What are HTTP and HTTPS?

The Hypertext Transfer Protocol (HTTP) is the foundation of communications on the internet. It is the protocol that enables communication between websites, web browsers, and web servers. HTTP is used for transferring data between clients and servers, and it is the protocol that is used to access websites.

The Hypertext Transfer Protocol Secure (HTTPS) is an extension of the HTTP protocol that adds an extra layer of security in communications between clients and servers. HTTPS provides encryption of data between the two parties and is most commonly used for secure transactions such as payments, or to protect confidential information.

Source

How does this work?

A Computer Network connects two devices such as your mobile and a web server. To standardize a connection for all devices, the ISO came up with the OSI Model of Computer Networking. The Open Systems Interconnection (OSI) model describes seven layers that computer systems use to communicate over a network.

Source

End-user applications like web browsers and email clients operate at the application layer. It offers protocols that let computer software send and receive data and give users useful information. The HTTPS Protocol is a part of the Application Layer.

HTTP handles two types of methods

1. HTTP Request

2. HTTP Response

HTTP Request

HTTP requests are messages sent by the client to initiate an action on the server. A request comprises of three parts -

1. Start Line - which includes the HTTP Method like GET or POST ,the request target(usually a URL) and the HTTP version (1.x or 2)

2. Headers - a word followed by a colon ( : ) and it's value

3. Body - Not needed often, but some requests send data to the server in order to update it: as often the case with POST requests (containing HTML form data) which require a body.

Source

HTTP Response

They are the responses received based on the request sent. It also has three parts-

1. Status Line - The start line of an HTTP response, It contains a protocol version, a status code( like 200, 404, 403) and coressponding status text (OK, Not Found, Forbidden)

2. Header - which is similar to Request Header.

3. Body - which is similar to Request Body

Source

The S in SSL and HTTPS

The S in SSL and HTTPS stands for secure.

Secure Sockets Layer, or SSL, is the industry-standard technology for maintaining a secure internet connection and protecting any sensitive data being communicated between two computers. It does this by stopping attackers from accessing and altering any information transferred, including sensitive personal details. This is accomplished by ensuring that any data sent between users and websites or between two systems remains unreadable. In order to prevent hackers from accessing data as it is sent over the network, it scrambles it using encryption methods.

"Invisible to the end-user, a process called the “SSL handshake” creates a protected connection between your web server and web browser nearly instantaneously every time you visit a website. Websites secured by a SSL certificate will display HTTPS and the small padlock icon in the browser address bar. SSL certificates are used to protect both the end users’ information while it’s in transfer, and to authenticate the website’s organization identity to ensure users are interacting with legitimate website owners." ~ DigiCert

Source

What is an API and how does it fit in all of this?

An API (Application Programming Interface) is a set of rules and protocols that allows different software applications to communicate with each other. APIs enable developers to access the functionality of an application or service without having to know how the underlying code works. For example, a developer might use an API to access data from a social media platform, such as Twitter, and display that data on their own website.

Another example would be look at sign-in options for a website or app.

The requests and responses are all handled by an API, even though the data transfer will vary based on the web service being utilised. Since APIs communicate data within the computer or application are not visible on the user interface, they appear to the user as a single, seamless connection.

The developer doesn't need to know the entire code of these companies, they make use of the available APIs to connecct to these apps who securely sign in the user. APIs hence simplify design and development of new applications and services, and integration and management of existing ones. But they offer other significant benefits to developers and organizations at large.

This blog article is a part of the task given by Keploy under their Keploy API Fellowship program to test us on our understanding of the topics covered by them. This is an excellent way of learning in public.