Last Updated on September 9, 2023 by Aram
In this article, we will learn about the basics of HTTP Web API.
As a Software engineer, regardless of tech stack you are working on, whether it was frontend or backend, at some point of time you will have to consume and integrate with an external service, usually that will be an HTTP Web API.
So let’s learn the different concepts and terms for the basics of HTTP Web API:
- Hyper-Text Transfer Protocol or HTTP is the communication protocol on the web that is used to transmit data
- Foundation of the Web
- Simple: Human readable format
- Extensible using the Headers to send/receive extra information
- Stateless, doesn’t maintain state unless HTTP Cookies are introduced to hold the communication session or state
REST and RESTful Services
- Representational State Transfer or REST is an architectural style to build Programming Interfaces (APIs) for data manipulation through HTTP
- RESTful Services are the web services built using the REST style
- Hosted under domain endpoints
- Allows clients to communicate and access resources
- Uses HTTP as the communication protocol
HTTP-based Web API RESTful services are exposed and can be accessible via different request methods or known as verbs, so below are the most common requests methods:
GET: Used to retrieve data, any parameter should be passed via the query string
POST: Used to submit data within the request body, this is usually used to pass personal or confidential data
PUT: Used to edit record in resource server without creating new record
DELETE: Used to delete a record in server
Other Methods include: PATCH, OPTIONS, TRACE, HEAD, TUNNEL
When a client wants to communicate with a Web API service it can pass different types of requests based on how each endpoint or API is exposed and can process the data.
Below are the different types of data format that can be sent to the HTTP Web API:
- plain: Data will be sent ‘as-is’ in plain text without any serialization, encryption or encoding.
- json: Data will be serialized in JSON format when sent from POST or PUT request body
- form-url-encoded: This is represented as a key-value pair (dictionary) of request parameters that are sent as part of the request body. Use when sending small amounts of data
- form-data: Used when uploading form fields that include file upload, it uploads the data in multiple parts. Use it when sending (binary) or large payloads
Another essential part of any HTTP Web API is the HTTP Headers, this is defined as a dictionary of key value pairs.
Using the HTTP Headers, a client can provide some informational details that can be processed and used, at the server side, by the exposed endpoint . And the same goes the other way around, the server can provide the client, usually a web browser, client, with different headers to be processed.
In simple words, HTTP Headers is a collection of key, value pairs of meta-data that can be passed with each request or response.
HTTP Headers Categories
Headers are categorized by context:
- Request Headers: such as Accept-Language, Authorization…etc.
- Response Headers: such as Connection, Server…etc.
- Representation Headers: such as content-type, content-language…etc.
- Payload Headers: such as content-length, transfer-encoding…etc.
- Http status represents the status of the RESTful service after HTTP Request is completed
- Status codes are represented as 3 digits, where the first digit represents the category:
- 1xx: Request received and under processing
- 2xx: Successful
- 3xx: Redirection (action to be taken by browser or user)
- 4xx: Invalid request by client, data incomplete or invalid
- 5xx: Server-side error ( API crash, misconfigurations, app pool shutdown)
- Used to maintain the state or session between multiple HTTP communications
- A Cookie is a small piece of data passed from server to user’s browser via the set-cookie response header
- Cookies can also be restricted via the use of Secure attribute and HttpOnly Attribute, this is used to prevent Cross-site scripting attack (XSS)
- Cookies are used mainly for Session Management, Personalization and Tracking
- S stands for Secure, which means the HTTP communication between the client (like browser) and the website will happen via a secure channel, using an SSL/TLS encryption protocol
- TLS is the successor of SSL
- TLS v1.2 is the minimum recommended version of TLS that websites should use to maintain a secure website.
- TLS v1.3 is the latest version.
- Your site, including your web API must always use HTTPS
- HTTP/2 is a major revision of the HTTP, introduced in 2015
- Its purpose is to improve the web performance by decreasing latency
- Over 97% of browsers now support HTTP/2
Key Features of HTTP/2 Include
- Multiplexing: Request and Response messages can be transmitted between client and server via bidirectional and concurrent streams (Over the same TCP Connection)
- Weighted prioritization: streams can be assigned weighted value and dependency for the client to display the responses from the streams accordingly
- Sever Push: When client requests a resource, the server can push extra resources to be cached on the client and used when needed
- Headers Compression: using HPACK specification to compress HTTP headers to optimize streams multiplexing
- Though not officially announced, HTTP/3 is the 3rd major revision of the HTTP
- Introduces data transmission on a new transport protocol – Quic or (pronounced as Quick)
- Quick UDP Internet Connections or Quic relies on UDP protocol rather than TCP
- Quic on UDP provides a faster and more efficient communication than TCP which leads to improved web performance and user experience
- Over 75% of browsers now support HTTP/3, more and more sites have started adopting it
Key Features of HTTP/3
- Faster connection setup and reduced Round-Trip Time by combining the cryptographic and transport handshakes
- With the use of Connection IDs, a communication can be maintained between client and server even when device’s network switches to another
- Solves the TCP head-of-line blocking issue: If a packet is lost, the stream-aware Quic communication will know which stream is exactly loss and it will retransmit it
- Enhanced security with transport-level default encryption: which means connections will always be encrypted, which will include data and meta-data about the connection
Advanced Topics in HTTP Web API
Of course this article only covered some of the basic concepts HTTP Web API, there are a lot more stuff to learn about this widely important subject:
Here are some advanced topics to read further about HTTP Web API
HTTP Live Streaming,
HTTP vs Web Socket,
REST vs gRPC,
Web API Security: Authentication, Authorization, IP WhiteListing, SOP, CORS and CSP and others
From the Blog:
Collaborations and Sponsorships
If you want to learn about the available opportunities to collaborate and work together, please check this page:
Here is a lovely piece from the the classical period