Representational state transfer is a software architectural style that describes a uniform interface between physically separate components, often across the Internet in a client-server architecture.
URL vs URI: URI identifies a resource and differentiates it from others by using a name, location, or both. URL identifies the web address or location of a unique resource. URI contains components like a scheme, authority, path, and query. URL has similar components to a URI, but its authority consists of a domain name and port.
Request:
An API call, or API request, allows one application to request data or services from another application. The request is made via the API that accesses the web server to retrieve the requested data
Sample Excel
WinHTTP: Microsoft Windows HTTP Services (WinHTTP) provides developers with an HTTP client application programming interface (API) to send requests through the HTTP protocol to other HTTP servers. in Excel- VB environment->Tools->Reference->Microsoft WinHTTP Service
1xx: Informational – Communicates transfer protocol-level information.
2xx: Success – Indicates that the client’s request was accepted successfully.
3xx: Redirection – Indicates that the client must take some additional action in order to complete their request.
4xx: Client Error – This category of error status codes points the finger at clients.
5xx: Server Error – The server takes responsibility for these error status codes.
Response: Response -From The Server- will be in Json format usually.
VBA Jason
JSON conversion and parsing ( Parsing means converting a program into an internal format ) for VBA grew out of the excellent project vba-json, with additions and improvements made to resolve bugs and improve performance (as part of VBA-Web). Drag and drop the “JasonConverter.bas” file into vba Module section
Dictionary Object:
A Dictionary object use to store any form of data in the array. Each item is associated with a unique key. The key is used to retrieve an individual item. Pay attention that the data sent by the server is completely unknown for VBA and excel so a dictionary is required to store the data in an array. “Microsoft Scripting Runtime” is an object dictionary. Same as Winhttp add it to the VBA
Format in Excel
Insomnia
Insomnia is a powerful REST API client that helps developers make and debug web and mobile applications. It offers a comprehensive set of features for both manual and automated testing, including support for GraphQL, OAuth, OpenAPI, and WebSocket requests. It is available for macOS, Windows, and Linux, as well as a mobile app for iOS and Android.
Project files are the main way to store and manage your requests in Insomnia. Projects can contain multiple documents, which can be used to group related requests into logical categories. Documents can also contain collections, which are groups of related requests that can be run as a single unit. All of these components can be imported and exported from Insomnia, making it easy to share your work with others.
Flow
Insomnia’s flow feature allows you to capture and organize your requests into groups, perform bulk actions on them (such as running all requests at once), and share them with others. It is a great way to quickly create and manage complex workflows, such as testing an entire API or automating repetitive tasks.
Tabs:
Design tab allows you to create and edit requests. It includes a syntax-highlighted editor for writing HTTP requests and a request builder for constructing requests graphically.
Debug tab shows the response information for each request, including the response body, status, and headers. You can also use this tab to inspect and debug requests, as well as to check for problems such as slow response times.
Test tab lets you write tests to validate that your requests are returning the expected responses. Tests can be written in JavaScript, and Insomnia integrates with popular testing frameworks such as Jest and Mocha.
Top-6
SOAP: It’s a veteran in the field, mature, comprehensive, and XML-based. SOAP is heavily used in financial services and payment gateways where security and reliability are key.
SOAP (Simple Object Access Protocol) is an XML-based protocol for exchanging information among computers over the web. It defines a set of rules for structuring messages that can be used for simple one-way messaging or more complex request/response exchanges. It works by using an XML-based protocol to communicate between two computers over the internet, using HTTP as the communication layer. Since it is based on XML, SOAP can be used to communicate between any platform, as long as both sides speak the same protocol.
RESTful: if you’re working on a lightweight mobile app or a quick prototype, SOAP might be overkill due to its complexity and verbosity. Then, there are RESTful APIs. They’re like the Internet’s backbone. Popular, easy to implement, and use HTTP methods. Most of the web services you interact with daily, like Twitter or YouTube, are powered by RESTful APIs. But remember, if you need real-time data or operate with a highly connected data model, REST might not be the best fit.
GraphQL: vIt’s not just an architectural style but also a query language, allowing clients to ask for specific data as they need. This means no more over-fetching or under-fetching of data. You ask for exactly what you need. This leads to more efficient network communication and faster responses. Facebook developed GraphQL, Now it’s used by companies like GitHub and Shopify. Its flexibility and efficiency make it a strong choice for applications with complex data requirements. But GraphQL does come with a steep learning curve and might be overkill for simpler applications. It also requires more processing on the server side due to its flexible querying capabilities.
gRPC: It’s modern, high-performance, and uses Protocol Buffers. It’s a favourite for microservices architectures, and companies like Netflix use gRPC to handle their immense inter-service communication. However, if you’re dealing with browser clients, gRPC might pose some challenges due to limited browser support.
gRPC (Google Remote Procedure Call) is a protocol that allows applications to communicate with each other over the Internet. It is based on a high-performance open-source framework that utilizes HTTP/2 as the communication protocol. gRPC is designed to be fast, secure, and highly extensible. It supports bidirectional streaming and can be used to send and receive data between client and server. gRPC also provides its own IDL (Interface Definition Language) which can be used to define service interfaces, request/reply messages and support interfaces for streaming data.
WebSocket is all about real-time, bidirectional, and persistent connections. It’s perfect for live chat applications and real-time gaming, where low-latency data exchange is crucial. But if your application doesn’t require real-time data, using WebSocket might be an unnecessary overhead.
Webhook: It’s all about event-driven, HTTP callbacks, and asynchronous operation. For instance, GitHub uses webhooks to notify your other systems whenever a new commit is pushed. But remember, if you need synchronous communication or immediate response, webhook might not be your best bet. Simply You can use webhooks to keep your APP up to date with the latest information.
Fetch: fetch() is an api that allows Javascript to request both local and external resources (including files in the same directory, a web page from the same origin, or a remote API). It returns a promise that can be used to handle the response.
Promise: A promise in JavaScript is an object that might produce a value at some point in the future. It can either be resolved (fulfilled) with a value or rejected with a reason for failing to produce it. It can also be pending, meaning that the outcome is still undetermined.
fetch(‘webaddress’) // it returns a Promise
.then(response => response.json()) // Promise change to json
.then(json => { … } // json extract data with “json.xxxx”
is the common structure for using fetch.
Authentication (auth)
1. Basic Authentication
This is one of the simplest forms of authentication. It involves sending a username and password with each API request, usually encoded in base64. Although it’s easy to implement, it’s not the most secure method since credentials are sent with each request. This could potentially be intercepted by unauthorized parties.
2. API Keys
An API key is an identifier that is included in request headers or query parameters. These are easy to implement and used to control and monitor API usage. However, since the key is often sent with each request, it can be compromised if not handled securely.
3. Bearer Authentication (Token Authentication)
Tokens are typically represented by JWTs (JSON Web Tokens). The server generates a token that a client must include in the HTTP Authorization header for all subsequent requests after the user logs in. The tokens can contain user information and are signed to prevent tampering.
4. OAuth
Third-party services can exchange web resources on behalf of a user with the help of OAuth, a more complex authorization framework. Users can log into third-party applications using their credentials from a provider like Google or Facebook without revealing their passwords. In OAuth 2.0, access tokens are used for API requests, and refresh tokens are used to obtain new access tokens.
5. Digest Authentication
Authenticated requests use MD5 hashes of passwords and a server-generated nonce value similar to basic authentication but more secure. It is more secure than basic authentication but less common today due to better alternatives.
6. Hawk Authentication
Hawk uses an identifier and a key to authenticate clients over HTTP. Unlike OAuth, Hawk is not intended for delegating access to third parties. Shared symmetric keys are useful for services that have been established in advance.
7. AWS Signature
This is specific to Amazon Web Services and involves signing your requests with your AWS access keys. This method ensures that AWS can verify who sent the request and whether it was altered in transit.
Electrical Engineer 