Three Tips for Efficient REST API Usage

What is a REST API?

REST is a stateless, cacheable client-server communication protocol and stands for Representational State Transfer (ReST). It is an architecture style for designing networked applications that uses simple HTTP requests to make calls between machines. This approach makes it easier to have direct communication between devices, rather than implementing complex mechanisms like COBRA, SOAP or RPC. Applications that are using REST as the standard way to communicate are called RESTful applications. These applications are using HTTP requests to create, read, update and delete data (CRUD operations).

REST implements the classic server-client approach. The client requests something from the server, the server receives the request, and the server processes the information and returns an answer.

Tip 1: Choose a Client

Once you've decided to use a REST API, what steps should you take next? I would say that this is the first step anyone should do when planning to work with an API - get an API client and start playing around with the API. It is important to use a client if you want to be able to test REST calls without writing any code. To quickly evaluate an API, I recommend Postman; it's a very good application, with tons of features embedded in the free version (although the full version is definitely worth the investment!).

The REST API is platform agnostic, so you don't need to worry about the OS or the programming language. If all you have is the documentation of the API and the code examples are not in the programming language of your choice, Postman will generate code samples for you in the most frequently used languages. Remember, this is just code sample, not a library. You will still need to organize your code and modify it to suit your purposes, but it's a great starting point.

Sample Languages Available with Postman

Using Postman With Metascan Online

Let's take a look at the Metascan Online REST API as a real-world example. If you want to learn more, you can review the documentation for the Public API. The example below takes a look at one of the actions you can do on Metascan Online - scanning a file.

You can get most of the information you need by reading the Metascan Online API documentation. To obtain an API key, you can check out the About section from the Public API. Once you register, you will be able to get an API key within minutes.
If you are using Postman, you should create a collection and save all of your requests. Keep in mind that you can add folders, which should make it easy to organize requests. Also, create an environment and add most of the fields from above as variables in the environment. All the data that is not volatile should be added in the Environment variables. Keeping everything clean and organized will help you in the future, when you will start to play with more advanced features.

Now, it's request time! If you have set up everything correctly on Postman, it should look something like this:

Under the URL input, you will see a navigation bar. The selected item is now "Headers", where we already have set parameters. Now, it is time to attach the file to our request. To do this, go to "Body" and put in your raw data or select a binary. Hit the big blue "Send" button! You should now be able to see the response:

To retrieve the actual scan report, according to the documentation, you should make a GET request to the rest_ip with the received data_id: /v2/file/:

Once you hit send, you will be able to see the scan result or at least the progress of the result:

Tip 2: Chain the Requests

As you can see in the previous example, there are cases when you will need to chain the requests. For connected calls, you should wait for the response from the first request (scan file will return the server id and the data id), in order to perform the second request (retrieving the scan report based on the data id and server id). Postman offers support for chaining the requests, so you don't have to do everything manually.

Tip 3: Collect Your Requests for Future Use

The IT community is moving towards an inter-apps relationship. This means that they are no longer committed to using just one solution for every task, instead focusing on finding the best possible solution for a specific task. Keeping that in mind, it can be time-consuming to have to go to each solution to grab some data and then paste it in another software. It's not scalable, right? It's much easier to have an automatic process, like chaining the requests above. For an automatic process, independent solutions need to be able to communicate to one another. This is where the API comes to the rescue. Many modern web applications are trying to define a public robust API, and will most likely have an internal one.
The best thing to do is to have each API saved in a different collection for future reference. This way you will be able to check all of the integrations you have, or plan to have in the future.

With these three tips, you can explore making use of REST APIs, while avoiding issues with code compatibility and common organizational problems that might otherwise have slowed you down.

Sign up for Blog updates
Get information and insight from the leaders in advanced threat prevention.