HTTP:
For Hypertext Transfer Protocol, use an HTTP. Communication between various communication systems is facilitated via the HTTP protocol.
The web server transmits the user's requested data in the form of web pages when the user submits an HTTP request through the browser.
The HTTP protocol enables us to send data from the server to the client, to put it briefly.
Above the TCP layer is the application layer protocol known as HTTP. It has given web browsers and servers some common guidelines that they can use to communicate between themselves.
The HTTP transmits the data over port number 80.
HTTP Request and its methods:
HTTP defines a set of request methods to indicate the desired action to be performed for a given resource.
When an HTTP client sends an HTTP request to a server in the form of a request message which includes the following format:
GET: For retrieving information from the given server using a given URI.
HEAD: Quite similar to GET, except it transfers the status line and the header section only.
PUT: Replaces all the current content of the target resource with the uploaded content.
POST: To send data to the server.
DELETE: Replace all the information of the target resource given by URI.
CONNECT: Establishes a tunnel to the server identified by a given URI.
OPTIONS: Distinguish the communication options for the target resource.
TRACE: Performs a message loop back test along with the path to the target resource.
normal get request
- normal post request
HTTP Response
HTTP response status code indicates whether a specific HTTP request has been completed.
they are grouped into five classes:
informational responses (100 - 199)
e.g 103 -> Early hints -> this status code is primarily intended to be used with the link header, letting the user agent preload resources while the server prepares a response.
successful responses (200 - 299)
e.g 202 -> Accepted -> request has been received but not yet acted upo
redirection messages (300 - 399)
e.g 303 -> Moved permanently -> The URL of the requested resource has been changed permanently. The new URL is given in the response.
client error responses (400 - 499)
e.g 400 -> Bad requested -> The server cannot or will process the request due to something that is perceived to be a client error (e.g., malformed request syntax, deceptive request routing).
server error responses (500 - 599)
e.g 500 -> Internal server error -> The server has encountered a situation it does not know how to handle.
HTTPS
HTTP is an abbreviation of HyperText Transfer Protocol Secure.
It is a secure extension or version of HTTP.
This protocol is mainly used for providing security to the data sent between a website and the web browser.
It is widely used on the internet and used for secure communications. This protocol uses the 443 port number for communicating the data.
This protocol is also called HTTP over SSL because the HTTPS communication protocols are encrypted using the SSL (Secure Socket Layer).
By default, it is supported by various web browsers.
Those websites which need login credentials should use the HTTPS protocol for sending the data.
Why HTTPS over HTTP
HTTPS is more secure than HTTP as the data which is transferred in HTTPS is encrypted i.e., ciphertext.
There is no encryption technique in HTTP whereas HTTPS has encryption technique.
The S in HTTPS stands for "secure." HTTPS uses TLS (or SSL) to encrypt HTTP requests and responses.
All about API
APIs are mechanisms that enable two software components to communicate with each other using a set of definitions and protocols.
For example, the weather bureau’s software system contains daily weather data. The weather app on your phone “talks” to this system via APIs and shows you daily weather updates on your phone.
API architecture is usually explained in terms of client and server.
The application sending the request is called the client, and the application sending the response is called the server.
Four different ways that APIs can work:
Remote Procedure Call (RPC) style: In this style of API, the client sends a request to the server to execute a specific function or procedure. The server processes the request and returns a response. This style of API is similar to making a function call in a programming language.
Representational State Transfer (REST) style: In this style of API, the client requests to a specific endpoint on the server, and the server returns a representation of the requested resource. The client can also submit changes to the resource by sending a request to the appropriate endpoint. This style of API is based on the principles of REST, which is a set of architectural constraints for building web services.
SOAP API: It is a protocol for exchanging structured data in the implementation of web services, typically over HTTP or HTTPS.
WebSocket API: It is a protocol for real-time, bidirectional communication between a client and a server over a single, long-lived connection, that enables low-latency communication.
APIs should be migrated to HTTPS because it provides a more secure way of transmitting data between the client and the server.
HTTPS encrypts the data being transmitted, making it more difficult for an attacker to intercept the communication.
Additionally, HTTPS uses certificates to authenticate the server and the client, which helps to prevent impersonation attacks.
Migrating APIs to HTTPS
Migrating an API from HTTP to HTTPS involves a few steps:
Obtain an SSL/TLS certificate: This is a digital certificate that is used to establish a secure connection between the client and the server. You can obtain a certificate from a certificate authority (CA) or use a free one from Let's Encrypt.
Update your server configuration: Once you have your certificate, you will need to configure your web server to use it. This typically involves specifying the location of the certificate and private key files, as well as configuring the server to listen on port 443 (the default port for HTTPS) instead of port 80 (the default for HTTP).
Update your application code: If your application is hardcoded to use HTTP, you will need to update it to use HTTPS. This may involve changing the URLs used in your application, as well as any redirects or links that point to your API.
Test your application: Before deploying your changes to production, it's a good idea to thoroughly test your application to make sure that everything is working as expected. This includes testing the SSL/TLS handshake and encryption, as well as testing all of the endpoints and functionality of your API.
Update your API documentation: It's important to update any documentation or developer resources related to your API to reflect the change to HTTPS. This includes updating the base URL of your API and any examples or code snippets to use the HTTPS protocol.
Update any clients using your API to use HTTPS: any apps, websites, or systems that consume your API will also need to be updated to use HTTPS.
It's important to note that migrating to HTTPS may have an impact on the performance of your API, as the SSL/TLS encryption adds an additional overhead. To minimize this impact, consider using an HTTP/2 or QUIC protocol that uses the same encryption as HTTPS but is more efficient.
What is the correlation then?
HTTP (Hypertext Transfer Protocol) and HTTPS (HTTP Secure) are protocols used for transferring data over the internet.
HTTP is used for unsecured communication, while HTTPS uses SSL or TLS encryption to secure the communication.
An API (Application Programming Interface) is a set of rules and protocols that allows different software systems to communicate with each other.
APIs can use HTTP or HTTPS as the communication protocol for sending and receiving data between the systems.
In other words, an API allows different software systems to talk to each other over the internet using HTTP or HTTPS as the language they speak.