From 9700ac7daf22f238019dea511610076528d6650d Mon Sep 17 00:00:00 2001
From: David Sopas <11536578+dsopas@users.noreply.github.com>
Date: Thu, 18 Jul 2024 16:40:28 +0100
Subject: [PATCH] Update MindAPI.md

Improved the API architecture identification
---
 MindAPI.md | 21 ++++++++++++++++++---
 1 file changed, 18 insertions(+), 3 deletions(-)

diff --git a/MindAPI.md b/MindAPI.md
index dadc558..12213c3 100644
--- a/MindAPI.md
+++ b/MindAPI.md
@@ -7,10 +7,25 @@
 #### Architecture
 - REST APIs
   - RESTful
-  - OData 
+    - URL structure
+      - Often use resource-oriented URLs such as: `/api/v1/product/1234` 
+    - Response structure 
+      - Often in JSON or XML format
+      - Consistent and hierarchical structure
+  - OData
+    - A metadata document is usually provided at `/odata/$metadata`
+    - Specific query options present on the URL: `/odata/Products?$filter=Price&$orderby=desc`
+    - Response often includes annotations `@odata.context` or `@odata.metadata`
+    - Typically format is JSON
+    - Usually the response `Content-Type` includes the string `odata`: `application/json;odata.metadata=full`
+    - 
 - GraphQL
-  - Known vulnerabilities
-    - [GraphQL Threat Matrix](https://github.com/nicholasaleks/graphql-threat-matrix)
+  - Response structure
+    - If there an issue with the query, an `errors` object is included in the response
+    - Errors like `Cannot query field` or `Field <field_name> not found` is usually indicative of a GraphQL API 
+    - If the response is successful the response will often contain a `data` field which includes the actual query results
+  - Specific fields
+    -  Response may include `__typename` which is used to identify the type of an object
 - SOAP
   - Transfered data in XML format  
 - XML-RPC