All About APIs

What is API?

API stands for Application Programming Interface. It is a set of defined rules that enable different applications to communicate with each other. APIs are an accessible way to extract and share data within and across organizations. APIs are all around us. Every time you use a rideshare app, send a mobile payment or change the thermostat temperature from your phone, you’re using an API.

How do APIs work?

The working principle of an API is commonly expressed through the request-response communication between a client and a server. The client is any front-end application that a user interacts with. The server is in charge of backend logic and database operations. In this scenario, an API works as a middle layer between the client and the server, making it possible to send data requests and responses.

Type of APIs

APIs are grouped into four types that are often used in web-based applications:

  • Public APIs are open-source application programming interfaces that developers can access using the HTTP protocol. Also known as open APIs, they have specified API endpoints and request and response forms. Authentication and authorization are generally minimal in public APIs.

  • Partner APIs are made available to or provided by strategic business partners. They facilitate business-to-business interactions only available to explicitly selected and approved outside developers or API users. As a result, partner APIs often provide enhanced authentication, authorization, and security protocols.

  • Internal APIs are solely meant for usage within the corporation to link systems and data. For example, an internal API can connect an organization's payroll and HR systems. These private APIs are not visible to external users and generally feature low security and authentication protocols.

  • Composite APIs integrate two or more data or service APIs to provide a sequence of connected or interdependent processes. These services enable developers to use a single call to reach several endpoints, which helps address complicated or closely linked API behaviors.

API protocols

As the use of web APIs has increased, certain protocols have been developed to provide users with a set of defined rules, or API specifications, that create accepted data types, commands and syntax. In effect, these API protocols facilitate standardized information exchange.

API protocols are grouped into four types that are SOAP, XML-RPC, JSON-RPC, REST

Simple object access protocol (SOAP) is an API development protocol developed to bring stability and consistency to the data transfer process across applications built using diverse programming languages, tools, and environments.

Representational state transfer (REST) aims to address SOAP's shortcomings and provide a more user-friendly manner of accessing online services. REST is a form of architectural pattern frequently used in building modern web-based applications.

SOAP vs REST

SOAPREST
SOAP stands for Simple Object Access ProtocolREST stands for Representational State Transfer
SOAP cannot make use of REST since SOAP is a protocol and REST is an architectural pattern.REST can make use of SOAP as the underlying protocol for web services because, in the end, it is just an architectural pattern.
SOAP uses service interfaces to expose its functionality to client applications.REST uses Uniform Service locators to access the components on the hardware device.
SOAP can only work with XML format. As seen from SOAP messages, all data passed is in XML format.REST permits different data formats such as Plain text, HTML, XML, JSON, etc. But the most preferred format for transferring data is JSON.
Highly structured/typedLess structured -> less bulky data
Designed with large enterprise applications in mindDesigned with mobile devices in mind

API Consists of Following

  1. An Endpoint: An API endpoint is a point at which an API the code that allows two software programs to communicate with each other connects with the software program. APIs work by sending requests for information from a web application or web server and receiving a response.

  2. A Method: In API Gateway, an API method embodies a method request and a method response. You set up an API method to define what a client should or must do to submit a request to access the service at the backend and to define the responses that the client receives in return.

  3. Header: API headers are like an extra source of information for each API call you make. Their job is to represent the meta-data associated with an API request and response. If you ever encounter issues with an API, the first place you should look is the headers, since they can help you track down any potential issues.

  4. Body: A request body is data sent by the client to your API. A response body is the data your API sends to the client. Your API almost always has to send a response body. But clients don't necessarily need to send request bodies all the time.

  5. Parameter: Parameters define variable elements of a URL path, query parameters, headers, or a request body. You can create parameters for Paths and Path operations in your API definition. Parameters define variable elements of a URL path, query parameters, headers, or a request body.

  6. Status code: Status and error codes refer to a code number in the response header that indicates the general classification of the response — for example, whether the request was successful (200), resulted in a server error (500), had authorization issues (403), and so on.

API Methods

  • GET: For requesting data.

  • POST: For feeding data in the database.

  • PUT: For updating the data in the database. It will overwrite the data if data is already present in the database.

  • PATCH: For updating the data in the database. It will add additional data in existing content.

  • DELETE: For deleting the data present in the database.

Best Practices for Securing APIs

  • HTTPS: Always choose HTTPS. That is achieved by using SSL (Secure Sockets Layer). Its installation establishes authenticated and encrypted connections between the browser and the client.

  • Never use API key in URL: If you are using an API key, never expose it on the URL. This applies to any passwords, usernames, and session tokens as well. Neither of them should be displayed in the parameters of the API.

  • Password Hash: Always hash all passwords. You can imagine it as a key owned by students who want to unlock the knowledge that the pigeons deliver from the librarians. However, the key is magical and scrambled into a spoon so that nobody knows it is a key.

  • O Auth: When possible, use OAuth (Open Authorization). This is a standard for the authorization of resources. OAuth is used to authorize and authenticate the users while the API key is used to authenticate and use the applications.