Which company offers web services

The interface - API, web service & GUI simply explained

Both software providers and website operators want to offer their users an optimal range of different services and are therefore on one interface reliant. But interfaces are also an important tool for companies in order to be able to connect heterogeneous systems with one another and to avoid inefficient isolated solutions. This article discusses selected types of interfaces such as API, web service and GUI presented and separated from each other.

interface

Generally speaking, an interface is a connection between two systems that enables communication or transmission. For example, a socket is an interface that is necessary to transmit electrical power.

In the IT world, interfaces are of great importance. They enable communication between both software and hardware components. A USB port on the computer provides a hardware connection to the USB stick. The operating system also contains interfaces to enable access to e.g. the hard disk or graphics card via an application program.

Application Programming Interface (API):

API is an acronym for “application programming interface (English for interface for application programming). For example, software can be integrated into another system using an API. In order for a program to be able to call up and use the functionalities of another software, it must implement the corresponding API. This means that different software modules / program parts (services) can be created independently of one another and communicate via an interface. The advantage of such a modular programming is that software can be maintained more easily and expanded individually with additional modules.

Web service:

A web API (web service) must be distinguished from a "normal" API. Although a web service also includes an API, it also offers a web service. With web services, a website provider can integrate and offer different services, e.g. external providers via a network (i.e. intranet, internet) in its portal.

There is no uniform definition of what a web service is, but there are properties that every web service has:

  • a web service offers a service over a network
  • a web service offers automated data exchange and the use of functionalities
  • the exchange of data and functionality takes place independently of the programming language or hardware and can therefore be integrated into different systems
  • A web service is a pure computer-to-computer communication

Example web service

Using an online shop, web services can be explained as follows:

Our example shop "Amazonia" offers different products from different categories. In addition to the usual functionalities such as electronic product catalogs, product ordering, electronic payment by credit or debit card, "Amazonia" also offers additional services. For example, the buyer can also take out insurance or track the status of the shipment by the parcel service. To make it easier for its users to log in, “Amazonien” has implemented a single sing-on solution using an authentication API, so that their customers can also log in via their Facebook login and do not have to enter separate login data.

Since “Amazonia” cannot provide these services itself, it uses the web services of other providers. “Amazonia” can integrate these services into its own portal through an interface. For the user only the page of "Amazonia" appears, so that he basically does not notice anything of the exchange taking place in the background. "Amazonia" itself can also use the web APIs to check the customer's creditworthiness, initiate payment by credit or debit card, commission a parcel service or inquire about the current exchange rate.

Which companies offer which services and web services can be researched in the Universal Description Discovery and Integration (UDDI).

Graphical User Interface (GUI)

The user interface must be distinguished from the API or web service (also called graphical user interface or frontend). The GUI is the interface of an application that the user sees. The user can enter data via this user interface. The GUI then forwards this data to the software for processing (also known as the backend). The GUI then presents the requested results to the user. The GUI is therefore an interface between man and machine. In contrast to this, an API or a web service is used for the automated exchange between machines.

Order data processing or transfer of functions

In terms of data protection law, the question often arises whether web services are subject to order data processing if a portal operator has implemented a web service from an external provider in their portal and personal data is exchanged via this. This must be decided on a case-by-case basis and depends on the service provided. However, in most cases there will be a transfer of functions, since in addition to the specific processing of personal data, an entire area of ​​responsibility is transferred. In this case, the third party is no longer just a contractor, but rather a responsible body. The focus is then not only on processing the data in the order, but on whether the services and processes provided are solely the responsibility of the web service provider.

If there is a transfer of functions, it must be checked whether a transfer of data may be carried out as processing for "own business purposes" in accordance with § 28 BDSG or whether consent must be obtained.

security

The following should also be considered when securing the system (especially with web services):

  • Securing the transmission paths for web services (encryption)
  • Roles and authorization concept
  • Performing penetration tests
  • Logging
  • Regular installation of security-relevant updates
  • Regular checking of the availability and functionality of the interface
Do you like the post? Then we look forward to a recommendation:

About the author

Agnieszka CzernikLawyer

Data protection and IT (security) serve to protect privacy and corporate values. Maintaining these interests and working in two diverse and interesting areas at the same time is my passion. more →

intersoft consulting services AG

As experts in data protection, IT security and IT forensics, we advise companies across Germany. Find out more about our range of services here:

IT security advice

Do you have any suggestions for topics or improvements? Contact us anonymously here.