Hacking APIs [Corey J Ball] (pdf) читать постранично, страница - 20
- Hacking APIs [Breaking Web Application Programming Interfaces] 23.6 Мб, 363с. скачать: (pdf) - (pdf+fbd) читать: (полностью) - (постранично) - Corey J. Ball
Книга в формате pdf! Изображения и текст могут не отображаться!
[Настройки текста] [Cбросить фильтры]
single entry
point (URL) using the POST method. In a GraphQL request, the body of
the POST request is what the provider processes. For example, take a look
at the GraphQL request in Listing 2-3 and the response in Listing 2-4,
depicting a request to check a store’s inventory for graphics cards.
POST /graphql HTTP/1.1
HOST: graphql-shop.com
Authorization: Bearer ab4dt0k3n
{query1 {
inventory2 (item:"Graphics Card", id: 00101) {
name
fields3{
price
quantity} } }
}
Listing 2-3: An example GraphQL request
HTTP/1.1 200 OK
Content-Type: application/json
Server: GraphqlServer
The Anatomy of Web APIs
35
{
"data": {
"inventory": { "name": "Graphics Card",
"fields":4[
{
"price":"999.99"
"quantity": 25 } ] } }
}
Listing 2-4: An example GraphQL response
As you can see, a query payload in the body specifies the information
needed. The GraphQL request body begins with the query operation 1,
which is the equivalent of a GET request and used to obtain information
from the API. The GraphQL node we are querying for, "inventory" 2, is
also known as the root query type. Nodes, similar to objects, are made up
of fields 3, similar to key/value pairs in REST. The main difference here is
that we can specify the exact fields we are looking for. In this example, we
are looking for the “price” and “quantity” fields. Finally, you can see that
the GraphQL response only provided the requested fields for the specified graphics card 4. Instead of getting the item ID, item name, and other
superfluous information, the query resolved with only the fields that were
needed.
If this had been a REST API, it might have been necessary to send
requests to different endpoints to get the quantity and then the brand of
the graphics card, but with GraphQL you can build out a query for the specific information you are looking for from a single endpoint.
GraphQL still functions using CRUD, which may sound confusing at
first since it relies on POST requests. However, GraphQL uses three operations within the POST request to interact with GraphQL APIs: query,
mutation, and subscription. Query is an operation to retrieve data (read).
Mutation is an operation used to submit and write data (create, update, and
delete). Subscription is an operation used to send data (read) when an event
occurs. Subscription is a way for GraphQL clients to listen to live updates
from the server.
GraphQL uses schemas, which are collections of the data that can be
queried with the given service. Having access to the GraphQL schema is
similar to having access to a REST API collection. A GraphQL schema will
provide you with the information you’ll need in order to query the API.
You can interact with GraphQL using a browser if there is a GraphQL
IDE, like GraphiQL, in place (see Figure 2-2).
Otherwise, you’ll need a GraphQL client such as Postman, ApolloClient, GraphQL-Request, GraphQL-CLI, or GraphQL-Compose. In later
chapters, we’ll use Postman as our GraphQL client.
36
Chapter 2
Figure 2-2: The GraphiQL interface for GitHub
SOAP: AN AC TION- ORIENTED API FORMAT
Simple Object Access Protocol (SOAP) is a type of action-oriented API that
relies on XML. SOAP is one of the older web APIs, originally released as XMLRPC back in the late 1990s, so we won’t cover it in this book.
Although SOAP works over HTTP, SMTP, TCP, and UDP, it was primarily
designed for use over HTTP. When SOAP is used over HTTP, the requests are
all made using HTTP POST. For example, take a look at the following sample
SOAP request:
POST /Inventory HTTP/1.1
Host: www.soap-shop.com
Content-Type: application/soap+xml; charset=utf-8
Content-Length: nnn
1
3
ThebestSOAP
The corresponding SOAP response looks like this:
HTTP/1.1 200 OK
Content-Type: application/soap+xml; charset=utf-8
Content-Length: nnn
(continued)
The Anatomy of Web APIs
37
4
soap:VersionMismatch
point (URL) using the POST method. In a GraphQL request, the body of
the POST request is what the provider processes. For example, take a look
at the GraphQL request in Listing 2-3 and the response in Listing 2-4,
depicting a request to check a store’s inventory for graphics cards.
POST /graphql HTTP/1.1
HOST: graphql-shop.com
Authorization: Bearer ab4dt0k3n
{query1 {
inventory2 (item:"Graphics Card", id: 00101) {
name
fields3{
price
quantity} } }
}
Listing 2-3: An example GraphQL request
HTTP/1.1 200 OK
Content-Type: application/json
Server: GraphqlServer
The Anatomy of Web APIs
35
{
"data": {
"inventory": { "name": "Graphics Card",
"fields":4[
{
"price":"999.99"
"quantity": 25 } ] } }
}
Listing 2-4: An example GraphQL response
As you can see, a query payload in the body specifies the information
needed. The GraphQL request body begins with the query operation 1,
which is the equivalent of a GET request and used to obtain information
from the API. The GraphQL node we are querying for, "inventory" 2, is
also known as the root query type. Nodes, similar to objects, are made up
of fields 3, similar to key/value pairs in REST. The main difference here is
that we can specify the exact fields we are looking for. In this example, we
are looking for the “price” and “quantity” fields. Finally, you can see that
the GraphQL response only provided the requested fields for the specified graphics card 4. Instead of getting the item ID, item name, and other
superfluous information, the query resolved with only the fields that were
needed.
If this had been a REST API, it might have been necessary to send
requests to different endpoints to get the quantity and then the brand of
the graphics card, but with GraphQL you can build out a query for the specific information you are looking for from a single endpoint.
GraphQL still functions using CRUD, which may sound confusing at
first since it relies on POST requests. However, GraphQL uses three operations within the POST request to interact with GraphQL APIs: query,
mutation, and subscription. Query is an operation to retrieve data (read).
Mutation is an operation used to submit and write data (create, update, and
delete). Subscription is an operation used to send data (read) when an event
occurs. Subscription is a way for GraphQL clients to listen to live updates
from the server.
GraphQL uses schemas, which are collections of the data that can be
queried with the given service. Having access to the GraphQL schema is
similar to having access to a REST API collection. A GraphQL schema will
provide you with the information you’ll need in order to query the API.
You can interact with GraphQL using a browser if there is a GraphQL
IDE, like GraphiQL, in place (see Figure 2-2).
Otherwise, you’ll need a GraphQL client such as Postman, ApolloClient, GraphQL-Request, GraphQL-CLI, or GraphQL-Compose. In later
chapters, we’ll use Postman as our GraphQL client.
36
Chapter 2
Figure 2-2: The GraphiQL interface for GitHub
SOAP: AN AC TION- ORIENTED API FORMAT
Simple Object Access Protocol (SOAP) is a type of action-oriented API that
relies on XML. SOAP is one of the older web APIs, originally released as XMLRPC back in the late 1990s, so we won’t cover it in this book.
Although SOAP works over HTTP, SMTP, TCP, and UDP, it was primarily
designed for use over HTTP. When SOAP is used over HTTP, the requests are
all made using HTTP POST. For example, take a look at the following sample
SOAP request:
POST /Inventory HTTP/1.1
Host: www.soap-shop.com
Content-Type: application/soap+xml; charset=utf-8
Content-Length: nnn
1
3
ThebestSOAP
The corresponding SOAP response looks like this:
HTTP/1.1 200 OK
Content-Type: application/soap+xml; charset=utf-8
Content-Length: nnn
(continued)
The Anatomy of Web APIs
37
4
soap:VersionMismatch
Последние комментарии
1 день 2 часов назад
1 день 10 часов назад
2 дней 1 час назад
2 дней 5 часов назад
2 дней 5 часов назад
2 дней 5 часов назад