Introduction to APIs
This section will explain what web APIs are, and their purpose in simple, non-technical terms.
Essentially, APIs are a means of communication or interaction between two different applications or between two parts of the same application. By “a means of communication”, it means that APIs are just one method out of many used to communicate or interact with applications. There are different methods a user can interact with an application. But these are beyond the scope of this article. APIs provide a way for users to interact with applications programmatically. Permit this article to skip the full meaning of the API abbreviation until later.
One of the reasons why programs (not APIs) are created is to automate processes. Programmers want things to be done for them by computer programs so that they don’t have to do them manually each time. Take for instance, an application like Twitter. Each time we make a tweet, it is very unlikely that there’s an employee who is seated at his/her desk at the company creating new web pages to show this tweet. Imagine if this was the method that was used, the amount of people Twitter would have to employ to be able to create new web pages for every users’ new tweet and the time it would take to create these web pages. Because this method is not sustainable, a program was written to automate this process. As a normal user, if I wanted to make use of Twitter, I would need to open the mobile app or its web application. I would need to click some buttons and write some text before a tweet is published automatically.
Although a certain level of automation has been achieved by interacting with Twitter through its user interface, there’s a little caveat. Imagine I was a user who tweeted motivational quotes every morning to get my audience ready for the day. I would need to repeat this process every day. This routine might not seem tedious at first, but imagine I was managing a Twitter account for an organization and I had to do more than just tweeting. I will need to reply DMs, look out for mentions and reply to them, etc. There has to be a way to automate these processes to enable me focus on things that matter more. Luckily, Twitter thought of this scenario and created an API for their application.
Like earlier stated, programs allow us to automate processes. And in this situation, I would like to automate some tasks I do on Twitter. Programs are not human beings. They don’t have fingers to click on buttons or to click on app icons to open them up. But somehow, they still get to interact with other programs or applications and do the same thing we would do as human beings. This is achieved through the use of the application’s API.
An API serves as an intermediary or an interface between two entities. These two entities might be a user and an application, or an application and another application. It is worth mentioning that the application that is to be interacted with is saved on a computer called a server. Due to this, I would be using the terms “server” and “application” interchangeably. Moving forward, let us consider an everyday library of books to help understand how APIs work.
A library has books that are kept on bookshelves. It also has a librarian who organizes these books and retrieves a book when needed. We also have patrons who come by to read or borrow books and they are the users of this library. As a patron, when I come to this library, I ultimately don’t know how the books are arranged or how to find a book I’m looking for. Intuitively, I call on the librarian, and tell the librarian what I seek, in a language he/she understands. The librarian will go into the bookshelves, find the book I seek and return to hand it over to me. Or in a case where the book is not found, will simply tell me it is not found.
In this scenario, the books serve as one entity and the patron serves as another entity. The librarian here serves as the API that I can call upon to send on a request to retrieve a resource. I call upon this librarian in order to interact with the library. The librarian is an interface or an intermediary between the books I want, and myself. Hence, the full meaning of API is Application Programming Interface. It is the programming interface of an application.
Another common metaphor for APIs would be that of a restaurant. Imagine you are sitting at a restaurant, and you want to order food. You give your order to the waiter, who then communicates it to the chefs on your behalf. The chefs prepare your order and give it to the waiter, who then brings it to your table.
This scenario is similar to how an API works. The customer (the user) is one entity, that wants to make a request or perform an action. The chefs are another entity, which performs the necessary actions in response to the user's request. And the API is the waiter, who acts as a middleman between the user (customer) and the application (chefs).
The API takes requests from the user and communicates them to the server in a way that the server can understand. The server then performs the necessary actions and sends a response back to the user, through the API.
Just like in a restaurant, it is important that the API communicates effectively with both the user and the server. The API must be designed in a way that facilitates clear and efficient communication between the two entities. It must also be able to handle different types of requests and responses, just as a waiter must be able to handle different types of orders and requests from customers, even orders that don’t exist.
The structure of APIs (the way in which an API is designed, organized and presented to users who want to use them) are different from each other. For users to use an API, they need to know where to find the API, how to call the API, how many times they can call the API, how the data that is returned by the API is structured and a few other things. Due to these different uncertainties, creators of APIs also create documentation about the API. Documentations are like manuals we find in new gadgets. They tell exactly how to use an API.
Modern History of APIs
This section will briefly discuss the evolution of APIs, starting from the 2000s.
In the early 2000s, commerce companies like Salesforce, eBay and Amazon were the first to create and deploy publicly accessible APIs for their platforms. Why? These companies sought to achieve a few things:
Expand their customer base: By creating APIs, these companies aimed to make it easier for developers to build applications that integrate with their platforms. This, in turn, would expand the customer base for their core products and services.
Foster innovation: By opening up their platforms to third-party developers, these companies hoped to foster innovation and accelerate the development of new applications and services that could drive growth and revenue.
Increase revenue: By enabling third-party developers to build on top of their platforms, these companies could create new revenue streams by charging for access to their APIs or taking a cut of the revenue generated by third-party applications.
Improve customer experience: APIs can be used to create new tools and features that improve the customer experience on these companies' platforms. By opening up their APIs to third-party developers, these companies could leverage the creativity and expertise of outside developers to build better tools and features for their customers.
Salesforce officially launched its API on February 7, 2000, at the IDG Demo conference. On November 20, 2000, eBay launched the eBay Application Program Interface (API) along with the eBay Developers Program. These were originally rolled out to only a select number of licensed eBay partners and developers but ultimately shifted how goods are now sold on the web. On July 16, 2002, Amazon launched Amazon Web Services. This allowed developers to incorporate Amazon.com content and features into their websites.
Other notable players that shaped the use and existence of web APIs in this modern day were Delicious, Flickr, Facebook and Twitter.
APIs in the modern world
This section will discuss the widespread adoption of APIs and their importance in various industries.
Automotive industry: In modern times, we have seen cars with GPS systems and access to different applications that exist on the internet. These cars did not manufacture the huge amounts of information they have. They most certainly are getting this information from different servers. And how they get this information is through APIs. Similarly, APIs are used to connect to various components of a car's electronic system, such as infotainment systems, navigation systems, and engine control units, allowing them to communicate and exchange data between each other. APIs can also be used by third-party developers to create custom applications that can integrate with a car's electronic system, such as mobile apps that can control certain functions of the car remotely. This makes it possible for normal individuals to control cars using mobile phones. APIs made it possible.
Entertainment industry: APIs are used in the entertainment industry to enable developers to create applications that can interact with media platforms, such as streaming services, social media, and gaming platforms. By using APIs, developers can access data and functionality provided by these platforms, enabling them to create innovative and engaging applications that enhance the user experience.
Software Development industry: APIs make mobile, desktop and web applications possible. Before now, most mobile and desktop applications carried out all their functionality locally, on the machines they were run on. Desktop applications executed code, read and wrote to local files on the hard drive of your desktop or laptop machine. This took a lot of memory and storage space. But with the invention of APIs, these applications could outsource different functionality to other applications and call upon the results they need, when needed.
Essentially, APIs have made it easier for us to have access to enormous amounts of information. It has also given us the ability to leverage existing services to build more personalized experiences.
Reasons to use APIs
Reduces development costs: Imagine I want to build a weather application that gives information about the weather. In the absence of APIs, I would need to employ my own meteorologists to gather data about the weather. After that, I would employ my own data analyst to study and interpret the data. And many other professionals, just to enable me put the information I need on my app for other people to use. Luckily, a lot of other people have done these same activities and they have the information I need, stored somewhere on a server. I really don’t need to know how the weather works, I just need to know how to make use of these peoples’ APIs to ask for which information I want. This way, I have saved cost on gathering my very own data.
Reduces development time through separation of concerns: With the invention of APIs, it is possible to have a Front-end Developer and a Back-end Developer work on a project simultaneously. They don’t need to know each others’ stacks. They only need to decide on the structure of the API they’ll utilize, how this API will be designed and called so that in the end, the front-end and back-end will integrate correctly. The Front-end Developer does not need to wait till the Back-end Developer is done, thus reducing development time by working in parallel.
Creates reusable services/components: APIs make it possible to build one common service that can be used on multiple platforms like the web, mobile, desktop, etc. How is this useful? Imagine I would like to build a web and mobile app for my business. Without APIs, I would need to create different back-ends for each platform. But with APIs, I can build one common back-end service, where all platforms can get their data from. It does not matter which platform I would like to have a business presence in, because all platforms can integrate with APIs.
Types of APIs
APIs can be classified based on different criteria.
Based on access
Internal APIs: Internal APIs are used by different departments or teams within an organization to communicate and share data with each other. They are not exposed to the external world and are not meant to be used by external developers. Internal APIs are usually developed for specific purposes and may not have the same level of documentation or support as public APIs.
Private APIs: APIs that are exposed to a specific group of external users but not to the general public. They are meant to be used for specific business purposes and may require authentication or access keys to use. Private APIs have more documentation and support than internal APIs, as they are designed to be used by external users.
Partner APIs: They are also known as B2B (business-to-business) APIs. They are specifically designed for communication between two different companies or partners. They allow companies to securely share data and functionality with each other, and can be used for a variety of purposes such as integrating two different systems, exchanging data between partners, or automating business processes.
Public APIs: These are APIs that are available to the public. They can be used by anyone and usually have a high level of documentation.
Based on purpose
Web APIs: These are APIs that allow developers to interact with web-based applications or services, such as Google Maps or Facebook. Typically, it involves making requests and receiving responses across the web.
Mobile APIs: These are APIs that are designed specifically for mobile applications. They allow developers to access native functionality on a mobile device, such as access to the camera or GPS location. Mobile APIs can be platform-specific (e.g. iOS or Android) or cross-platform.
Payment APIs: These are APIs that allow developers to integrate payment functionality into their applications or websites. Payment APIs typically handle tasks such as payment processing, fraud detection, and refunds.
Search APIs
Social Media APIs, etc.
Based on functionality
CRUD APIs: These APIs enable you create, read, update and delete resources on a server.
Authentication APIs: These APIs enhance your application with authentication.
Notification APIs
Mapping APIs, etc.
Based on interface
RESTful APIs
SOAP APIs
GraphQL APIs
RPC APIs, etc
Based on data format
JSON APIs
XML APIs
Binary APIs
JSON
We have established that APIs serve as a means of communication between software applications. These APIs carry data that is requested for, from one application to another. It has also been mentioned that the structure of APIs differ, and it just depends on what the creator of the API sees as the best fit. The structure of an API describes several parameters such as the endpoints, request method, response format, authentication, etc. Among these structure parameters, let’s discuss the response format (also called data format).
The data format of an API describes how the data an API returns will be structured. There are different types of formats API data can be returned in e.g. JSON, XML, CSV etc. The most widely popular and adopted format would be the JavaScript Object Notation (JSON) format. Here’s why:
A reason why JSON largely is adopted when writing APIs is because APIs written in JSON are human-readable and machine-readable. This means that both humans and machines understand JSON when they come across it. As humans, we don’t need to decode or truncate data in JSON. This might seem like an easy feat, but consider the fact these APIs are written for machines to be able to communicate with each other but somehow we’re able to understand it. Thus, saving us an extra step of decoding when we want to use them.
API Security
This section will discuss the importance of API security and how organizations can ensure their API infrastructure is secure.
API security is the practice of protecting application programming interfaces (APIs) from unauthorized access, misuse, and attacks. It is critical for organizations to ensure API security because APIs can be used to have access to sensitive data, perform malicious actions, and act as an entry point for cyberattacks. There are several ways organizations can ensure their API infrastructure is secure:
Authentication and Authorization: APIs should have strong authentication and authorization mechanisms to prevent unauthorized access. In the library metaphor, a patron might be registered with the library, in which case he is offered a library card as a means of identification. He will present this card whenever he comes by. Being registered with the library determines the kind of requests he can make. In the same way, being authenticated with an API determines the kind of requests you can make. APIs can implement authentication using API keys, OAuth2, or JSON Web Tokens (JWTs).
Encryption: APIs should use encryption to protect data in transit and at rest. This can include using HTTPS, SSL/TLS, or other encryption protocols.
Rate Limiting: APIs should have rate limiting in place to prevent excessive usage and abuse. This can include setting API call limits based on IP addresses, users, or applications.
API Gateway: Organizations can use API gateways to provide an additional layer of security. An API gateway can act as a proxy server and perform functions such as authentication, authorization, rate limiting, and traffic management.
API Documentation: Organizations should provide clear and concise documentation for their APIs, including security requirements and best practices. This can help developers understand how to use the API securely and reduce the risk of vulnerabilities.
API Economy
API economy refers to the ecosystem of business models, tools, and services that have emerged around the use of APIs. APIs allow software systems to interact and share data with each other, creating new possibilities for revenue generation.
The API economy has created new business opportunities for organizations and developers in several ways:
New revenue streams: By exposing their data and services through APIs, companies can create new revenue streams by charging for access to their APIs or by monetizing the data generated through API usage.
Increased innovation: By providing access to their APIs, companies can encourage developers to create innovative applications and services that integrate with their platform, expanding the reach and functionality of their product.
Improved customer experience: APIs can help organizations create a seamless customer experience by allowing them to integrate their services with other platforms and applications that their customers use.
Enhanced partnerships and collaborations: APIs can facilitate partnerships and collaborations between organizations by enabling them to easily share data and services with each other.
Conclusion
APIs have brought about mad innovation in today’s world. Having a basic understanding of how it works will give an insight into how most technologies around us work. This article was not intended to dive deep into the technicalities of creating APIs because its target audiences are techies and none techies alike. As a techie, look around, what next product can you build with APIs? You don’t need to start from scratch. Odds are, whatever information you need, it is just an API call away. As a non-techie, you can use pre-built integrations. Many software platforms, such as marketing tools, customer relationship management systems, and accounting software, offer pre-built integrations with other tools and services through APIs. As a non-techie, you can take advantage of these integrations to streamline your workflows and automate tasks.