👶API Hacking Basics

What is an API

Definition:

  • Application Programming Interface

  • Sometimes apps need to communicate

  • Can be on different levels - OS, Web...

  • We will focus on web APIs

The importance of APIs in today's digital age

Types of API

  • Web APIs (e.g. REST, SOAP, GraphQL)

  • Database APIs

  • Operating System APIs

  • Library & Framework APIs

How APIs work

  • Request & Response Model.

  • HTTP Methods (GET, POST, PUT, DELETE).

  • Status Codes.

API components

  • Endpoints

  • Parameters

  • Headers

  • Payload/Body

AUTHENTICATION & AUTHORIZATION

  • API Keys.

  • OAuth.

  • JWT (JSON Web Tokens).

  • Basic Authentication.

Common use cases of APIs

  • Integration between software applications.

  • Mobile apps fetching data.

  • Web apps interacting with backend servers.

  • Third-party integrations.

Benefits of using APIs

  • Scalability.

  • Modularity.

  • Time-saving.

  • Integration capabilities.

Potential risks

  • Brief introduction to why API security is crucial (this will set the stage for subsequent lessons in pentesting).

API documentation & testing tools

  • Imortance of clear API documentation.

  • Introduction to tools like Postman & Swagger.

Visit: https://developers.strava.com/playground/

OWASP API Top 10

TOP 10

PreviousAPI TestingNextPracticals

Last updated