I found So many Answers but haven't got one suits my (Basic) "Knowledge"
These are Troubling For me , kindly Guide me
I know what API is (from the local concept like GetCursorPos() winApi of user32.dll)
Q: what is WebApi ?
Ans : web API is a API which is exposed via the web
Q:what is WebService ?
Ans : is a software function provided at a network address over the web
My Doubts:
is a WebApi used to Achieve a Service through web ? Acess a WebService ?
What Differs WebService and Web API ?
The Following Makes me again Weird :
A Web services describes a standardized way of integrating Web-based applications using the XML, SOAP, WSDL and UDDI open standards over an Internet protocol backbone.
A web API is a development in web services where emphasis has been moving to simpler representational state transfer (REST) based communications
Then What is this Web API For ?
Also Seen that WebServices = API + Http ( Api refers to Web Api? )
What are Web Service API ?
Web Services:
To achieve the platform interoperability Web Services are being used, and it is a SOA based. It follows standards like WSDL,SOAP, UDDI and so on. WSDL passed through SOAP protocol and will be accessed by clients, by having stubs generated out of WSDL.
Web API:
Now a days a new paradigm of achieve the platform independent services are done by RESTful web services or Web API's. It rely on HTTP protocol, and these services will be accessed by HTTP clients like browser or a HTTP client code. WebAPI is an another name to describe these both client and server API's.
Hope it makes clear
Related
1) Is it possible using burp suite/ ZAP or any other web testing tools to find out
if an application is making calls to web services?
2) As SOAP web services reply in XML is it also possible to view the responses of
the HTML request to distinguish between use of REST web services?
Thanks
Yes, this is normally possible.
You need to configure the application to use the interactive proxy (Burp, Zap, etc.) as its proxy. Most applications will use your system proxy settings.
Once the proxy is configured, you can see a full history of HTTP interactions (in Burp: Proxy > HTTP History). This includes requests and responses, which will clearly indicate a SOAP or REST service.
I have created an android application that calls (using kSOAP library) a SOAP based web service (developed in java, netbeans) over the intranet.
Now i want to make the application live, so this will require my web service to be exposed on the internet.
I have following questions...
How do i make sure that no one knows about the web service link except my android application
No one is able to call the web service except my android application
The data transferred between android application and web service is secure and encrypted
What kind of authentication mechanism should be used
I'm new to web services security so forgive me if my questions are dumb :)
This is impossible. Anyone having your app might use a traffic analyzer like wireshark and see all the requests it makes.
Sign each request you app makes(add some soap header) and check the signature on the server side
Use HTTPS
How to do authentication using SOAP?
I've started learning about webservices recently. Have few question about that:
For webservice, is it always necessary that source should provide wsdl or any other way possible to consume it without needing wsdl?
Till a while ago, I was doing server side XMLhttp post in classic ASP to do modifications in external application & to push data in my application from external application. I'm confused - is that very different from webservice or can be called a sort of webservice(ofcourse without based on SOAP). Any major difference or it is just protocol difference bw webservice and server side XMLhttp post?
Web services can be made asynchronous?(Something like AJAX call through javascript)
Are there any different types of webservices ? (for e.g is there difference bw, webservice providing stock quotes and webservice provided by google)
1.For webservice, is it always necessary that source should provide wsdl or any other way possible to consume it without needing wsdl?
WSDL is a document that publishes an interface. As long as a client complies to the inteface, it is guaranteed to be able to "talk" to the web service. Having said that WSDL is a formal way for a specification when there are many stakeholders. You can proceed without one, as long as you somehow know what the web service expects. Just wrap the application data in a SOAP envelope and send it to the web service. As long as you send what the web service expects (in the SOAP envelope or the application data) and in the way they are expected e.g. transport HTTP etc. it does not matter for the WS if you have used a WSDL or not.
2.Till a while ago, I was doing server side XMLhttp post in classic ASP to do modifications in external application & to push data in my
application from external application. I'm confused - is that very
different from webservice or can be called a sort of
webservice(ofcourse without based on SOAP). Any major difference or it
is just protocol difference bw webservice and server side XMLhttp
post?
In very simple terms web service is XML over some application protocol (usually HTTP). Could be SOAP based or REST. To understand more on this you should read about Service Oriented Applications
3.Web services can be made asynchronous?(Something like AJAX call through javascript)
They could but it is more complicated than that.
4.Are there any different types of webservices ? (for e.g is there difference bw, webservice providing stock quotes and webservice
provided by google)
Not sure what you ask here. Each web service offers something.
I will try to be very simple here:
The W3C defines a "Web service" as "a software system designed to
support interoperable machine-to-machine interaction over a network".
That means first requisite for any software to be web-service is that it should not depend upon platform or software i.e a web service made on java stack can be consumed by client in .net stack on windows or java stack on android.
If your server side implementation XMLhttp post suffice this ,its a
web service.
Types of Web services
Actually, there is no overall and clear categorization on types of web services. But two most popular are :
SOAP based web services. :It use XML messages that follow the Simple Object Access Protocol (SOAP) standard, an XML language defining a message architecture and message formats(WSDL).
REST based web services. With evolution of WEb 2.0 emphasis has been moving away from SOAP based services towards representational state transfer (REST) based communications.[3] REST services do not require XML, SOAP, or WSDL service-API definitions.Read here to get a easy explanation of REST
Need of WSDL to consume SOAP web services?
To consume a SOAP service we only require SOAP endpoint and XML message format. WSDL is a pre-requisite for automatic client side code generation through Java and .NET SOAP frameworks.
Asynchronous web services
Making web services asynchronous is possible.But complexity depends upon frameworks used, for example AXIS2 in JAVA has easy implementation of this.
I am new to services. I am sorry for my question being a little theoretical. On a site I was reading about SOAP, they said it works over internet.
Can we use SOAP based services in intranet environment ?
Can we use HTTP over intranet or it is just a internet protocol ?
Please guide.
You can use SOAP over any TCP network. This could be internet or intranet. SOAP is an interoperable protocol over HTTP. And HTTP works over TCP. So everywhere you have HTTP you can have SOAP. Basically SOAP is a protocol which allows for heterogeneous systems to communicate using an industry defined standards.
And note that SOAP is getting less attention lately compared to REST which is starting to gain lots of momentum.
SOAP is a service supported by a server/web service. You can even use SOAP to translate data between two services on the same server box that have no other form of API.
I have a Axis2 web service secured using Rampart. I do want to develop secure clients for it, preferably JAX-WS based. I tried a lot of tutorials but they are so closed tied with each other, like including Axis2 libraries in the client side. The client should be fairly independent of the WS service framework, as the service can be consumed by .NET based clients or even PHP based clients.
Thanks in advance...
As I understand it, you would want to be able to feed the policy defined for your Rampart secured web service into your JAX-WS client.
That ought to be doable. As you say-- the idea is to be able to execute different client and server technologies, standardized around WSDLs...
We're only just getting into this - so I don't have any hands on knowledge for you.
But I would think you should be able to copy the policy info for your rampart on the server in the services.xml file and put it in your client.
This seemed pretty helpful:
https://metro.dev.java.net/guide/
Sections 12 and 18 in particular.