Unsung Heros of Interconnected world - APIs

Posted by Munish Mehta on Mon, May 29, 2023

In this series of article i would be explaining what is an API and what are the uses. How is it useful and what are the types of APIs. In other parts of the series i would be discussing other aspects of API such as authenication and authorization, securing API, data validation, rate limiting and throttling, error handling and logging, secure storage solutions, least previlages prinicples, security testing, regular updates and patching and api documentation and education.

(source: www.akana.com)

Demystifying API

In the ever-evolving digital landscape, where interconnectedness and seamless integration reign supreme, APIs (Application Programming Interfaces) have emerged as the unsung heroes behind the scenes. These ingenious lines of code serve as the gateway to a world of limitless possibilities, enabling different software systems to communicate, share data, and collaborate effortlessly. From powering the apps on your smartphone to revolutionizing industries across the globe, APIs have become the invisible threads that weave our digital experiences together.

What is an API - Definition

An API is a connection between computers or between computer programs. It is a type of software interface, offering a service to other pieces of software. (source: wikipedia)

Understanding the meaning of API

The Definition may not make the meaning absolutely clear what exactly is an API. Lets try to understand what exactly API may mean. The first example would be a real world example while second would suit more someone who is familiar with programming.

Travel agency

Let’s consider a travel analogy to explain APIs in layman’s terms. Imagine you’re planning a vacation and you want to book a flight. You visit a travel website or app and enter your travel details like the departure city, destination, and dates. Behind the scenes, the travel website interacts with various airline APIs.

Think of these APIs as travel agents who have access to the airlines' systems. The website sends your travel details to the airline APIs, and they retrieve information about available flights, prices, and schedules from the airlines' databases. The APIs then gather all the relevant options and send them back to the travel website.

Now, you see a list of flights with different prices and timings on the website. When you select a flight and proceed to book it, the travel website once again uses the API to communicate with the airline, providing your booking details. The API confirms the reservation, reserves your seat, and sends back a confirmation number that you receive on the website.


In this scenario, the travel website acts as a middleman, using APIs to connect and communicate with multiple airlines, retrieving information, and facilitating the booking process. Without APIs, you would have to individually visit each airline’s website, search for flights, compare prices, and manually make bookings—a time-consuming and cumbersome process. APIs make it easier for you to access and interact with multiple airline systems through a single platform, streamlining the entire travel booking experience.

The function or method as an API

Let’s consider a function. This function may expect two parameters, first being string type and other is integer type and the function may return a type of float. In order to get an output from this function, the callee has to confirm to input of same type and should receive an output of return type and store in compatible float type of variable. Otherwise the call would have error out. Therefore, function input parameters and output parameters can be considered equivalent to service signatures or contract. This contract is offered to anyone who is expecting output from this function. This contract between services is APIs.


What are the Use cases of APIs and where they are used?

APIs (Application Programming Interfaces) are used across various industries and applications. Some common use cases and industries where APIs are widely utilized:

  1. Social Media: Social media platforms like Facebook, Twitter, and Instagram provide APIs that allow developers to integrate their applications with these platforms. This enables functionalities such as sharing content, retrieving user data, and posting updates.
  2. E-commerce: APIs are extensively used in the e-commerce industry for tasks such as product catalog management, payment processing, inventory management, and order fulfillment. Popular e-commerce platforms like Shopify and WooCommerce offer APIs for developers to build custom integrations and extend their functionality.
  3. Mapping and Geolocation: APIs like Google Maps and Mapbox provide geolocation services, mapping functionality, and route planning capabilities. These APIs are commonly used in ride-sharing apps, food delivery services, and location-based services.
  4. Payment Gateways: Payment gateways like PayPal, Stripe, and Braintree offer APIs that enable secure and seamless online transactions. These APIs are used in e-commerce platforms, mobile payment apps, and other digital payment systems.
  5. Weather and Forecasting: Weather APIs, such as those provided by OpenWeatherMap or The Weather Channel, offer access to real-time weather data, forecasts, and historical weather information. These APIs are used in weather apps, travel planning tools, and agricultural applications.
  6. Communication and Messaging: APIs like Twilio and Nexmo provide SMS, voice, and video communication capabilities. They are used in applications for sending notifications, verifying users' phone numbers, and enabling voice or video calls.
  7. Travel and Hospitality: APIs offered by travel aggregators, airlines, and hotel booking platforms allow developers to integrate travel-related services. These APIs provide access to flight information, hotel availability, pricing, and booking functionalities.
  8. Financial Services: Financial institutions and fintech companies utilize APIs for tasks such as accessing account information, initiating transactions, and integrating with payment systems. APIs like Plaid and Open Banking APIs enable secure data exchange between financial institutions and third-party applications.
  9. Healthcare: APIs are used in healthcare for interoperability between different systems, enabling secure sharing of patient data, appointment scheduling, accessing electronic health records, and integrating with telemedicine platforms.
  10. Internet of Things (IoT): APIs play a crucial role in connecting and controlling IoT devices. They facilitate communication between devices, sensors, and platforms, enabling data collection, remote monitoring, and control of IoT systems.

These are just a few examples, as APIs have diverse use cases across industries such as transportation, education, entertainment, energy management, and more. APIs provide a means to integrate, extend, and leverage the functionality of existing systems and services, making them invaluable tools in the digital world.

Types of APIs

There are several types of APIs, each serving different purposes and catering to specific requirements. Some common types of APIs:

  1. Web APIs: Web APIs, also known as HTTP APIs or REST APIs, are the most prevalent type of APIs. They enable communication and data exchange over the internet using standard web protocols such as HTTP. Web APIs are typically accessed via URLs and return data in formats like JSON or XML. They are widely used for building web applications, mobile apps, and integrating with various online services.
  2. SOAP APIs: Simple Object Access Protocol (SOAP) APIs are a type of web service API that use the SOAP protocol for communication. SOAP APIs are based on XML and provide a more structured and standardized way of exchanging data between applications. They are commonly used in enterprise systems and environments where strong data typing and formal contracts are required.
  3. GraphQL APIs: GraphQL APIs provide a flexible and efficient way of querying and manipulating data. With GraphQL, clients can specify the exact data requirements they need, and the API responds with precisely that data. This approach minimizes over-fetching or under-fetching of data and allows clients to retrieve multiple resources in a single request. GraphQL APIs are popular for building modern applications and are often used alongside traditional REST APIs.
  4. Real-time APIs: Real-time APIs facilitate instant data updates and bi-directional communication between clients and servers. These APIs are crucial for applications that require real-time features, such as chat applications, collaborative tools, or live streaming platforms. Technologies like WebSockets and Server-Sent Events (SSE) are commonly used to implement real-time APIs.
  5. Library or Framework APIs: Library or Framework APIs provide a set of pre-built functions and tools that developers can use to build applications within a specific programming language or framework. These APIs offer ready-made solutions and abstract complex functionalities, making development faster and more efficient. Examples include the Standard Library APIs in programming languages like Python or JavaScript, or APIs specific to frameworks like React or Django.
  6. Platform APIs: Platform APIs are APIs provided by platforms or services that offer specific functionalities or resources. Examples include social media platform APIs like the Facebook Graph API, cloud service APIs like Amazon Web Services (AWS) API, or payment gateway APIs like PayPal API. Platform APIs allow developers to integrate their applications with these platforms and leverage their features and services.
  7. Internal APIs: Internal APIs, also known as private or enterprise APIs, are designed for internal use within an organization. These APIs enable different software systems or modules within the organization to communicate and share data securely. Internal APIs facilitate system integration, streamline business processes, and improve efficiency within an organization.

These are just a few examples of the types of APIs available. APIs can be further categorized based on their purpose, functionality, and the technologies used to implement them. The choice of API type depends on the specific requirements of the application or system being developed.

In further articles of this series i would focus attention to REST Apis as they are most common ways to develop applications these days.

How to develop an API

Developing an API involves several steps to ensure its functionality, security, and usability. A general outline of the process of developing an API:

  1. Identify the Purpose and Requirements: Determine the purpose of your API and what functionalities it needs to provide. Define the specific requirements, such as the data to be accessed, the operations to be performed, and the expected behavior of the API.
  2. Design the API: Create a design for your API, including the endpoints, data structures, request/response formats, and authentication/authorization mechanisms. Consider using industry-standard design principles and patterns, such as RESTful design principles for web APIs.
  3. Choose the Technology Stack: Select the appropriate programming language, framework, and tools for implementing your API. Consider factors such as the platform it will run on, the scalability requirements, and the existing technology ecosystem in your organization.
  4. Implement the API: Develop the API endpoints, data models, and business logic based on the design. Use the chosen programming language and framework to write the code for handling incoming requests, performing operations, and generating appropriate responses.
  5. Implement Data Persistence: If your API needs to interact with a database or external data sources, implement the necessary data access layer to retrieve, update, or delete data as required.
  6. Handle Authentication and Authorization: Depending on the sensitivity of the data and the intended users of your API, implement appropriate authentication and authorization mechanisms. Common methods include API keys, OAuth, or token-based authentication.
  7. Ensure Security: Implement security measures to protect the API against common threats, such as input validation, parameter sanitization, rate limiting, and encryption of sensitive data.
  8. Test the API: Thoroughly test your API to ensure it functions as intended and handles various scenarios gracefully. Test input validation, error handling, edge cases, and performance under different loads. Consider using automated testing tools and frameworks.
  9. Document the API: Create comprehensive documentation that explains how to use the API, including the available endpoints, request/response formats, authentication requirements, and example use cases. Clear and up-to-date documentation is essential for developers who will be integrating with your API.
  10. Publish and Deploy the API: Deploy your API to a production environment or a cloud platform to make it accessible to external users or developers. Consider versioning your API to maintain compatibility and allow for future updates without breaking existing integrations.
  11. Monitor and Maintain the API: Continuously monitor the usage and performance of your API, identifying and addressing any issues or bottlenecks. Gather feedback from users and make necessary improvements based on their needs and suggestions.

Developing an API is an iterative process, and it may require updates and enhancements over time as requirements evolve. Regularly review and update your API to ensure it remains secure, efficient, and aligned with the needs of your users.

Closing Comments

In the upcoming parts of series, i would embark on a journey to unravel the fascinating world of APIs, exploring their significance, their transformative potential, and the countless ways in which they shape the way we interact with technology. So fasten your seatbelts and prepare to discover the extraordinary power hidden beneath these three seemingly innocuous letters API in my upcoming article series. The focus will be on how to develop and secure API.

comments powered by Disqus