A

1. Abao

2. Accept-Charset header

3. Accept header

4. Access token

5. AccuWeather APIs

6. Activity logging

7. Amazon APIs

8. Amazon S3

9. Amazon Web Services

10. Analytics services

11. API adoption patterns

    1. business partner integration

    2. external digital consumers

    3. internal application integration

    4. IoT

    5. mobile

12. API analytics

    1. activity logging

    2. advanced analytics

    3. business value reports

    4. importance

    5. metrics

    6. reports

    7. service-level monitoring

    8. stakeholders

    9. user auditing

13. API Blueprint

    1. document structure

    2. vs. Swagger and RAML

    3. tools

14. API catalog

15. API contract

    1. definition

16. API deployment patterns

    1. cloud deployment

       1. advantages

       2. disadvantages

    2. on-premise deployment model

17. API Designer

18. API developer portal

    1. vs. API gateway

    2. in API Lifecycle

    3. API product owner

    4. API team

    5. app developers

    6. features

    7. importance

    8. publishing and sharing

    9. support

       1. federated developer community

       2. invitations

       3. social forums

19. API documentation

20. API facade pattern

    1. callback

    2. composition

    3. HATEOS principles

    4. two-phase transaction

21. API fuzzing

22. API gateway

    1. vs. API developer portal

    2. caching

    3. interface translation

       1. format translation

       2. protocol translation

       3. service and data mapping

    4. security

       1. authentication

       2. authorization

       3. data privacy

       4. DoS protection

       5. identity mediation

       6. key and certificate management

       7. threat detection

    5. service orchestration

    6. service routing

       1. connection pooling

       2. load balancing

       3. service dispatching

       4. URL mapping

    7. testing

    8. traffic management

       1. consumption quota

       2. spike arrest

       3. traffic prioritization

       4. usage throttling

23. API governance

    1. adoption phase

    2. aim

    3. API proposal

    4. build and validate phase

    5. general availability phase

    6. policy-driven approach

    7. technical requirements gathering

24. API interface

25. API key

26. API lifecycle management

    1. change notification

    2. creation

    3. issue management

    4. publication

    5. version management

27. API management patterns

    1. API composition pattern

    2. API facade pattern

    3. caching

    4. logging and monitoring

    5. routing

    6. session management

    7. synchronous to asynchronous mediation

    8. throttling

    9. two-phase conversion pattern

    10. two-phase transaction management

28. API management platform

    1. API gateway

       1. See also((API gateway))

    2. businesses values

    3. capabilities

    4. developer portals

1. lifecycle management

1. API message logging pattern

2. API monetization

   1. API package

   2. API product

   3. billing documents

   4. digital assets

   5. fee-based model

   6. free model

   7. to increase revenue

      1. customer channels

      2. customer retention

      3. distribution channels

      4. upsell premium and value-added services

   8. indirect model

   9. rate plan

   10. reports

   11. revenue-sharing model

3. API Notebook

4. API patterns

   1. adoption patterns

      1. See also((API adoption patterns))

   2. deployment patterns

      1. See also((API deployment patterns))

   3. management patterns

1. pragmatic RESTful API interface

2. security

1. API performance testing

   1. See alsoLoad testing

   2. baseline testing

   3. metrics

   4. soak testing

   5. stress testing

2. API product owner

3. API Provider

4. API registry

5. API security

   1. authentication

   2. authentication and authorization

      1. API keys

      2. mutual authentication

      3. OAuth

1. username and password

2. X.509 certificate

1. authorization

2. considerations

3. cross-site scripting (XSS)

4. cyber threats

   1. bot attacks

   2. cross-site resource forgery

   3. cross-site scripting (XSS)

   4. injection threats

   5. insecure direct object reference

   6. sensitive data exposure

5. DDoS attacks

6. demands

7. denial-of-service (DOS) attacks

8. eavesdropping

9. logging and auditing

10. man-in-the-middle attacks

11. monitoring APIs

12. OpenID Connect

1. PCI compliance requirements

2. Quota policy

3. recommendations

4. schema validation policies

5. scripting attacks

6. SDLC process

7. session attack

8. Spike Arrest policy

9. SSL/TLS encryption

10. testing

    1. API fuzzing

    2. authentication and authorization

    3. malformed payload injection

    4. malicious content injection

11. threat model

1. API team

2. API testing

   1. API documentation

   2. API gateway

   3. API interface specifications

   4. API security

      1. See also((API security, testing))

   5. challenges

   6. importance of

   7. performance testing

      1. See also((Load testing))

   8. tools

      1. must-have features

      2. nice-to-have features

3. API value chain

4. API Workbench

5. app developers

6. app ID

7. app key

8. Application programming interface (API)

   1. See alsoWeb APIs

   2. business models

   3. hotel room booking

9. AT&T APIs

10. Audiences, API documentation

11. Auditing

12. Authentication

13. Authorization

14. Authorization header

B

1. Baseline testing

2. B2B partner integration

3. Billing

4. BlazeMeter

5. Blogs and forums

6. Bot attacks

C

1. Cache-Control general header

2. Caching

3. client ID

4. Client-server constraint

5. Cloud computing

6. Cloud deployment

   1. advantages

      1. capital and operational expenditure reduction

      2. management over heads

      3. regulatory compliance

      4. reliability and availability

      5. scalability and agility

      6. time to market

   2. disadvantages

      1. control over data

      2. network latency

7. Code-on-demand constraint

8. Communication

9. Content-based routing

10. Content-Type header

11. Cross-Site Resource Forgery (CSRF or XSRF)

12. Cross-site scripting (XSS)

13. Custom Search APIs

14. Cyber threats

    1. bot attacks

    2. cross-site resource forgery

    3. injection threats

       1. script injection attacks

       2. XML and JSON bombs

    4. insecure direct object reference

    5. sensitive data exposure

    6. XSS

D

1. Data privacy

2. DDoS attacks

3. DELETE verb

4. Denial-of-service (DoS) attacks

5. Developer portals

   1. access credentials

   2. API catalog and documentation

   3. API documentation

   4. community management

   5. monetization

6. Documentation

   1. API Blueprint

   2. app developers or API consumers

   3. audiences

   4. bottom-up approach

   5. endpoint

   6. error codes

   7. frameworks

   8. header parameters

   9. HTTP response codes

   10. importance

   11. message payload

   12. method

   13. RAML

       1. See also((RESTful API Markup Language (RAML))

   14. sample HTTP calls

   15. SLAs

   16. Swagger

       1. See also((Swagger))

   17. title

   18. top-down approach

   19. tutorials and walk-throughs

   20. URL parameters

E

1. Eavesdropping

2. eBay API

3. Elastic Compute Cloud platform

4. ETag (entity tag) response header

F

1. Facebook APIs

2. Federated developer community

3. Filtering

4. Filtering criteria

5. Flickr APIs

6. Foursquare APIs

7. Freemium model

8. Free model

G

1. GET verb

2. Google APIs

3. Google Maps APIs

H

1. Handle requests

2. HEAD method

3. Host request header

4. HTTP error response codes

5. HTTP headers

   1. Accept-Charset header

   2. Accept header

   3. Authorization header

   4. Cache-Control general header

   5. Content-Type header

   6. ETag (entity tag) response header

   7. Host request header

   8. Location response header

   9. naming conventions

   10. types

6. HTTP status code

7. HTTP verbs

   1. RESTful web services

      1. DELETE verb

      2. GET verb

      3. HEAD method

      4. idempotent and safe methods

      5. OPTIONS verb

      6. PATCH method

      7. POST verb

      8. PUT method

      9. PUT vs. POST

   2. Richardson Maturity Model

8. Hypermedia as the Engine of Application State (HATEOAS)

I

1. Idempotent HTTP method

2. Injection threats

   1. script injection attacks

      1. script injections

      2. SQL statement injection

   2. XML and JSON bombs

3. Insecure direct object reference

4. Instagram APIs

5. Internal APIs

6. Internal application integration

7. Internet of Things (IoT)

8. Invitations, developer portal

J, K

1. JMeter

2. JSON format representation

L

1. Layered system

2. Load balancing

3. Loader.io

4. Load testing

   1. preparation

   2. tools

5. LoadUI

6. Location response header

7. Logging

M

1. Malformed/unexpected message injection attacks

2. Man-in-the-middle attacks

3. Message payload

4. Mobile apps

5. Monetization

6. Monitoring APIs

   1. analytics

   2. management patterns

   3. security

N

1. Naming conventions

O

1. OAuth

   1. API gateway

   2. authorization server

   3. client

   4. grant types

      1. authorization code

      2. client credentials

      3. implicit grant type

      4. resource owner password credentials

   5. protocol

   6. resource owner

   7. resource server

   8. scope names

   9. tokens

2. On-premise deployment model

3. OpenAPI specification

4. OpenID Connect

   1. authentication flows

      1. authorization code flow

1. hybrid flow

2. implicit flow

1. end user

2. identity provider integration

3. ID tokens

4. interaction between parties

5. relying party (RP)

1. OpenID connect authorization code flow

   1. authorization endpoint

   2. token endpoint

   3. userinfo endpoint

2. OPTIONS verb

P

1. Pagination

2. Partner APIs

3. PATCH method

4. PCI compliance specifications

5. POST verb

6. Private APIs

   1. security and access control

7. Public APIs

   1. app developers

   2. security risks

   3. success

8. PUT method

   1. vs. POST

Q

1. Query parameters

2. Quota policy

R

1. RAML API specification

   1. data type

   2. methods

   3. resources and subresources

   4. resource types and traits

   5. response

   6. security scheme information

   7. security schemes

2. Rate plan

3. Refresh token

4. Regulatory compliance requirement

5. Relying party (RP)

6. Representational State Transfer (REST)

   1. caching

   2. client-server constraint

   3. code-on-demand constraint

   4. HTTP headers

      1. Accept-Charset header

      2. Accept header

      3. Authorization header

      4. Cache-Control general header

      5. Content-Type header

      6. ETag (entity tag) response header

      7. Host request header

      8. Location response header

      9. naming conventions

      10. types

   5. HTTP status code

      1. categories

      2. error codes

      3. success codes

   6. HTTP verbs

      1. DELETE verb

      2. GET verb

      3. HEAD method

      4. idempotent and safe methods

      5. OPTIONS verb

      6. PATCH method

      7. POST verb

      8. PUT method

      9. PUT vs. POST

   7. layered system principle

   8. query-string parameters

      1. filtering

      2. offset and limit

      3. pagination

   9. resource identifier design, URIs

      1. best practices

      2. modelling resources and subresources

      3. naming conventions

      4. resource naming conventions

      5. URI design

      6. URI format

   10. resource representation design

   11. Richardson Maturity Model

       1. HTTP verbs

       2. hypermedia controls

       3. resources

       4. Swamp of POX

   12. statelessness

   13. uniform interface

       1. HATEOAS

       2. resource identification

       3. resource manipulation

       4. self-descriptive messages

   14. versioning

1. Resource type

2. RESTful API Markup Language (RAML)

   1. Abao

   2. API Designer

   3. API Notebook

   4. API Workbench

   5. code generation tools

   6. JAX-RS

   7. for .NET

   8. RAML 0.8 and RAML 1.0

   9. Restlet Studio

   10. specification

   11. structure

   12. structure

1. vs. Swagger and API Blueprint

2. tools

1. RESTful web services

   1. See alsoRepresentational State Transfer (REST)

2. Restlet Studio

3. Richardson Maturity Model

   1. HTTP verbs

   2. hypermedia controls

   3. resources

   4. Swamp of POX

4. Roy Thomas Fielding’s dissertation

S

1. Safe HTTP method

2. SalesForce

3. Scripting attacks

4. Script injection attacks

   1. script injections

   2. SQL statement injection

5. Search APIs

6. Sensitive data exposure

7. Service-level agreement (SLA)

8. Service orchestration

9. Service-oriented architecture (SOA)

10. Session attack

11. SMAC (social, mobile, analytics, and cloud) technologies

12. Soak testing

13. SOAP (Simple Object Access Protocol) messages

14. Social forums

15. Spike Arrest policy

16. SSL/TLS encryption

17. Streaming APIs

18. Stress testing

19. Swagger

    1. bottom-up approach

    2. file structure

    3. frameworks

    4. goals

    5. vs. RAML and API Blueprint

    6. tools

    7. top-down approach

20. Swagger Codegen

21. Swagger Editor

22. Swagger-UI

T

1. Traits

2. Twitter APIs

U

1. Uniform Resource Identifier (URI)

   1. components

   2. naming conventions

2. Uniform Resource Locators (URLs)

   1. versioning

3. Uniform Resource Name (URN)

4. URL mapping

5. URL parameters

6. User auditing

V

1. Vegeta

2. Versioning

   1. demands

   2. handle requests

   3. host name

   4. HTTP header

   5. lifecycle management

   6. principles

   7. query parameters

   8. vs. software versioning

   9. URLs

W, X

1. Web APIs

   1. definition

   2. evolution

   3. vs. SOA

   4. vs. web services

   5. vs. web sites

2. Web sites

3. Wrk

Y, Z

1. Yelp APIs

2. YouTube API