Application Programming Interfaces (APIs)

Questions and Answers

Explain how an API allows for implementation flexibility without affecting users. Provide a hypothetical example.

An API defines operations, inputs, and outputs without specifying the underlying implementation. This means the internal code can be changed or optimized as long as the API contract (the defined inputs and outputs) remains the same, therefore not impacting users. For instance, a mapping API could switch from using one map data provider to another without users needing to change their code.

Why is API thinking believed to enhance code quality during software development?

API thinking encourages developers to design modular, reusable, and well-defined components. By focusing on clear interfaces and separation of concerns, it leads to more maintainable, testable, and understandable code.

In the context of the Dropbox API example, what is the purpose of the 'Authorization' header in the curl command?

The 'Authorization' header is used to authenticate the user making the API request. It contains a 'Bearer' token, which is a credential that verifies the user's identity and permissions to access the requested resource (in this case, downloading a file).

Explain why the principle 'hard to misuse' is an important characteristic of a good API. Provide an example of how an API might violate this principle.

An API that is 'hard to misuse' is designed in a way that it guides developers toward correct usage and minimizes the chances of errors. An API violates this principle if it has unclear naming conventions, ambiguous parameter requirements, or lacks proper validation, leading developers to make mistakes easily. For instance, having an API that can delete data without confirmation or easily allows unintentional deletion of production data by using parameters that aren't intuitive.

What does it mean for a RESTful API to be 'stateless,' and why is this beneficial?

A stateless RESTful API means that the server does not store any client context between requests. Each request from the client to the server must contain all the information necessary to understand and process the request. This is beneficial for scalability, as the server doesn't need to manage sessions, and any server can handle any request.

Differentiate between SOAP and GraphQL in terms of data format and readability.

SOAP (Simple Object Access Protocol) uses XML for message formatting, which is often verbose and less human-readable. GraphQL, on the other hand, offers a more flexible, declarative query language that allows clients to request specific data, resulting in more concise and readable data structures.

Explain the significance of using HTTP for resource manipulation in RESTful APIs.

Using HTTP for resource manipulation provides a clear and universal way to interact with resources. HTTP verbs like GET, POST, PUT, and DELETE map directly to common operations (CRUD), making the API intuitive and leveraging existing infrastructure and standards.

Describe the key components of an HTTP request and an HTTP response.

An HTTP request consists of a verb (e.g., GET, POST), URI, HTTP version, header, and body. An HTTP response includes the HTTP version, response code, header, and body.

Explain why GET requests are considered 'safe' in the context of HTTP methods.

GET requests are considered 'safe' because they should not cause any changes to the resource being accessed. Although the server is not forced to adhere to this, it is expected that a GET request will only retrieve information and not modify the state of the system.

Explain what it means for PUT and DELETE requests to be idempotent.

PUT and DELETE requests are idempotent, which means that executing the same request multiple times has the same effect as executing it once. In the case of PUT, it updates a resource to a specific state, so repeating the request will ensure the resource is in that state. For DELETE, after the first request, subsequent requests will have no further effect because the resource is already gone.

Why is the standardization of HTTP format considered an advantage for API adoption?

Standardization simplifies adoption because developers are already familiar with the format, and there are numerous tools and libraries available to handle HTTP requests and responses. This reduces the learning curve and development time.

What are the trade-offs between using JSON and XML for data representation in APIs?

JSON is generally more lightweight and easier to parse, making it faster to transmit and process, while XML is more verbose and has a richer set of features. JSON is often preferred for its simplicity and ease of use, but XML may be chosen when complex data structures or specific validation requirements are needed.

Explain the significance of HTTP status codes in API responses. Give two examples of status codes indicating success and two indicating errors.

HTTP status codes provide a standardized way for the server to communicate the outcome of a request to the client. They indicate whether the request was successful, redirected, or encountered an error. Examples of success codes include 200 (OK) and 201 (Created). Examples of error codes include 400 (Bad Request) and 404 (Not Found).

Describe the potential performance drawbacks of a RESTful API architecture.

A potential performance drawback of a RESTful API is the overhead of multiple requests to fetch related data. Because REST is stateless, each request is independent and must contain all necessary information, which can lead to increased network traffic and latency compared to other approaches that allow for a single request with custom data retrieval.

Why is it considered bad practice to include spaces in URIs for APIs?

Spaces in URIs can cause issues because they are not always handled consistently across different systems and may require URL encoding, which can complicate matters. Using underscores or hyphens provides better compatibility and readability.

According to good API design principles, when should verbs be avoided in URIs?

Verbs should be avoided in URIs unless the resource represents an operation. URIs should generally represent nouns (resources) rather than actions. For example, /files/download is preferable to /downloadFiles because 'download' is an action.

Explain the API design principle of 'modularity' and why it's important.

Modularity involves splitting features into separate, well-defined APIs. This is important for security (e.g., separating download and delete functions), reusability, and maintainability because changes to one module are less likely to affect others.

Describe the key elements that should be included in API documentation to make it useful for developers.

Useful API documentation should include a description of the API's purpose, a list of parameters, the HTTP method used, the format of the request/response, potential results (including error scenarios), and examples of how to use the API.

How can feature reuse improve API design?

Feature reuse, in API design, involves exposing existing functionalities as APIs to avoid redundant code and to allow developers to build more complex features by combining simpler, pre-existing ones. For instance, an API for zipping can reuse a download API.

In the context of software quality assurance, what is the difference between 'specified requirements' and 'user/customer expectations'?

'Specified requirements' are the explicitly documented and agreed-upon functionalities and constraints of the software. 'User/customer expectations' are the implied needs and desires that users have, which may not be explicitly stated but are equally important for satisfaction. Meeting both is necessary for high-quality software.

According to McCall's Quality Model, what are the three main categories of quality factors?

McCall's Quality Model categorizes quality factors into Product Revision (maintainability, flexibility, testability), Product Transition (portability, reusability, interoperability), and Product Operation (correctness, reliability, usability, integrity, efficiency).

Explain the relationship between 'usability' and 'learning effort' in the context of software quality.

Usability refers to how easily and effectively users can interact with the software. Learning effort, such as training time, is a key aspect of usability. Software with high usability requires less learning effort because it is intuitive and easy to understand.

Why is 'integrity' an important factor in software quality, and provide an example of how it can be implemented?

'Integrity' refers to the protection of data and resources from unauthorized access or modification. It's important because it ensures the confidentiality and security of sensitive information. It can be implemented through access control mechanisms, such as role-based permissions (e.g., view-only access for certain users).

How do 'reliability' and 'maintainability' contribute to the overall quality of a software product?

'Reliability' ensures that the software performs consistently without failures, while 'maintainability' ensures that the software can be easily modified, fixed, and updated. High reliability reduces downtime and user frustration, while high maintainability reduces the cost and effort required to keep the software up-to-date and functional.

Explain why 'compliance' with certain quality factors might not be of interest to some clients.

Some quality factors, such as portability, may not be directly relevant to a client's immediate needs if they are not planning to transfer the software to different platforms. Clients may prioritize factors that directly impact their business, such as correctness, reliability, and usability.

Why is full verification of all software quality factors impossible, and how should organizations address this limitation?

Full verification is impossible due to resource constraints (time, budget, personnel) and the inherent complexity of software systems. Organizations should prioritize quality factors based on stakeholder needs and risks, focusing on the most critical aspects to ensure the software meets essential requirements within available resources.

Transform the ambiguous quality requirement "Salaries not late" into a specific, measurable requirement. Also, state which quality factor this pertains to.

Salaries calculated accurately and ready for disbursement five days before the end of each month. This pertains to the correctness quality factor.

Transform the ambiguous quality requirement "Working as much as possible" into a specific, measurable requirement. Also, state which quality factor this pertains to.

No failures between 9:00 AM and 4:00 PM on weekdays, with an average uptime of 99.9%. This pertains to the reliability quality factor.

Define a scenario where reusing APIs would greatly benefit a software project. Which API design principle would be most applicable here, and why?

Imagine a photo editing application needs to provide features like resizing, cropping, and applying filters. By using existing APIs for these functionalities, instead of building them from scratch, the development team can save significant time and resources. The Feature Reuse principle is most applicable here because it encourages leveraging existing APIs to enhance code efficiency and reduce redundancy.

Why is it important to consider intended users when documenting APIs?

Considering intended users helps determine the level of detail and types of examples needed in the documentation. For example, internal APIs might require less detailed documentation compared to public APIs meant for external developers with varying levels of expertise.

Flashcards

API Definition

Specification of components in terms of operations, inputs, and outputs, independent of implementation.

API Purpose

Allows implementation flexibility without affecting users and defines programmatic system boundaries.

REST Definition

An architectural style for web standards, enabling system communication.

RESTful API

Compliant with REST principles.

Stateless (REST)

Servers don’t maintain state between requests.

HTTP Definition

Application layer protocol for networking.

HTTP PUT

Create/Update

HTTP GET

Retrieve

HTTP POST

Send data

HTTP DELETE

Delete

HTTP GET (Safe)

No resource changes, though not enforced.

HTTP PUT/DELETE (Idempotent)

Same effect on repeat.

HTTP POST (Non-idempotent)

Repeat changes state.

JSON or XML

Structured, comprehensible formats for data.

Important HTTP Status Codes

200 (OK), 201 (Created), 400 (Bad Request), 401 (Unauthorized), 404 (Not Found).

SQA Definition

Measures characteristics like correctness, maintainability, etc.

IEEE Quality

Degree a system meets specified requirements and user/customer expectations.

Product Revision (McCall)

Maintainability, Flexibility, Testability.

Product Transition (McCall)

Portability, Reusability, Interoperability.

Product Operation (McCall)

Correctness, Reliability, Usability, Integrity, Efficiency.

Study Notes

• Application Programming Interfaces (APIs) specify components in terms of operations, inputs, and outputs, independent of implementation.
• APIs allow implementation flexibility without affecting users and define programmatic system boundaries.
• Programmers design, develop, and test APIs, thus API thinking enhances code quality.

Dropbox API Example

• The Dropbox API /download version 1 downloads a file from a user’s Dropbox.
• The URL is https://content.dropboxapi.com/2/files/download.
• Authentication requires user authentication and Dropbox-API-Select-Admin.
• The endpoint for downloads is Content-download.
• The required scope is files.content.read.
• The parameters for a download include the path, such as {"path": "/Homework/math/Prime_Numbers.txt"}.

Characteristics of a Good API

• An ideal API is easy to use, even without documentation, and hard to misuse.
• Readable and maintainable code supports a good API.
• A good API is powerful enough to meet requirements, easy to evolve, and appropriate for its audience.

Representational State Transfer (REST)

• REST is an architectural style for web standards, facilitating system communication through RESTful APIs.
• RESTful APIs are stateless, thus servers do not maintain state between requests improving scalability.

Other Protocols

• SOAP is XML-based, making it less human-readable and harder to write manually.
• GraphQL is a query language for APIs, allowing for custom data definitions.

REST Fundamentals

• Resources are accessed via URIs (Uniform Resource Identifiers).
• REST operates over HTTP (application layer protocol).
• HTTP is utilized for clear, universal resource manipulation in REST.

Hypertext Transfer Protocol (HTTP)

• HTTP is an application layer protocol for networking that uses CRUD operations.
• PUT is used to create or update data on a server.
• GET is used to retrieve information from a server.
• POST sends data to the server, often to update information.
• DELETE is used to remove information from a server.
• GET is considered a safe operation because it should not change the resource.
• PUT and DELETE are idempotent, meaning repeated calls have the same effect as a single call.
• POST is non-idempotent, as repeated calls can change the state, like placing multiple orders.

HTTP Format

• An HTTP request consists of a verb (e.g., GET), URI, HTTP Version, Header, and Body.
• An HTTP response includes the HTTP Version, Response Code, Header, and Body.
• The standardized format of HTTP simplifies its adoption.

Data Representation

• Data is commonly represented in JSON or XML formats.
• Representations can include complete resource data or sub-resources for partial data.
• Smaller representations can improve transfer speed.

HTTP Status Codes

• 200 (OK) indicates success.
• 201 (Created) confirms the resource was created.
• 202 (Accepted) means the request was accepted for processing.
• 204 (No Content) signals that the server successfully processed the request but is not returning any content.
• 205 (Reset Content) tells the client to reset the document view.
• 301 (Moved Permanently) indicates redirection.
• 400 (Bad Request) reports an issue with the request.
• 401 (Unauthorized) means authentication is required.
• 404 (Not Found) indicates the resource was not found.

VehicleVault Web Store Example

• VehicleVault's goals include getting a parts list, retrieving part details, and submitting purchase orders (PO).
• The RESTful design for listing parts uses GET http://www.vehiclevault.com/parts.
• Part details are accessed using GET http://www.vehiclevault.com/parts/00345.
• REST’s stateless nature enhances scalability and availability but can impact performance due to multiple requests.

API Design Principles

• Well-structured URIs should not contain spaces (use _ or - instead), be case-insensitive, and avoid verbs unless the resource is an operation.
• Reusable APIs follow common patterns.
• Modular APIs split features for security.

Documenting APIs

• Tools like Swagger are used for complex documentation. Simpler docs include parameters, functionality, and examples.
• API documentation should include the description, HTTP method, results, and intended users.

Prototyping: Online Shopping System (Python)

• A basic shopping system can be prototyped in Python without a database.
• Key features include mock login, adding/removing cart items, and displaying the total.
• The structure involves main.py (entry point), user.py (login logic), cart.py (cart operations), and products.py (hardcoded data).

Software Quality Assurance (SQA)

• SQA measures characteristics such as correctness and maintainability.
• IEEE quality considers whether a system meets specified requirements and user/customer expectations.
• McCall’s Quality Model focuses on product revision, transition, and operation.

McCall’s Quality Model Factors

• Usability refers to the learning effort (e.g., training time).
• Integrity concerns access control (e.g., view-only permissions).
• Efficiency is about resource use (e.g., transactions/sec).
• Correctness is the fulfillment of specifications (e.g., defects/KLOC).
• Reliability refers to failure probability (e.g., MTBF).
• Maintainability is the effort required for fixes (e.g., MTTC).
• Testability involves logs and backups.
• Flexibility measures the effort for modifications.
• Reusability concerns the potential for reuse.
• Portability is the effort to transfer the system (e.g., target systems).
• Interoperability is the effort to achieve coupling (e.g., app integration).
• Compliance is verified through reviews, inspections, and testing.
• Prioritization is based on stakeholder needs since full verification is impossible.