Sviluppo informatico application programming interface Giacomo Lanzi

Application programming interface: our User API

In the IT development process, sooner or later we come across API services, which stands for Application Programming Interface. To date it is impossible to imagine IT development without. With the API it is possible to connect a service to an application and integrate it efficiently. Before introducing the specific APIs of the Cloud Server service, it is good to know broadly what an API is and why they are so used in computer science.

What is an API and how does it work?

An Application Programming Interface is like an open language, whose rules are shared by a certain service. By teaching the rules of language to an application, it can communicate with the service and access all the functions and data that are available.

Speaking a little more formal: the API is an interface that allows an app to interact with an external service through a set of commands. It is not necessary to know the internal logic of the service, just use a simple command and the service will return the requested data.

I want to propose an analogy that can be useful to understand this tool. When you enter a restaurant and talk to a waiter, you can order the dishes, ask questions on the menu, ask for the bill and so on. This person is like a filter that separates you from all the complications behind the scenes. You won’t have to worry about dishes, ovens, staff or food reserves. The waiter becomes the interface that allows you to take advantage of all the services, without having to worry about how a restaurant works. Here, the waiter can be interpreted as the API of the restaurant.

The specific command, the request (or call) method and the syntax to be used, are information described in the documentation of the service that offers the application programming interfaces.

 

Purposes

Application programming interface and IT development

This powerful tool is now everywhere, so much so that often we do not even realize how many services we use via API. Mainly application programming interfaces are a great way to do one of the following:

Exchange of data
In the restaurant example, asking the waiter a question is like exchanging data. It would be like an answer to a question regarding the data made available.
Hide complex parts and perform operations
In the restaurant example, you don’t need to know how to cook a perfect lasagna, you will just order it. The request requires that the service provide a product, not simply raw data.
Extend functionality
For example, in mobile operating systems, widgets, which display useful information on the screen as part of the background, are used through APIs. The OS requires the app that provides the widget, all the information it needs to correctly show this functionality. This is also done via API.
Increase security
Since it is the OS that manages the authorizations for the use of the various hardware components, it is in charge of requesting the user for authorization to share a component. The SO is therefore responsible for the security and management of the data collected by the sensors of the mobile phone.
To learn more about the API topic, we share an explanation video from the Simply Explained channel.

Secure Online Desktop User API

Secure Online Desktop provides its User API to enable complete control of your account and services from your apps / systems. Through the HTTP REST API made available, it is also possible to resell the services with the white label formula, thus being able to brand the services in complete freedom.

HTTP REST API

This type of API is characterized by communication via HTTP protocol and compliance with architectural principles defined as REpresentational State Transfer. If the HTTP protocol and its communication methods are well known and widely understood, perhaps it is good to mention the REST principles.

In a university analysis published as a thesis by Roy Fielding, the principles for a software architecture that would allow us to see the Web as a distributed computing platform were analyzed. According to this analysis, which hypothesized a generic architecture, the Web was found to have all that is needed to be considered a perfect platform for distributed processing.

A set of API which respects the REST logic hypothesized in 2000 by Roy Fielding, is called RESTful API. Although the terms create confusion, in reality they perfectly reflect the concept that REST is not a technology or a language, but are simply guidelines that can be respected or not.

REST API explained

White Label

Our APIs are offered specifically to offer the possibility to our customers to offer our services in white label mode. This means that our services can be offered to the customers of our customers, without them realizing anything.

The practice of white label, in fact, consists precisely in offering products without brands, with the specific aim of encouraging the rebranding of the service. Another interesting advantage derived from the use of APIs.

Conclusions

In addition to the possibility of offering our services to your customers in white label, you can also use the API to implement the services directly in your apps, expanding the available development possibilities.

The APIs are offered with complete documentation of all the request methods offered. A multitude of different API calls are allowed including management of users, domains, DNS, virtual machines and much more.

Summarizing, through SOD’s HTTP REST API it is possible:

1. implement access to virtual machines, hypervisors, network, disks, backups and much more in their applications
2. offer our re-branded services to your customers

Request further information or advice.

 

Useful links:

Cloud Server Cloud API

Share


RSS

More Articles…

Categories …

Tags

RSS Dark Reading

RSS Full Disclosure

  • Backdoor.Win32.Delf.eg / Unauthenticated Remote Command Execution October 3, 2022
    Posted by malvuln on Oct 03Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022 Original source: https://malvuln.com/advisory/de6220a8e8fcbbee9763fb10e0ca23d7.txt Contact: malvuln13 () gmail com Media: twitter.com/malvuln Threat: Backdoor.Win32.Delf.eg Vulnerability: Unauthenticated Remote Command Execution Description: The malware listens on TCP port 7401. Third-party adversarys who can reach infected systems can issue commands made available by the...
  • Backdoor.Win32.NTRC / Weak Hardcoded Credentials October 3, 2022
    Posted by malvuln on Oct 03Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022 Original source: https://malvuln.com/advisory/273fd3f33279cc9c0378a49cf63d7a06.txt Contact: malvuln13 () gmail com Media: twitter.com/malvuln Threat: Backdoor.Win32.NTRC Vulnerability: Weak Hardcoded Credentials Family: NTRC Type: PE32 MD5: 273fd3f33279cc9c0378a49cf63d7a06 Vuln ID: MVID-2022-0646 Disclosure: 10/02/2022 Description: The malware listens on TCP port 6767....
  • Wordpress plugin - WPvivid Backup - CVE-2022-2863. October 3, 2022
    Posted by Rodolfo Tavares via Fulldisclosure on Oct 03=====[ Tempest Security Intelligence - ADV-15/2022 ]========================== Wordpress plugin - WPvivid Backup - Version < 0.9.76 Author: Rodolfo Tavares Tempest Security Intelligence - Recife, Pernambuco - Brazil =====[ Table of Contents]================================================== * Overview * Detailed description * Timeline of disclosure * Thanks & Acknowledgements * References =====[ […]
  • ZKBioSecurity 3.0.5- Privilege Escalation to Admin (CVE-2022-36634) October 1, 2022
    Posted by Caio B on Sep 30#######################ADVISORY INFORMATION####################### Product: ZKSecurity BIO Vendor: ZKTeco Version Affected: 3.0.5.0_R CVE: CVE-2022-36634 Vulnerability: User privilege escalation #######################CREDIT####################### This vulnerability was discovered and researched by Caio Burgardt and Silton Santos. #######################INTRODUCTION####################### Based on the hybrid biometric technology and...
  • ZKBiosecurity - Authenticated SQL Injection resulting in RCE (CVE-2022-36635) October 1, 2022
    Posted by Caio B on Sep 30#######################ADVISORY INFORMATION####################### Product: ZKSecurity BIO Vendor: ZKTeco ( https://www.zkteco.com/en/ZKBiosecurity/ZKBioSecurity_V5000_4.1.2) Version Affected: 4.1.2 CVE: CVE-2022-36635 Vulnerability: SQL Injection (with a plus: RCE) #######################CREDIT####################### This vulnerability was discovered and researched by Caio Burgardt and Silton Santos....
  • Backdoor.Win32.Augudor.b / Remote File Write Code Execution September 27, 2022
    Posted by malvuln on Sep 27Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022 Original source: https://malvuln.com/advisory/94ccd337cbdd4efbbcc0a6c888abb87d.txt Contact: malvuln13 () gmail com Media: twitter.com/malvuln Threat: Backdoor.Win32.Augudor.b Vulnerability: Remote File Write Code Execution Description: The malware drops an empty file named "zy.exe" and listens on TCP port 810. Third-party adversaries who can reach the infected […]
  • Backdoor.Win32.Psychward.b / Weak Hardcoded Credentials September 27, 2022
    Posted by malvuln on Sep 27Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022 Original source: https://malvuln.com/advisory/0b8cf90ab9820cb3fcb7f1d1b45e4e57.txt Contact: malvuln13 () gmail com Media: twitter.com/malvuln Threat: Backdoor.Win32.Psychward.b Vulnerability: Weak Hardcoded Credentials Description: The malware listens on TCP port 8888 and requires authentication. However, the password "4174" is weak and hardcoded in cleartext within the PE...
  • Backdoor.Win32.Bingle.b / Weak Hardcoded Credentials September 27, 2022
    Posted by malvuln on Sep 27Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022 Original source: https://malvuln.com/advisory/eacaa12336f50f1c395663fba92a4d32.txt Contact: malvuln13 () gmail com Media: twitter.com/malvuln Threat: Backdoor.Win32.Bingle.b Vulnerability: Weak Hardcoded Credentials Description: The malware is packed using ASPack 2.11, listens on TCP port 22 and requires authentication. However, the password "let me in" is weak […]
  • SEC Consult SA-20220923-0 :: Multiple Memory Corruption Vulnerabilities in COVESA (Connected Vehicle Systems Alliance) DLT daemon September 27, 2022
    Posted by SEC Consult Vulnerability Lab, Research via Fulldisclosure on Sep 27SEC Consult Vulnerability Lab Security Advisory < 20220923-0 > ======================================================================= title: Multiple Memory Corruption Vulnerabilities product: COVESA DLT daemon (Diagnostic Log and Trace) Connected Vehicle Systems Alliance (COVESA), formerly GENIVI vulnerable version:
  • Backdoor.Win32.Hellza.120 / Authentication Bypass September 20, 2022
    Posted by malvuln on Sep 19Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022 Original source: https://malvuln.com/advisory/2cbd0fcf4d5fd5fb6c8014390efb0b21_B.txt Contact: malvuln13 () gmail com Media: twitter.com/malvuln Threat: Backdoor.Win32.Hellza.120 Vulnerability: Authentication Bypass Description: The malware listens on TCP ports 12122, 21. Third-party adversarys who can reach infected systems can logon using any username/password combination....

Customers

Newsletter