Explain to me HTTPS like I'm five

ยท

7 min read

What is HTTP?

HTTP stands for "Hypertext Transfer Protocol." It's like a set of rules that helps computers talk to each other when they are trying to share a website or a picture.

In simple words,

Imagine that you and your friend are playing in the sandbox together. You have a toy car, and your friend has a toy castle. You want to see the toy castle, so you ask your friend to show it to you. Your friend says "okay," and picks up the toy castle to show it to you. This is like one computer asking to see a website or a picture on another computer.

For you to see the toy castle, your friend needs to give it to you. Just like your friend picked up the toy castle and gave it to you, the other computer sends the website or picture to the computer that asked for it.

HTTP is like the rule that says your friend has to pick up the toy castle and give it to you when you ask to see it. Without this rule, you might not be able to see the toy castle, just like without HTTP, your computer might not be able to see websites or pictures on other computers.

Now, let's understand HTTPS,

What is HTTPS?

HTTPS stands for "Hypertext Transfer Protocol Secure." It's like a special set of rules that helps computers talk to each other when they are trying to share a website or a picture, but with extra security.

In simple words,

Now, suppose you and your friend are playing in the sandbox together. Your friend has a toy castle, and you want to see it. But, this time, your friend has a secret password that only you and your friend know, so that only you can see the toy castle.

For you to see the toy castle, your friend asks you to say the secret password. When you say the secret password correctly, your friend shows you the toy castle. This is like one computer asking to see a website or a picture on another computer using HTTPS. The computer that has the website or picture asks the other computer to prove that it's allowed to see it by sending the secret password.

HTTPS is like the special rule that says your friend has to ask for the secret password before showing you the toy castle. This extra step helps keep the toy castle (or the website or picture) safe from people who shouldn't be able to see it.

Now, let's understand the difference between them in the next section,

HTTPHTTPS
HTTP stands for "Hypertext Transfer Protocol."HTTPS stands for "Hypertext Transfer Protocol Secure."
HTTP is a set of rules for computers to share websites and pictures.HTTPS is a set of rules for sharing websites and pictures securely.
HTTP does not encrypt the data being transferred.HTTPS encrypts the data being transferred.
HTTP URLs start with "http://"HTTPS URLs start with "https://"
HTTP is less secure and more vulnerable to man-in-the-middle attacks.HTTPS is more secure and less vulnerable to such attacks.

What makes HTTPS different from HTTP?

  • Encryption

  • Authentication

  • Data Integrity

Let's understand them a little bit,

What is encryption?

Encryption is like a secret code that only certain people know how to read. Imagine that you have a secret message that you want to send to your friend, like a treasure map or a secret recipe. You don't want other people to know what the message says.

So instead of writing the message normally, you write it using a secret code. For example, you can replace each letter with a picture or a number. So "Hello" becomes "1-2-3-4-5" or "๐Ÿฑ-๐Ÿถ-๐Ÿญ-๐Ÿน-๐Ÿฐ". Now, the message looks like a bunch of pictures or numbers, and nobody knows what it means except you and your friend.

To read the message, your friend needs to have the key or code to decrypt the message and turn it back into the original message. So in this case, the key would be the mapping of pictures to letters or numbers to letters.

Encryption is used to protect sensitive information, like your personal information, when it is sent over the internet. Encrypting the data makes it harder for other people to understand or use it, even if they intercept it.

What is authentication?

Authentication is like making sure that someone is who they say they are. Imagine you have a toy box with a lot of fun things inside that you want to share with your friends. But, you don't want just anyone to be able to play with your toys.

So, you come up with a secret knock, like "Knock, knock, who's there?" and only your friends know the answer. When someone comes to your house, you ask them the secret knock, and if they know the answer, you let them play with your toys. This way, you know that they are your friend and not a stranger.

Similarly, when you use a computer or a phone to access a website, the website wants to make sure that you are who you say you are. It does this by asking for information like a password or a fingerprint. Once you provide the correct information, the website knows that you are who you say you are and lets you in.

Authentication helps protect sensitive information, like your personal information, by making sure that only the right people have access to it.

What is data integrity?

Data integrity refers to the accuracy and completeness of data and the assurance that it has not been tampered with or altered during storage or transmission. It ensures that the data is consistent and can be trusted by detecting any changes or inconsistencies in the data.

For example, imagine you are playing a game with your friend and you want to send your score to your friend. You want to make sure that your score is accurate and hasn't been changed by someone else before it reaches your friend. Data integrity ensures that the score is correct and has not been tampered with during the transfer process.

It helps ensure that the data received is the same as the data sent and that it hasn't been altered, corrupted, or tampered with in any way during transfer.

After knowing all about HTTP and HTTPS, now it's time to understand the role of API in both protocols,

What is API?

An API, or Application Programming Interface, is a set of protocols, routines, and tools for building software and applications. It defines the way that different software systems interact with each other and allows for communication between different systems.

APIs act as a bridge between different software systems, allowing them to share data and functionality. An API specifies the way that different software components should interact, and it allows different systems to communicate with each other without knowing the underlying details of how the other system works.

For Example,

An API is like a magic phone for computers. Just like you can call your mom on the phone and ask her to do something for you, a computer can call an API and ask it to do something for it.

For example, imagine you want to order a pizza, You can call the pizza shop using the phone and tell them what kind of pizza you want, your address, and other details. The pizza shop will use that information to make the pizza and deliver it to you.

Similarly, a computer can call an API and give it some information, like what kind of information it wants and where it wants it from. The API will use that information to retrieve the data or perform an action before returning it to the computer.

APIs help different programs and systems talk to each other and work together, so they can share information and do things more easily.

Why we should go for HTTPS APIS not HTTP APIS?

There are many reasons that we already covered above why we should migrate to HTTPS and why not HTTP, For APIS also the same procedure will be followed, i.e.

Security, Authentication, Data Integrity, Search Engine Optimization and so on help it to be far better than HTTP.

Closing Notes,

  • HTTP and HTTPS are both protocols for transferring data over the internet, but HTTPS provides an extra layer of security by encrypting the data being transferred.

  • This makes it more difficult for anyone to intercept and read the data. HTTPS also uses SSL/TLS certificate for authentication, which ensures that the client is communicating with the intended website and not an imposter.

  • HTTPS also ensures that the data being transferred has not been tampered with during transit, ensuring the integrity of the data.

  • So, HTTPS is like a secret code that keeps your information safe and makes sure that only the right people can see it.

Thanks for reading and I hope you find this useful!

ย