"API" is an acronym for Application Programming Interface. It is a name used to refer to a special framework some web applications or services provide which allows a user to connect to the system and perform some number of discrete actions such as running functions, requesting data, or updating information.
An "action" is the part of an API's URL "anatomy" that describes or names a function that is available for a user to invoke.
An authorization code passed in to an API request via a header or parameter to identify the requester.
Identifying the user of the API. Common techniques for authentication include API Keys and OAuth.
The base URL or base location is the consistent part of a URL. Most programs or applications allow you to specify a base URL to use for all relative URLs to construct an absolute URL.
A collection of responses that are reused by the client to improve performance.
Another name for a "request" or a communication sent by a user to the API, in the form of a URL string, which invokes a specific action on one particular endpoint, and may also include additional parameters or values.
The initiating party that sends an API request. Often times there will be many clients consuming the same API.
One of the four most common HTTP methods, typically used for removing records from a system.
The act of converting of obfuscating the original representation of something using an algorithm or sequence of steps that change the representation into something else entirely. Encryption may be one-way (meaning that once applied, it cannot be undone) or two-way (meaning that once applied, it can be undone).
Part of an API's URL "anatomy" that describes or names the domain of objects or functions that can be manipulated or invoked by calling specific actions available under the endpoint.
A header that tells the client it may cache a response until a certain time.
An algorithm that uses a pre-defined process to gradually, multiplicatively decrease the rate of a given operation to find a more acceptable rate.
One of the four most common HTTP methods, typically used for retrieving or querying records from a system.
A single value (i.e., string, number, etc.) or potentially a combined/concatenated set of values that have been encrypted.
Header containing the domain name of the request URL.
An acronym for Hyper-Text Transport Protocol. It is one of the key architectural components behind how web-based content on the internet is accessed through web browsers.
An acronym for Hyper-Text Transport Protocol Secure. It is the same in principle and function as HTTP, but exists when data transmitted via HTTP is encrypted before it is sent between two communicating entities (i.e., a user requesting information from a web server).
The time it takes for the API request to go from the request to the response.
Identifier used to indicate the type of data that a file contains.
HTTP provides support for several methods which each describe a type of result a user might want to achieve through a given communication with a web server or API. The four most common methods are: GET (for retrieving data), PUT (for inserting data), POST (for updating data), and DELETE (for removing data).
Open standard authorization framework. Grants access on behalf of an end-user without directly sharing credentials.
A parameter is like a variable added to an API request that provides additional information, instruction, or the necessary value the target action is supposed to utilize.
One of the four most common HTTP methods, typically used for updating existing records in a system.
A defined way of transferring data between peers.
An intermediary for requests from clients and servers providing resources.
Public/Private Key Encryption
Public/private key encryption is a form of encryption whereby a value (i.e., string, number, record of information, etc.) someone wishes to allow others to prove the authenticity of (i.e., proving it came from the original person) is encrypted using a one-way hashing algorithm. This hash is created using a non-secret value (the public key) as well as a second secret value (the private key) which is known only to the party encrypting the information and given to any party who wishes to validate the authenticity of the information. The receiving party will get a copy of the original data and the public key. If this party also knows the private key, they will be able to re-create the hash value thereby proving it is authentic.
One of the four most common HTTP methods, typically used for inserting or creating records into a system.
Limiting the consumption of an API to a certain number of requests per period of time.
Data that describes the state of a resource. Often the body of an HTTP request/response.
A name for the combination of an endpoint and action in an API's URL anatomy.
The data that an API sends back to a client after it is called. The format of an API response is usually XML or JSON.
An acronym for Representational State Transfer. It is a form of software architecture that is primarily used for web service design. The World Wide Web (WWW) is itself based on REST.
The call or a communication sent by a client to an API, in the form of a URL string, which invokes a specific action on one particular endpoint, and may also include additional parameters or values.
Software or hardware that provides a service by responding to requests across a network.
An acronym for Simple Object Access Protocol. It is a form of software architecture used for web service design, like REST.
HTTP response status codes are what the server sends in the response back to the client with regards to the status of the request.
A set of conditions or variables under which a tester will determine whether an application or software system is working correctly or not.
An acronym for Uniform Resource Locator. The URL is the unique address for any object or function that can be accessed or invoked on the web.
A description of a particular use of the system by an actor or user. It is used widely in developing tests at system or acceptance level. Use case testing is a technique that helps identify test cases that cover the entire system on a transaction by transaction basis from start to the finishing point.
A header which lets the server know what kind of software is making the request. It contains information about the user agent originating the request. This header should be used for statistical purposes or automated user agent recognition to handle the particular software limitations.
Web Service is a more generic name than API for referring to a special framework some web applications provide which allows a user to connect to the system and perform some number of discrete actions such as running functions, requesting data, or updating information.
An acronym for Extensible Markup Language. It is a language used for providing information as well as describing that information, such that programs can interpret data without really understanding the data itself.