If you spend time around software or internet tools you’ve likely heard the term “API”. API stands for “application programming interface”. There are tons of APIs available online for software developers to use to integrate information from other applications into their own software.
What is an API?
An API is a system of tools and resources in an operating system which lets developers create software applications that interact with other services. APIs are what allow two separate applications to communicate with each other. APIs let users interact with other services or websites without leaving your website. APIs are important because without them, it would be very difficult to understand the syntax of all the apps and services your tool interacts with. APIs explain what each object is called and which actions can be executed on each one.
UpWork breaks down the actual words in API to give us a better understanding of what Application Programming Interface actually means:
Application: Think of an application like an ATM. When you walk up to an ATM, you expect it will allow you to access your account and complete a transaction like withdrawing cash. Like an ATM, an app provides a function, but it’s not doing this all by itself—it needs to communicate both with the user, and with the “bank” it’s accessing.
An app deals in inputs and outputs, too. A web, mobile, or back-end application is like a machine that solves a specific problem. The software may be a customer-facing app like a travel booking site, or a back-end app like server software that funnels requests to a database.
Programming: APIs allow the ATM to communicate with your bank. The programming is the engineering part of the app’s software that translates input into output. In other words, it translates your request for cash to the bank’s database, verifies there’s enough cash in your account to withdraw the requested amount, the bank grants permission, then the ATM communicates back to the bank how much you withdrew so that the bank can update your balance.
Interface: A user interface (UI) is how we interact with an application. In the case of the ATM, it’s the screen, keypad, and cash slot—where the input and output occurs. We enter our pin number, punch in how much cash we’d like to withdraw, then take the cash that’s spit out. Interfaces are how we communicate with a machine. With APIs, it’s much the same, only we’re replacing users with software.
If a website or program offers an API, that means their developers have created a set of URLs that return pure data responses.
Remote APIs are designed to interact through a communications network. By “remote,” we mean that the resources being manipulated by the API are somewhere outside the computer making the request. Because the most widely used communications network is the internet, most APIs are designed based on web standards. Not all remote APIs are web APIs, but it’s fair to assume that web APIs are remote.
Web APIs typically use HTTP for request messages and provide a definition of the structure of response messages. These response messages usually take the form of an XML or JSON file. Both XML and JSON are preferred formats because they present data in a way that’s easy for other apps to manipulate. Web APIs are broken into two general categories: Remote Procedure Call (RPC) and REpresentational State Transfer (REST).
- Remote Procedure Call (RPC) APIs are typically a single URI (uniform resource identifier) which can be used to call many operations via POST. These APIs involve passing a structured request that includes the name of the operation you want to invoke and any arguments you want to pass to the operation. RPC is mostly procedural by nature.
- REpresentational State Transfer (REST) APIs are not a specific type of API, but an architecture based on the HTTP specification. REST uses HTTP’s strengths. For example, REST uses URIs as unique identifiers for resources, uses HTTP’s operational verbs for resources, and gives clients the ability to link between resources to indicate that those resources are related.
API Release Policies
Not every API is made 100 percent public for anyone to use. Private and Partner APIs are used only by internal or approved users. This lets the company maintain control over who is using information and other resources related to its products.
Private: The API is only for use internally. This gives companies the most control over their API.
Partner: The API is shared with specific business partners. This can provide additional revenue streams without compromising quality.
Public: The API is available to everyone. This allows third parties to develop apps that interact with your API and can be a source for innovation.
What is an API Key?
API keys are used for authentication for user agents that interact with or make requests to an API. These keys can be sent to the API using a query string, a request header or as a cookie. The company that controls the API can use the keys to only allow registered users to make requests, track who makes requests, track usage of the API and block or throttle users who exceed certain limits. When the API sees the key you’re sending, it will then authenticate that you are who you say you are and authorizeyou to perform a certain action.
What is an API Call?
An API call is when an application uses an API to communicate with a server or another application. This is basically any time a program runs an external piece of code that isn’t part of the main program. For example, if a program is running in Windows and the program needs to open a new file window, it will call an API to tell the operating system that it needs to open a window.
Examples of APIs
In the early days of APIs, typical applications would only need to use a few APIs to achieve full functionality. Now, an application may rely on hundreds of APIs to access data or functions from other services.
Facebook API: Facebook actually offers a number of APIs for different purposes. Facebook’s Ads API lets users track and monitor the effectiveness of their advertising campaigns. Facebook’s Graph API lets other applications access Facebook functions.
Google Maps API: If you visit a website that has an embedded Google map, that’s one example of the Google Maps API in the wild. The website has to interact with Google maps to get the information and embed the content in the web page.
Dropbox API: Dropbox’s API lets users read/write files stored in Dropbox, allows them to use Dropbox’s file syncing and storage and find other uses for Dropbox.
Stripe API: Stripe is one of the most popular payment processors currently available online. It’s API is organized around REST and lets app and software developers seamlessly integrate Stripe’s payment processing into their apps.
Originally published at https://choosetoencrypt.com on June 6, 2019.