Please enable JavaScript.
Coggle requires JavaScript to display documents.
Data Exchange Systems and API's - Coggle Diagram
Data Exchange Systems and API's
Data Exchange Systems
Enable the
transfer of data between different systems
or application
Typically involves using an
API
to transfer data between a
client (web app)
and a
server
API stands for Application Programming Interface which is a set of
protocols
and
standards
that define
how different software application should interact with each other
The client application makes a
request
to the server via the API
A response is returned typically in the form of data. Usually in the following API formats:
JSON
XML
CSV
Data Security
RESTful APIs and their vulnerabilities
SQL injection
Broken object level authorisations
Open Data
Identity Theft
General Malware
Phishing and social engineering attacks
Insider threats
Ransomeware attacks
Advanced Persistent Threat (APTs)
Distributed denial of service (DDoS) attacks
Physical theft or loss
Software vulnerabilities
Data breaches
Data Privacy
Refers to the ability of an individual or a company to control how their personal or sensitive data is collected
Implementing access controls and user ai=uthentication
Using encryption and hashing
Regularly updating software and hardware
Conducting regular security audits
Providing security awareness training
A Virtual Private Network (VPN)
Virues protection softwware
Cookies
Online data collection
API Formats
CSV
Comma Separated Values (CSV), is a simple text format that is used to store and exchange data.
Contains rows of data with each representing a record and each field separated by a comma
Widely used in spreadsheets and is supported by most programming languages
Strengths
Simple format, easy to read and manipulate using built in functions
Compact format making it faster to transmit
Weaknesses
Limited support for data types which can make it difficult to represent complex data structures
Doesn't support data compression which can be a problem for large data sets
Context
Commonly used in enterprise applications and web services
XML
Extensible Markup Language (XML) is a markup language designed to store and transport data
Similar structure to HTML but is more flexible and extensible
Widely used in enterprise applications and is supported by most programing languages
Strengths
Self describing, meaning it contains metadata about the data being transmitted
Easier to understand structure of the data
Easy to parse and manipulate using built-in functions in most programming languages
Supports data compression, making it suitable for large data sets
Weaknesses
More vobose making it slower and harder to read
Requires more processing power which can impact performance
Context
Commonly used in enterprise applications and web services
JSON
JavaScript Object Notation (JSON) is a lightweight and popular data interchange format used t transmit data between a server and a client
Supported by most moderen programming languages
Strengths
Compact structure meaning faster to transmit
Easy to read
Easy to parse and manipulate using built in function in most programming languages
Supports nested data structures and is a widely accepted format for web API's
Weaknesses
Not be as easy to read for non-developers compared to other formats
May not be suitable for large data sets due to its lack of support for data compression
Context
Commonly used in web applications, mobile applications and RESTful web services
Jitter and Latency
Jitter:
refers to the variation in the data delivery delay in a network
Can have significant impact of the reliability of performance of the service
Latency:
When data is sent between two systems they might not all arrive simultaneously due to variations in network
latency
, congestion and other packets
Jitter can also cause issues with real applications that rely on low latency, like voice or video. For these even small amounts of jitter can result in noticeable audio or video distortion
Restful Web Service
Follows the principles of Representational State Transfer (REST)
Consists of resources that can be accessed and manipulated using standardised HTTP methods: GET, POST, PUT, DELETE
Key Features:
Stateless: The server does not store any client context between requests. Each request contains all the necessary information for the server to handle the request.
Resource-oriented: The service is organized around resources, which are identified by URIs. Clients interact with resources using standard HTTP methods (e.g., GET, POST, PUT, DELETE).
Representation-driven: Resources are represented in a format that can be understood by the client. This allows the client to choose the representation that best suits its needs (e.g., JSON, XML).
Self-describing messages: Each message contains enough information for the receiver to understand how to process it.
Client-server architecture: The service separates the user interface concerns from the data storage concerns. This allows both components to evolve independently.
Synchronous and Asynchronous
Synchronous
Known as blocking APIs, require the client to wait for a response before continuing.
When a client sends a request to a synchronous API, it will block and wait until the API has finished processing the request and sends back a response.
This means that the client cannot do anything else while waiting for the response.
Asynchronous
APIs, on the other hand, allow the client to send a request and continue working on other tasks while waiting for a response.
When a client sends a request to an asynchronous API, it does not block and wait for a response.
Instead, the API immediately acknowledges the request and allows the client to continue working.
Once the API has finished processing the request, it sends a response back to the client, typically through a callback function or a separate notification channel.
API Keys
Unique codes or tokens that are assigned to a user or application, which allows them to access and use an API (Application Programming Interface).
API keys improve safety in several ways.
API keys also help to prevent SQL injection attacks.
A successful SQL injection attack can lead to:
Bypassing authentication
Exfiltrating/stealing data
Modifying or corrupting data
Deleting data
Running arbitrary code
Gaining root access to the system itself
API keys serve as a means of authentication and authorization to ensure that only authorized users or applications can access the API and its resources.
Firstly, they help prevent unauthorised access to the API by requiring users to present a valid API key before accessing its resources.
This means that only authorized users or applications can access the API, reducing the risk of attacks by malicious actors.
SQL injection is a type of attack that involves inserting malicious SQL code into a web application's input fields, which can then be executed by the database server, allowing an attacker to gain unauthorised access to sensitive information.