New type of check: Rest API Check

An Application Programming Interface (API) token is a security mechanism used to control and authenticate access to an Application Programming Interface (API). APIs enable software applications to communicate with each other and exchange data. API tokens serve as a form of identification and authorization to ensure that only authorized applications or users can access a specific API.

In general, an API token works by providing a unique key that is sent with every API request. This key is used to verify the identity of the caller and ensure that they have the necessary permissions to access the desired resources.

There are different types of API tokens including:

1. API Key: A simple key that is often sent as a parameter in the request or in the header.

2. OAuth Token: Uses the OAuth protocol for authentication and authorization. It allows for finer control over permissions and is often used to access protected resources.

3. JWT (JSON Web Token): A compact, self-describing token format typically used to transfer claims between parties. It can also be used as an API token.

The use of API tokens helps increase security by ensuring that only authorized parties can access the API, while enabling efficient and flexible integration of applications.

A “REST API check” refers to checking a RESTful API (Representational State Transfer Application Programming Interface) for its availability, functionality and conformity to the defined standards. REST is an architectural style for developing web services that manipulates resources through standardized HTTP methods (such as GET, POST, PUT, and DELETE).

A REST API check can include various aspects:

1. Endpoints and Resources: Review of available API endpoints and the resources provided by those endpoints. This includes checking GET requests to ensure that the expected data is returned.

2. HTTP Methods: Verification of support and correct use of various HTTP methods such as GET, POST, PUT and DELETE according to API specifications.

3. Parameter validation: Verifying that the API endpoints correctly respond to requests with the required parameters and are able to properly handle invalid or missing parameters.

4. Authentication and Authorization: Verification of authentication and authorization to ensure that only authorized users or applications can access protected resources.

5. Status Codes: Checking the returned HTTP status codes to ensure they comply with the API specifications. For example, successful requests should return status code 200 (OK).

6. Response data format: Check the format of the returned data, such as JSON or XML, to ensure that it meets expectations.

7. Error Handling: Review error handling to ensure that the API returns appropriate error messages when unexpected situations occur.

REST API checks are often used as part of API monitoring to ensure that an API is functioning properly and delivering expected results. This is particularly important in distributed application landscapes where different services communicate with each other.

There are various tools and services specifically designed for testing REST APIs that can perform automated checks. These checks can also be integrated into Continuous Integration (CI) and Continuous Deployment (CD) processes to ensure that changes to an API do not negatively impact its functionality.