What is an API?
An API (Application Programming Interface) is a programming interface that allows one software application to call functions exposed by another software application according to published rules (methods, parameters, formats and return codes).
In the most common scenario (web APIs), these exchanges rely on HTTP: a client sends a request and the server returns a response, using standardised semantics (methods, status codes and headers).
What is a REST API?
A REST API refers to a web API built according to the REST (Representational State Transfer) architectural style described by Roy Fielding: interactions concern identified resources, manipulated through representations, using self-descriptive messages, within a stateless model (no server-side session state in the REST sense).
In practice, the term “REST” is often used to describe HTTP APIs that structure their URLs around resources and apply HTTP methods and status codes consistently.
What is an endpoint?
An endpoint is a specific access point of an API: typically a combination of (i) a URL (or route), (ii) an HTTP method (GET, POST, etc.), and (iii) an expected behaviour (parameters, response schema, possible errors).
The collection of endpoints forms the API as a whole. The terminology used (methods, status codes) follows HTTP semantics.
What is a webhook?
A webhook is a push notification mechanism: instead of the client querying the API to determine whether an event has occurred, the server calls a URL provided by the client (callback) to transmit the event.
Within an evidentiary chain, webhooks are frequently used to notify the completion of a process (for example: “token available”, “document sealed”, “archiving completed”). This requires securing the sender, reception and logging of the call.
What is the payload?
The payload is the message body carrying the business data being transmitted (for example a JSON structure, binary content or a hash value).
In HTTP, the payload is generally contained in the message body, while headers describe elements such as content type, encoding and authentication.
In an evidentiary system, a key point is to identify precisely what belongs to the payload (data, hash, metadata) and what belongs to the headers (transport context, security information), in order to avoid ambiguity during verification.
What is authentication?
Authentication is the mechanism through which a system verifies that a caller is indeed who it claims to be (for example through a secret, a certificate or a token).
In HTTP, authentication is commonly expressed through the Authorization and WWW-Authenticate fields and the associated schemes.
In a digital trust API, authentication operates alongside authorisation (permissions) and usage controls (quotas, abuse prevention), as API vulnerabilities frequently arise from incomplete or improperly implemented access controls (OWASP reference).
What is TLS?
TLS (Transport Layer Security) is the security protocol that enables client and server applications to communicate while reducing the risk of interception, alteration or falsification of messages on the network. It forms the basis of HTTPS (and therefore of most web APIs).
TLS does not, by itself, establish evidential proof; it secures the transport layer. The probative value of a system then depends on application-level mechanisms (integrity of generated objects, traceability, preservation and verification). Nevertheless, TLS is a technical prerequisite to limit disputes relating to the transmission channel.
