Of the more than 22,000 APIs that ProgrammableWeb tracks in our directory

One final note is that Unspecified shows up as the third most frequent data format on both requests and responses. Our directory data model uses Unspecified as shorthand for when an API provider doesn’t provide this information.

GraphQL is an RPC styled approach to APIs that has been much discussed since its arrival in 2015. While a number of overzealous commenters were quick to declare that GraphQL would replace REST, it is more properly thought of as an alternative that works extremely well in specific use cases. It has been used in 53 APIs in the last two years which is a good showing but clearly pales in comparison to the more than 3,000 new RESTful APIs to appear during the same time.

The REST architectural style and JSON data format are the staples of the API space. However, they are not the only approaches when building an API. Event-driven API architectures have been steadily growing in popularity in the last few years due to the desire for applications that perform in real-time. Two of the most popular event-driven protocols are Webhooks and WebSockets; combined they have been used in nearly 200 APIs in the last two years.

we see that in the last two years JSON has been used as a response data format five-fold as many times as XML. XML is by far the number two response format used by API providers, but it is clear that JSON has been the unquestioned format of choice.

While the all-time data are helpful for understanding APIs in the big picture, it may be useful to consider where APIs are trending in recent years. We queried our database from March 2018 through March 2020 to see what modern APIs can tell us about the direction things are heading and here’s what we found.

The second result worth noting is that JSON, as expected, is the most popular response data format in use. The advantages of JSON over XML including lighter payloads, greater readability, reduced machine overhead for Serialization/ Deserialization, easier consumption by JavaScript among others, have been discussed for years. So it’s no surprise that JSON is the format of choice. It’s also interesting to see that XML is used about 90% as often as JSON.

While we are discussing URI Query String/CRUD, you may notice that it appears more than 200 times as a response data format. The great majority of these are due to event-driven APIs that use Webhooks. In a Webhooks API the client request indicates what Webhooks-based stream it wants to subscribe to. The stream is implemented through an approach where the client provisions an HTTP-based API that the server calls. When the server has an update it makes a RESTful call to the client. That’s why the response from the server would include URI Query String as a data format.

The clearest finding is the dominance of REST styled APIs. URI Query String/CRUD as a request format refers to an APIs ability to leverage the HTTP protocol in order to take action on an API Resource. This is most commonly seen on REST-styled APIs and thus the use of URI Query String/CRUD in the request signals the use of RESTful architecture. With 18,985 web APIs using this request format, it is safe to say that REST is used by nearly 83% of the APIs in the directory.

攻击者可以在发送的请求中改变对象的ID来攻击存在“失效的对象级授权”漏洞的API。这将导致敏感数据的未授权访问。