DANA EPP’S BLOG API Hacking Fundamentals February 13, 2024
I recently had an interesting conversation on Twitter/X that got me thinking about API endpoints vs routes. It all started with this tweet:
The conversation progressed into whether this was one vulnerability or two. It also started questioning my understanding and definition of what an API endpoint vs. an API route means.
I’ve decided to clarify my thinking by writing this post. I want to explore the nomenclatures and see what the community thinks. By the end of the article, I am hoping you agree with me that Manuel should be submitting two separate reports to the vendor.
What is an API endpoint?
An API endpoint is a specific URL or URI (Uniform Resource Identifier) where an API can be accessed by a client application. It represents a specific function or resource available in the API. The endpoint is what the API exposes for a specific operation. It is the point of interaction where the API services can be consumed.
Consider an API for a user management system. An endpoint in this API might be https://api.example.com/users/12345
, where accessing this URL could return information about the user with ID 12345
.