information in Dataset is reliable, secure and relevant
Data Security
Security measures (S.Gillis,2021)
Blocking Access from unknown domains
validating URLs
Blocking unexpectedly large payloads
logging requires and investigating failures
HTTPS
Consider the Security risk due to the exchange of data over the internet
Confidentiality, availability, integrity, encryption, authentication, checksums, hashing,
Security of RESTful APis
each API request should come with some sort authentication credentials which must be validated on the server for every request (restfulapi.net,2020).
'The Protection of Information in Computer Systems" by Jerome Saltzer and Michael Schroeder presented eight design principles for securing information in computer systems (restfulapi.net,2020).
Least Privileges
Fail-safe defults
Economy of Mechanism
Complete Mediation
Open design
Separation of Privilege
Least Common Mechanism
Psychological Acceptability
Always use HTTTPS
Use password Hash
Adding Timestamp in Request, Input parameter Validation