### Q1. What is an API? Give an example, where an API is used in real life.

An API, or application programming interface, is a set of defined rules that enable different applications to communicate with each other. It acts as an intermediary layer that processes data transfers between systems, letting companies open their application data and functionality to external third-party developers, business partners, and internal departments within their companies.

Suppose, you are making payment using PhonePay. Now, when you generate a transaction in PhonePay, PhonePay has to communicate with the bank servers to check the account whether it has enough balance or not or whether the account details of the sender exist or not. Now, the Bank Server could be build on a completely different programming language and has it own set up which could be very different than PhonePay. So, here the API comes into the play. It works as an interface between those two application, like a translator does to two different lingual people.

### Q2. Give advantages and disadvantages of using API.


<b><u>Advantage:</u></b>

1. Securely control and manage how users and systems access data and service functionality;
2. Allow third parties to use its data -- even in a limited sense -- which increases a company's brand exposure;
3. Grow its customer database and increase its conversion rate by aligning its services with other trusted brands; and
4. Monetize its APIs so that they become a line of revenue. This is a common tactic for online payment gateways. For example, companies that use PayPal's APIs are willing to pay to use a trusted payment system.


<b><u>Disadvantage:</u></b>

1. API development can be complex and costly to integrate with the systems and data they represent. Certain types of functionality might be better addressed through an approach such as robotic process automation.
2. Because they are driven by standardization, APIs are also vulnerable to cyber attacks related to data exposure, user authentication, object-level and function-level authorization, mass assignment and injection attacks.
3. APIs are frequently updated, making it difficult to keep documentation up to date. Proper API lifecycle management and deprecation of old APIs can help mitigate this challenge.
4. APIs must be tested to ensure they perform as needed. The best approach is to codify testing practices.

### Q3. What is a Web API? Differentiate between API and Web API.

<b><u>Web API:</u></b>

Web API is an API as the name suggests, it can be accessed over the web using the HTTP protocol. It is a framework that helps you to create and develop HTTP based RESTFUL services. The web API can be developed by using different technologies such as java, ASP.NET, etc. Web API is used in either a web server or a web browser. Basically Web API is a web development concept. It is limited to Web Application’s client-side and also it does not include a web server or web browser details. If an application is to be used on a distributed system and to provide services on different devices like laptops, mobiles, etc then web API services are used. Web API is the enhanced form of the web application.


<b><u>Difference between API and Web API:</u></b>


A Web API is an API that's specifically accessible over the internet (or at least some sort of network). Typically this means sending HTTP(S) requests to a server, which processes them and returns a response. The Web API defines what data these requests should have and to which addresses they should be sent to.

APIs consist of non-web APIs as well which are accessed through other means, like calling functions in a library and all that.

Web APIs are just one type of possible API:s. It's just that the web is one of the best ways of delivering APIs, and as such, most APIs are web APIs, to the point that API is almost synonymous with "web API". 


### Q4. Explain REST and SOAP Architecture. Mention shortcomings of SOAP.

<u><b>REST API:</b></u>

REST (Representational State Transfer) is truly a “web services” API. REST APIs are based on URIs (Uniform Resource Identifier, of which a URL is a specific type) and the HTTP protocol and use JSON for a data format, which is super browser-compatible. (It could also theoretically use the SOAP protocol, as we mentioned above.) REST APIs can be simple to build and scale, but they can also be massive and complicated—it’s all in how they’re built, added on to, and what they’re designed to do.

An application is said to be RESTful if it follows 6 architectural guidelines. A RESTful application must have:

1. A client-server architecture composed of clients, servers, and resources.
2. Stateless client-server communication, meaning no client content is stored on the server between requests. Information about the session’s state is instead held with the client.
3. Cacheable data to eliminate the need for some client-server interactions.
4. A uniform interface between components so that information is transferred in a standardized form instead of specific to an application’s needs. This is described by Roy Fielding, the originator of REST, as “the central feature that distinguishes the REST architectural style from other network-based styles.”
5. A layered system constraint, where client-server interactions can be mediated by hierarchical layers.
6. Code on demand, allowing servers to extend the functionality of a client by transferring executable code (though also reducing visibility, making this an optional guideline).


<u><b>SOAP API:</b></u>

SOAP (Simple Object Access Protocol) is its own protocol and is a bit more complex by defining more standards than REST—things like security and how messages are sent. These built-in standards do carry a bit more overhead. Still, they can be a deciding factor for organizations that require more comprehensive features in the way of security, transactions, and ACID (Atomicity, Consistency, Isolation, Durability) compliance. For the sake of this comparison, we should point out that many of the reasons why SOAP is a good choice rarely apply to web services scenarios, which makes it more ideal for enterprise-type situations.


Reasons you may want to develop an application with a SOAP API include higher levels of security (e.g., a mobile application interfacing with a bank), messaging apps that need reliable communication, communicating with legacy systems, or ACID compliance.

1. SOAP has much tighter security. In addition to SSL support, WS-Security is a built-in standard that gives SOAP some more enterprise-level security features if you require them.
2. Successful/retry logic for reliable messaging functionality. REST doesn’t have a standard messaging system and can only address communication failures by retrying. SOAP has successful/retry logic built-in and provides end-to-end reliability even through SOAP intermediaries.
3. SOAP has built-in ACID compliance. ACID compliance reduces anomalies and protects the integrity of a database by prescribing how transactions can interact with the database. ACID is more conservative than other data consistency models, which is why it’s typically favored when handling financial or otherwise sensitive transactions.


<u><b>Shortcomings of SOAP:</b></u>

1. SOAP supports only XML data exchange.
2. SOAP messages are larger, which makes communication slower.
3. SOAP is difficult to scale. The server maintains state by storing all previous messages exchanged with a client.

### Q5. Differentiate between REST and SOAP.

<pre>

</pre>

<table>
    <tr>
        <th>Points</th>
        <th>SOAP</th>
        <th>REST</th>
    </tr>
    <tr>
        <td>Stands for</td>
        <td>Simple Object Access Protocol</td>
        <td>Representational State Transfer</td>
    </tr>
    <tr>
        <td>What is it?</td>
        <td>SOAP is a protocol for communication between applications</td>
        <td>REST is an architecture style for designing communication interfaces.</td>
    </tr>
    <tr>
        <td>Design</td>
        <td>SOAP API exposes the operation.</td>
        <td>REST API exposes the data.</td>
    </tr>
    <tr>
        <td>Transport Protocol</td>
        <td>SOAP is independent and can work with any transport protocol.</td>
        <td>REST works only with HTTPS.</td>
    </tr>
    <tr>
        <td>Data format</td>
        <td>SOAP supports only XML data exchange.</td>
        <td>REST supports XML, JSON, plain text, HTML.</td>
    </tr>
    <tr>
        <td>Performance</td>
        <td>SOAP messages are larger, which makes communication slower.</td>
        <td>REST has faster performance due to smaller messages and caching support.</td>
    </tr>
    <tr>
        <td>Scalability</td>
        <td>SOAP is difficult to scale. The server maintains state by storing all previous messages exchanged with a client.</td>
        <td>REST is easy to scale. It’s stateless, so every message is processed independently of previous messages.</td>
    </tr>
    <tr>
        <td>Security</td>
        <td>SOAP supports encryption with additional overheads.</td>
        <td>REST supports encryption without affecting performance.</td>
    </tr>
    <tr>
        <td>Use case</td>
        <td>SOAP is useful in legacy applications and private APIs.</td>
        <td>REST is useful in modern applications and public APIs.</td>
    </tr>
</table>