API: Application programming interface. A set of accessible tools for building software applications
API Endpoint: The URL of a server or service
Endpoint: An endpoint is a remote computing device that communicates back and forth with a network to which it is connected
URL: Uniform Resource Locator. An address of a web page or resource
What is an API, and what is an Endpoint?
API is a set of protocol and tools that allow two applications to communicate. The two applications can sit on the same machine (your current Application, that is your Web Browser, communicates with the Operating System on your machine to display this article).
The use of an
API means that an interface is public so programs can easily communicate with each other and act in expected ways (forming a contract across the interface).
On the other hand, an
Endpoint is a URL that enables the
API to access resources on a server, often through a RESTful
The interface can (as shown above), provide a series of
Endpoints that can be called at any time.
Break it down
API Endpoint is the
URL for a server or a service. These
APIs operate through responses and requests — that is you make a request and the API Endpoint makes a response.
A simple example of this is this particular Websites and article. The Websites is Medium, and your Web Browser makes a request for the content.
The Endpoint for this particular article is https://firstname.lastname@example.org/endpoint-vs-api-ee96a91e88ca, and this is obtained by the browser making a GET request, and receiving this article in return.
Note: It is true that more is going on in real life than this, this is a simplified example for easy digestion on this particular topic.
Endpoint gives us the exact location of the service/resource that we wish to access (in this case this particular article).
The performance of any particular
Endpoint, and the
API in general depends on how well (quantitively and qualitatively) the requests are dealt with.
Securing API Endpoints
Use the HTTPS protocol
Apple already enforce that iOS apps only communicate through the secure HTTPS protocol (ok, they allow a way around this…for now, but the direction of travel is there) to make it more difficult to hack clients and redirect traffic to a different
In fact, many websites are HTTPS are only and this is for the safety of you — the clients of the website.
And that’s a good thing.
It is possible to limit the number of requests that any client can give to an
Endpoint. This helps to stop an attack which (unsophisticated though it is) makes clients repeatedly make requests to an
Endpoint until it can no longer function.
Smart hackers do this to try to put the server into a state in which they can manipulate it and perhaps gain access to data on the server.
Everyone wants to stop this type of attack.
Checking the input made through an
API Endpoint is essential, perhaps through a webform or similar is essential. This is the basis of an attack called SQL Injection which is perhaps one of the most popular attacks on websites. The massive Sony PSN hack in 2011? SQL Injection. Please make sure that you have some input validation on your website!
This has been quite a journey. Endpoints and APIs are two different things, and now there is no excuse to mix up the two terms.
Done and done!
The Twitter contact:
Any questions? You can get in touch with me HERE