Mike_Nnenna

What is an API?

Mike-Ajanwachuku Nnenna's photo
Mike-Ajanwachuku Nnenna
·

6 min read

What is an API?

Photo by Fahim Muntashir on Unsplash

Table of contents

Introduction

As a non-techie or a newbie in the tech scene, you have probably heard the term API get tossed around a lot by software developers. If you are wondering what it means, I got you! This article explains what an API is and some examples of APIs.

What is an API?

The term API stands for Application Programming Interface. According to Wikipedia, an API is a connection between computers or computer programs. An API is a software intermediary (a middleman) that allows applications to interact with each other. In simple terms, it is a messenger that receives your requests to a provider, delivers those requests, and returns with a response or feedback.

For instance, you go to a restaurant and place an order through the waiter. The waiter (API) relays your order to the kitchen staff (the provider) and then returns with your meal (feedback) when it is ready.

illustration of how an API works

Image from selleo.com

How do APIs work?

APIs set the rules on how software programs interact with each other. They check the data on that software for compatibility with another.

Some real-life applications of APIs are:

  • Login

When you attempt to sign in to a website and you are given the option to sign in via Facebook or Google account. An API serves as a middleman between that website and whatever social account you choose. The API retrieves your details and connects both platforms.

  • Google Weather Snippets

    Ever searched for the weather data of a city on Google? You will see the current weather details of that city at the top of the search results

Image showing the weather data for Madrid, Spain on Google using weather API.jpg As seen at the bottom of the image, the source of this data is weather.com. A weather API received the request and sourced the information from a third party with a wider database and returned it with feedback (results).

  • Booking flight tickets

Say you want to book travel tickets through a travel agency. You fill in the necessary details and then the agency website gets information on available flight options from the airline. APIs are responsible for the exchange of information between the agency website and the airline the information was sourced from.

  • Google Maps

Using Google Maps, we can find new places, restaurants, imagery, and so on. The Google Maps API accounts for all that.

  • Entertainment

APIs help to access databases to get movies, music, lyrics, and so on.

  • E-Commerce

APIs provide features that enable you to pay for things you purchased online using different payment platforms (like PayPal) or debit card options by linking the shopping sites to the database of the platforms.

Types of APIs

There are APIs and web services. These terms are often thought to mean the same thing, but they are not. They have overlapping functions, but they mean different things. While APIs are software middlemen that send data back and forth between two applications, a web service is used to communicate from one machine to another.

The four main types of APIs are:

• Open APIs

• Internal APIs

• Partner APIs

• Composite APIs

Open APIs

Also known as Public APIs, open APIs are APIs that are publicly accessible to software developers. This means that these APIs are not restricted to the developers that created them. Any developer is free to use them. Open APIs are easily accessible on the internet. They are used by developers who need to gain access to certain features that ordinarily would take multiple lines of code to get.

Internal APIs

These are also known as private APIs. Unlike Open APIs, private APIs can only be used by the developers or the company that created them. This kind of API opens the backend data of a company only to developers within the company. Although the new application created using this API may be made public, the API used is not.

Partner APIs

These are used by partners in an organization. Usually, there is some form of agreement (which could be contractual) on the consumption of the API by the partners involved. They are not available to the public and one needs a pass or authorization – something to prove that you have a right to the API – to access it.

Composite APIs

This kind of API merges multiple requests to a server into one call. Rather than the API making multiple trips from the client to the server and back, the client makes a chain of requests, and the API returns with one response for all the requests.

An example is making an order using a shopping cart API. When adding things to your cart, one tends to make multiple requests like:

  1. Create a cart

  2. Add item to the cart

  3. Add another item to the cart

  4. Remove item from the cart

Using composite APIs in cases like this improves user experience

Securing APIs

APIs play important roles in digital connectivity today. They hold sensitive data for organizations and by design give outsiders access to your data, so they should be protected from cyber-attacks.

Some of the ways to secure APIs are:

  • Using an API key

An API key is a user’s unique authentication token. It is used to identify the user of the API. This ensures that only authorized users have access to the API.

  • Take inventories

Knowing how many APIs an organization has and how they work is the first step to protecting them. I mean, you can’t effectively secure all APIs if you do not know how many there are, right?

  • Only expose what is necessary

APIs say a lot about how your software applications work. So do not let everything be accessible to just anybody. The organization can also employ the Principle of Least Privilege which according to CSRC states that users and programs should only have access to necessary privileges to complete their tasks.

  • Identify risks

Another way to effectively secure APIs is to detect their vulnerabilities. To do that, security tests should be run over and over again.

Organizations could lose a lot to cyber attacks if their APIs are not protected. So, API protection should not be treated as a trivial matter.

Importance of APIs

Why are APIs important to developers?

  • To bring applications together to carry out a function built around the exchange of information. That is, to act as middlemen during the exchange of information.

  • They save time and cost and reduce coding errors.

  • Improve user experience.

  • Enhance innovation.

Final thoughts

APIs play vital roles in aiding connectivity. They connect applications to get information from external sources or third parties, without the user’s involvement. One of the characteristics of an API is that it should be reusable, either by just the creators or the public. It is important to provide the necessary security for your APIs because the information they possess makes them targets of cyber-attacks.

PS: There is so much more to securing APIs and I will be talking about that in my next article, so keep an eye out! ☺️

APIssoftware