The core working of the internet is based on the idea of client / server communication. The client is anything close to the user (a web browser, an app, a terminal with ssh) and a server that can respond to client queries.
Clients can talk to servers via a variety of protocols. The protocols are just a way for the client and server to agree on how to send data back and forth. Its like you and I talking. We can agree that we use English and with a friend of mine I can use Hindi.
Different Client / Server protocols include:
- HTTP
- FTP
- SSH
- WebSockets
- What are HTTP headers?
- What is the difference between a request and a response header?
- What are HTTP methods? (Get, put, post delete)
- What does
content-type
header do? - What does
Accepts
do?
The server can either respond with html (giving a specific view representing the data) or with just raw data (JSON or XML) and leave the actual view to the client.
In the modern world, APIs are becoming more useful because we have so many different kinds of clients (web browsers, apps, etc)
You can pass data to the API via the same mechanisms as passing data to a server. This includes:
http://mysite.com/api/?book_id=1&chapter_id=1
Anything after the ? in the URL is considered querystring data and can be understood by the server. You send the data in pairs and break the pairs with the &
symbol.
This is only used for GET and PUT requests. There is a limit to how much data you can send in query string (though the RFC doesn't mention that). Thats because when you add query string data, the URL keeps growing and different browsers have limits on that max length.
You should never be sending a lot of data via query strings. If you are trying to send a lot of data that means you are creating data not really "filtering by a parameter" so you should be using POST and POST data
[chatscript_start]
How would you pass the zipcode and city as parameters to an API ?
[chatscript_end]
If you are using HTTP POST, you can use the POST data field to make the request.
See here
How do you secure an API to allow only certain clients have access to it? You can use simple authentication mechanisms built into HTTP
For example Basic Auth where you can send an encrypted version of username and password in the Authorization
HTTP header)
Never trust a client machine, so this method is kinda unfavorable. Using