APIs have been the topic of many tech conversations for quite a while now. In this guide, we look into what APIs are, and why they are so popular with so many companies today. But more importantly, we will explain step by step what API stands for and why organisations big and small rely on them worldwide. Then we will dive into the most common types of APIs based on their architecture and uses. Finally, we will look into the pros and cons of using an API in any given system and what strategies a company should employ when building and implementing an API. Enjoy!
What is an API?
So the first step in our APIs For Beginners guide is to establish what an API means. API stands for Application Programming Interface, where an application is a program designed for the users and interface is the means through which the user interacts with said application. Think about a website or a mobile application with which you interact via your computer, phone, touchpad, etc. The website is the application, while your computer is the interface. These two communicate with each other through programming, hence Application Programming Interface or API.
Basically, the API is the messenger between the user and the application. It delivers requests from the user to the servers and provides responses from the server to the user. Think about APIs as a vendor at a bakery. You, the user, want a loaf of bread from the bakery. So, you ask the vendor to provide you with a loaf of bread based on different requirements such as how big of a loaf, what kind of flour, sliced or whole, and so on. The vendor then goes into their storage, finds the bread you want, and brings it back to you.
Similarly, the API takes a request from the user and sends it to the servers. the servers search for your requirements and provide an answer which is then delivered back to you by the API.
Examples of simple APIs
One example of a simple API is the login APIs. Take for example the Asana app, which is a very well known task management system. When you open Asana, you are required to log in and you are given two options.
The first option is to log in with your Google account – the blue button. This uses a Google API which, when used, sends a request to the Google servers and verifies your identity via your Google credentials. In simple terms, if you are logged in into your Google account, the Google servers will confirm that you are indeed the owner of that account, and you are allowed to log in.
The second option is to log in via your email address, or your Asana account. For the login verification, Asana would have implemented their own API, performing the same function as the above mentioned Google API, only instead of sending the request to Google’s server, it sends it to Asana’s servers.
Other example of simple APIs is the Twitter API where one has access to write or read data which we can then incorporate in our app. Another popular API is Stripe which is used for payments in online eCommerce platforms. And of course, Google maps which used for showing position and directions. But the list could literally go on forever.
Basic architectures of APIs for beginners
The second step in our APIs For Beginners guide is understanding the different architectures APIs have and how are they different. There are many different types of APIs with different architectures out there. But the most common ones are referred to as RESTful and SOAP APIs. Both of their names come from the architectural style they use – REST which stands for Representational State Transfer or SOAP stands for Simple Object Access Protocol.
RESTful APIs break a request-response sequence into blocks that address each part of the process. This creates flexibility for the developers, as they are the ones defining the way the API works. But more importantly, it ensures faster performance, reliability, and stateless responses. However, while RESTfull APIs are easier to implement and use, they are limited as they need HTTP to work.
SOAP is an older technology than REST and is not as limited as REST as it is language, platform, transport-independent, and is more standardized than RESTful APIs. However, the learning curve for SOAP and SOAP APIs is steeper than with RESTful APIs and they are usually more expensive to implement.
Nevertheless, both have their benefits and downsides. So, at the end of the day, the choice between the two depends on what are your requirements, what environments you are working in, and of course what languages you use.
Types of APIs For Beginners
APIs For Beginners guide step four – what types of APIs are there and why? Both RESTfull and SOAP APIs, as well as any other kind of API usually is categorized into four types, based on their use. This includes Open APIs, Internal APIs, Partner APIs, and Composite APIs.
Open APIs, commonly referred to as public APIs are readily available for developers and come with little-to-no restrictions. While some might require registering before using them, many are open-source and free. A good example of such an open API is Google or Facebook Login APIs.
In contrast, Internal APIs are developed by a company for internal use only. This means that only people within the organization can access data via internal APIs, and the APIs are hidden from the public. These types of APIs are commonly used among both large and small corporations as they improve security, consistency in data as well as better communication and access control.
Partner APIs work similarly as open APIs, but they are far more restricted. So, while open APIs are free and readily available, Partner APIs are paid-for and only give access to specific users and specific services.
Finally, Composite APIs are a bit more complex and they are used to either access several endpoints in an API or connect several APIs with each other. For example, a shopping cart API is a composite API as it triggers several other APIs like Create User, Create Order, Change Order, and so on. Naturally, composite APIs can be both Open as well as Partner APIs. But they can never be Internal APIs.
API as a savior to Legacy systems
Probably the best example of how APIs are raising the bar is with legacy systems. Basically, a legacy system is an old system using outdated technology. In the past, moving away from a legacy system used to be costly, time-consuming, and more or less a nightmare. But now, legacy systems integrated with different APIs can also deliver great customer experiences without the owners spending a fortune on building a new system.
How, one may ask? This is possible through what is called encapsulation. Encapsulation is a strategy for binging old code with new code. In this process, an API is created in the app that enables the communication between old software and the new one. These help clear any initial impediments that would make it hard to upgrade a legacy system. For instance, creating an API layer between the database and an app is a problem in some legacy systems. However, with encapsulation, seamless integration becomes possible.
Pros of using an API
The three main advantages of using an API. First, using an API saves development time and money. Whether a company opts for public APIs, private APIs, or Partner APIs, the costs of implementing, monitoring, and maintaining an API are far less than building everything from scratch. No time and no funds wasted.
More importantly, APIs are more secure since it is harder – if not impossible in some cases – to hack or brute-force your way into. For example, using Google Login or Facebook Login APIs instead of creating the functionality for a platform from scratch means using a technology that uses Google’s or Facebook’s security measures. But also this is a technology that has been tested over and over again by millions of users. Why reinvent the wheel?
Cons of using an API
As always with any online application, security is an issue if compromised, because sensitive data is at a risk. Just think about the Facebook-Cambridge Analytica scandal a few years back. Second, any unforeseen sudden changes with the API can be crippling to those who are dependent on them. Think about the Google Login API. If that open API is the only way a user can access their account, when it fails, the user is locked out. However, a company can easily avoid this situation by offering multiple login options, such as Login with Google, or Login with your Email.
In addition, some APIs have poor documentation and sometimes no support. This means that when developers want to implement them, they might have a lot of issues. And with no support, there is no one there to help them through the process. So, before implementing and external API, companies and developers should make sure they have all the documentation they need and there is a support system in place.
Last but not least, the owner of an API might change their Terms and Conditions overnight. This means that whether they notify their users about this change or not, both the company’s data, as well as their users’ information, are at risk. So before using an external API, open API and Partner APIs included, it is highly recommended that the provider should be vetted in advance to minimize the risk of data breach.
How to ensure API Security
The final step in the APIs For Beginners guide is security. The two most important best practices in API security is authentification and authorization. In simple terms, authentification establishes an end user’s identity while authorization dictates which data that the user has access to via each API. Authentification is easily implemented through a TLS protocol, however, OpenID Connect or OAuth 2 are more reliable options. Authorization, on the other hand, comes from the APIs build. So, for example, a read-only API should only give access to limited read-only data.
Other recommended practices include using and SSL, which generates a random authentification token that hides the original credentials. Similarly, passwords should be hashed before being stored in the database. This way even if a system is breached, hashed passwords will at least minimize the damage. And of course, always validate request parameters. Always!
APIs are amazing tools that every company building a new web or mobile application, as well as companies with legacy systems or established platforms should consider. There is no simpler way to put it, APIs are great for everyone involved when used properly. For end-users, they simplify processes, and for companies implementing them, they save time and money on development.
Of course, where there are pros in using APIs, there are also cons, with the most prominent one being user data security and dependency. But there are ways around both, and as long as the API is well built, these issues should not occur. So, if you are building your own API, make it secure. If you are using an external API or a Partner API, make sure it comes from trusted providers.
That said, we hope our API for beginners guide helped you get a better understanding of what this technology is, what is used for, and why you should consider implementing it into your system. For more web trends and cool technologies, visit our Insight section.