An API (Application Programming Interface) is a medium by which information is shared between different software applications.
Modern APIs are usually based on developer-friendly, accessible, and broadly understood standards.
APIs provide a convenient way for different apps to communicate with each other; APIs are ubiquitously used today. Whether you browse your favourite social media platform or track your activity using a fitness app, you’re probably using an API without even realising it.
A Brief History of APIs
Wilkes and Wheeler are popularly credited with creating the first API in the 1950s. It took the form of a modular software library for an early computer called EDSAC. It consisted of subroutines on physical punch cards and was organised within a filing cabinet.
The concept of what an API is, and could be, continues to evolve with the advent of new technology. In the 1960s and 70s, APIs began to be used in various data structures and were introduced to the field of databases. APIs became a valuable tool for developers to navigate the idiosyncrasies of communicating between various hardware, software, and data storage mechanisms.
By the late 80s, APIs were widely used and supported across most programming disciplines. As various types of networks became more widely used, APIs became a popular mechanism for executing remote procedures. Web APIs also started being used.
In the 90s, APIs underwent another evolution with the dawn of the internet. Standards like CORBA, COM, and DCOM competed to become the most common way to expose API services.
The 2000s is when APIs, particularly web APIs, really started taking off, especially with creating the representational state transfer (REST) API. Both Salesforce and eBay launched their APIs in 2000, while Amazon followed suit in 2002.
Types of APIs
Today, the term API is mainly used for web APIs as they are the most common. However, the idea of an API precedes the web, and there are many different types of lesser-known APIs.
We’ll cover five of the most common types of APIs today. However, there are also hardware APIs.
Web APIs are APIs that can be accessed utilising HTTP protocols. Web browsers can communicate through these APIs via a web server or a web browser.
There are various web APIs, including Open, Partner & Internal.
These are widely known as public or external APIs; they are freely available and can be universally accessed. Some Open APIs are completely open, while others require some form of authentication, such as an API Key or OAuth, to limit access to registered users.
One of the many benefits of an Open API is that it easily allows sharing of data across the web.
Integration between developers and external businesses can benefit both parties using Open APIs.
Third-party companies can quickly leverage the data they require because of the limited restrictions and easy implementation policy of an Open API.
Facebook is a famous example. Using Open APIs, Facebook gives users the ability to simultaneously post something on their news feed and on their Twitter timeline.
APIs are used to facilitate communication between strategic business or operating partners. They are not open to the public, and only the entitled parties have access to them.
Often controlled via gateways, these APIs have limited access and are usually associated with paid services or subscriptions.
These APIs provide greater control over what is shared and can be more secure than public APIs, with access given only to clients and customers. Often, this type of API is aimed at developers and requires an onboarding process.
Internal or Private APIs
These types of API are used only for communication between different systems within a specific network or organisation.
An internal API enables developers to access a company’s stack and application functionality. Internal development teams typically use it for better productivity and reuse of services.
A composite API can consist of multiple data or service APIs rolled into one. In most cases, they are custom-built for an ecosystem of interconnected services using an API orchestration tool. They are commonly used for improved speed and efficiency in microservice architectures where many different applications work together.
Different Types of API Architectures and Protocols
An API architecture is a technical framework for developing a software interface that exposes backend data and application functionality in external applications. Simply put, it describes the rules and constraints for using a specific API for developers.
This includes the valid data types, how traffic is controlled, authentication policies, business logic, etc.
Different API products or services can be built using the same architecture.
With that in mind, here are some of the most impactful API architectures in use today:
A REST API is based on the state transfer (REST) architectural style and uses HTTP requests to access and use data.
An API that adheres to REST constraints is called RESTful. A RESTful API is composed of a payload formatted in HTML, JSON, or XML format.
The majority of web APIs today are built on REST. RESTful APIs are popular because they are easy to understand and use and are largely uniform.
Another feature of a RESTful API is statelessness, which means that client information isn’t stored between requests. Or in other words, the server doesn’t remember previous interactions with the client.
A REST API is a layered system. This means that the client can communicate with a single component at a given time. This feature provides developers with the opportunity to modify components easily.
How Does a REST API Work?
REST APIs work using a URL containing parameters that request data, which is then delivered.
REST uses native HTTP capabilities, such as GET, PUT, POST and DELETE requests.
Here’s a list of what it asks for:
- GET is a data fetching request.
- PUT is a request to change the data by inserting a new record or updating an existing one.
- POST sends data to the server to update a resource with new data.
- DELETE sends a command to remove a specific resource.
What Are RESTful APIs used for?
RESTful APIs are most commonly used to establish communication between an endpoint and a resource. Examples of an endpoint can be a mobile app, website, or cloud portal. A resource is typically a server hosting a database.
So, for example, let’s say a user fills in a form on a website to create a profile. In the front-end code, the website can send the new user information to the resource using a POST request. The resource will take the user data and create a new entry in the “users” database.
Similarly, when a user logs in, a GET request can be used to get the registered user’s information and display it on their profile page.
REST API Features
RESTful APIs all share the following characteristics:
- Client-server separation
- Uniform interface
- Layered system
SOAP (Simple Object Access Protocol) is a messaging protocol for interchanging data in a decentralised and distributed environment. The SOAP API is widely used in web services and uses the XML file format. It’s an official protocol maintained by the World Wide Web Consortium (W3C).
Like REST, SOAP also uses HTTP to transfer information over the web.
The SOAP payload structure consists of:
- An envelope that acts as the root element and contains all the below
- A header composed of optional information and verification protocols
- A body that contains data in XML format
- Faults (if any) from the client-side or the server-side
Some of the advantages of using SOAP include:
- SOAP APIs tend to be more secure than RESTful APIs because they strictly control how to send messages
- SOAP has retry logic that provides end-to-end reliability
- SOAP has WS-security built-in
- SOAP is ACID-compliant
However, the one disadvantage of SOAP is that the underlying rules are somewhat inflexible. This makes SOAP APIs more code-heavy and complex.
The RPC (Remote Procedural Call) protocol was the first type of API-like interaction and is still the simplest. Unlike REST, which is resource-oriented, RPC is action-oriented. This means it’s mainly used to execute code on a server remotely.
As such, the RPC protocol only supports GET and POST requests. That’s why RPC calls are also called subroutine or function calls.
RPC APIs are simple to use for both local and remote applications with a decent level of abstraction. The payloads are also typically lightweight, which is good for performance.
The RPC is, in fact, an abstraction which enables both local and remote application communication. The payloads are also typically lightweight, which is good for performance.
gRPC, or Google Remote Procedure Call, is a modern version of RPC. It’s an open-source architecture designed by Google to deliver high-speed communication within a microservice infrastructure. Unlike RPC, it allows developers to integrate services developed using different programming languages more easily.
Benefits of APIs
Application programming interfaces can benefit organisations in multiple ways, helping them increase their competitiveness.
- Ease of integration: APIs make it easier to integrate various applications or services with each other. This makes it faster, easier, and cheaper to leverage third-party systems to improve your own
- Automation: Because APIs standardise communication, they can be used to automate otherwise manual tasks. Automation is generally more scalable, efficient, and time-saving
- Enhanced customer experiences: You can seamlessly integrate top third-party services in your user applications through APIs. This allows you to deliver more and better features and improve the speed of delivery
- Flexibility and scalability: Using APIs, it’s generally easy to change, adapt, or remove services from your applications without significant disruptions
- Personalisation: Personalisation is vital for engaging users, converting customers, and CRM. Using APIs, it’s easy to deliver personalised experiences by tailoring content and services
- Explore revenue streams: Connecting services through APIs opens doors for more easily partnering with other businesses and unlocking new opportunities to service customers’ needs
Drawbacks of APIs
While APIs are backed by fantastic potential, there are potential risks to using them as well:
- Security risks: APIs complicate your security perimeter and adds potential attack layers or points of failure
- Dependencies: In some way, you are counting on the availability, reliability, security, and accountability of the service you are integrating with
- Cost: Some API services are paid-for products. If you don’t carefully consider the price, it could lead to significant expenses, especially for pay-as-you-use services.
Examples of APIs
Although you may not realise it, you probably already use or interact with many APIs daily. Typical APIs that you will encounter today are:
- Login using XYZ: This is when you’re asked to log in to a server using an existing account—for example, your Google or Facebook profile
- Weather snippets: Weather widgets on your desktop or mobile typically request data from various weather services
- Pay with PayPal: Websites that accept PayPal payments do so through a PayPal API
- Google Maps: Aside from actually using Google Maps, the Maps API allows developers to use it for other purposes in user apps or services
- Booking sites: Hotel or travel booking sites typically request data from third parties (such as airlines) using API calls
APIs, and our understanding of them, have continued to evolve in lock-step with the dominant technologies of the day.