What is an API?

Everyone, who has ever been involved in the process of development/launch of modern websites, web services and applications, has definitely heard the words “software interface” or API.

API is now used not only for interaction between various external systems or, for example, for writing extensions/add-ons for any service/CMS, but also for interaction between large logical blocks within a single software environment. What is the purpose of it? This is required for rapid performance scaling in niche sectors.

With an API-based (API First) architecture, each individual sample of a self-contained module can be run inside virtual containers (Kubernetes, Docker etc.). A container, correspondingly, should be outsourced to the most appropriate server platform for further maintenance.

Unlike classic “all-in-one” implementations, DevOps applications have virtually no limits in terms of bandwidth and performance. They can scale to vast audiences consisting of millions of users and are easily maintained “on the go” (without any must-have pauses).

What Is an API

API (abbreviation for Application Programming Interface) is a special interface (a set of commands/controls) that is designed for quick interaction between various programs.

The programs can be written in any programming language, work locally or remotely, on individual servers or in the cloud infrastructure. This doesn’t matter. The main thing is that API helps them “understand” each other and interact: exchange data, send/receive execution commands etc.

To make the API understandable for both parties, a single communication format (protocol) should be discussed in advance. That is why, APIs are documented in detail so that developers of other programs that are external to your interface, could take into account your data format and requests when working on the development of their software.

Samples of API Application

Actually, there are many API-based software products we use every day. Let’s have a look at the most remarkable samples now.

Weather Apps/Widgets

Weather-Apps

When you open any mobile app market and look for a handy weather widget there, you can come across thousands of different options. However, only 5-10 popular services, such as weather.com, Windy etc., are the most trusted data sources for displaying weather-related information. They provide the official API the developers of all these apps/widgets use. The experts only implement the external part – design/frontend – when creating their products.

Online Maps

Maps-API

Similarly to weather services, online maps are offered by only a few providers, the largest of which is Google. Maps display modes, however, their layout and additional features may notably vary in different third-party applications.

This is the result of working with layers and tags via maps API. Maps can be easily embedded into any website, web page, mobile application. Ready-made modules are available in almost any website builder.

Applications for Operating Systems

Applications working with system functions of operating systems cannot exist without API implementation. What’s important, this principle is the same for both Windows-based systems and for Linux distributions, Apple software products, Android systems etc.

There is an API for everything: for working with sound, graphics, authentication systems etc.

For example, Google Chrome browser, like many other browsers, uses the operating system encryption API to get your account passwords on different sites from a special storage.

Plugins/Modules for CMS

If the site engine works with extensions, it definitely has an API. Whether it is documented or not, this is another question. Although documentation is not required for open source programs, all relevant information can be found directly in the feature notes.

Availability of the open API for cloud website builders is a rarity. API is used mainly for creating extensions here. However, only a few market representatives provide the required infrastructure. For example, uCoz and Wix come with APIs.

API for managing external interfaces is another aspect worth consideration. The API-First model is initially applied in Headless CMS. Many popular platforms, however, have already implemented a similar approach. For example, WordPress, Drupal and Joomla have an API for connecting mobile or web applications.

Joomla-API

Web-API Types and Formats

When it comes to the approaches to designing the architecture of network applications, the following concepts can be distinguished:

REST

This is the abbreviation from REpresentational State Transfer. This is one of the most popular architectural styles for designing distributed web applications and services. The REST concept was introduced by R.Fielding in 2000 and implied a number of specific properties and restrictions (a mandatory client-server model, client conditions are not stored on the server, cached data should be marked in a special way, interfaces should be unified, there should be several layers in the system, but they must have a hierarchical structure, executable code is provided to clients in exceptional cases, for example, for JavaScript tags). If your API principles do not violate Fielding’s six mandatory restrictions, then the interface can be called RESTful.

Pros:
Cons:
REST-based systems are scalable (due to multiple layers and load balancers).
They feature high performance (client condition is not tracked, all requests are self-sufficient, it is possible to use ready-made caching systems).
It is easy to add new components and edit the existing ones (interfaces can “evolve” along with your application/service).
The data is transferred directly between applications, without the need for layers and wrappers.

The obtained data is frequently redundant. Accordingly, the amount of transmitted information is growing and additional work is required to make a proper selection.
The response structure is strictly defined by the server. This is the only possible option.
Debugging problems, since an error in the data exchange process may occur at different request points.
Strong adherence to the HTTP protocol.
There are no clear standards/specifications, only principles.

SOAP

The acronym has initially been formed from the abbreviation of words Simple Object Access Protocol. However, it is no longer deciphered in the final protocol version. The concept was introduced in 1998 as an XML-RPC extension, but the approach has further become independent. The main distinctions from the REST concept are the focus on web services and the use of structured messages (with a special markup).

Pros:
Cons:
SOAP is absolutely neutral. It can run over any existing Internet protocols (HTTP, SMTP, FTP etc.).
SOAP does not refer to HTTP responses. It easily switches and tunnels through any available communication channels.
The data is well structured, which notably simplifies the search and reading of the required info. It is easy to translate text data into different languages.
Error handling and debugging is well standardized. Generally, the entire standard has clear specifications as opposed to “general” REST principles.

Some of the most important functions that are implemented using the HTTP protocol must be deployed separately: caching and scaling at the server level, analysis of response codes (they do not refer to HTTP requests at all).
The obtained data requires parseling – it should be read and converted into separate data sets based on the existing markup (a special parsing module is required, which results in the increased level of calculation resource consumption).

The following concepts should also be mentioned in terms of a more specific implementation, which is quite popular in contemporary web development:

GraphQL

This is a kind of API Gateway, that is, an API request router inside large information systems and complex service bundles. Special API servers are used as a single entry point and broadcast requests to the desired nodes/applications inside.

Pros:
Cons:
GraphQL is not related to data transfer protocols. You can use any of them.
All requests are directed to one place, where they are routed to the correct node. Thus, it is easy to unite a set of disparate applications and services into a single system.
It is possible to write field descriptions directly in the code. Automatic API documentation can be generated based on these descriptions.
A ready-made IDE system is provided (there is syntax highlighting, history keeping, typing prompts etc.).
The structure and format of the transmitted data can be defined by clients.
You get a distinctive answer to a certain inquiry instead of a data set that requires further parsing.
It is more difficult to use the HTTP caching system.
GraphQL application can complicate certain task types.
If the request architecture is not designed correctly, The load on your server can notably increase in case of incorrect inquiry architecture processing.
GraphQL schemes do not imply dynamic features.

API architecture options are not limited to types only. Programming interfaces can be divided by markup syntax. For example, the RESTful concept allows working with any data format. These generally include:

  • XML,
  • YAML,
  • JSON etc.

From the point of view of the data access type, APIs are closed (that is, without access to external systems) and public/open (interfaces with access from external networks).

API and Security

Availability of the external open interface potentially subjects the program to risk. This, however, does not mean that the program becomes available for scammers. On the contrary, the API ensures opportunity of interaction without the need to display the program source code. All clients and users will only have access to the info you provide in the API documentation. The rest remains unavailable. It will be impossible to find out the details about your program and its functioning/application.

To secure open APIs, the developers frequently use API keys. These are tokens/signatures, which are issued to clients making API calls for their identification while data exchange during sessions.

The program that receives the request, gets the key, checks its validity, correlates it with a certain client and only then allows for API access.

In the most secure implementations, a user ID that came along with the API key, can be a signal for choosing an encryption key, which is the basis for the entire session with a certain client.

In this case, a single API token is not enough. You will require asymmetric encryption keys the exchange will not take place without, since you will receive unreadable sets of bits and bytes.

Advantages of API Application for Developers

  • It is much easier to scale a service or application to handle high loads.
  • API makes it possible to exchange data both with external and internal applications (plugins, extensions, complex modules etc.).
  • Development of a large project can be carried out by several teams at a time – each of them will have its own platform and tools (programming language, frameworks etc.).
  • You can clearly outline business logic, databases and interfaces. It is possible to use web pages, mobile or universal applications, IoT interfaces etc. as a frontend.
  • APIs can evolve along with your product.

General API Disadvantages

  • High labor costs for implementation.
  • Complex service/application architecture.
  • The key data sets for the main module APIs should be the first to develop (when there are no modules yet). It will be difficult to fix serious logical errors made at this stage afterwards.
  • Open (public) APIs require reliable anti-fraud protection.
  • Small projects generally imply excessive consumption of server resources (as compared to “monolithic” projects).
  • Insufficient supply of ready-made implementations. The API is only available in the most advanced/popular CMS systems (+frameworks).
  • Anyway, API is a tool for professionals.

Verdict

API is a software interface of an application or web service that is used for robots (other programs and information systems). Information exchange is completed in a strictly specified format, which lets systems with absolutely incompatible configurations (written in different programming languages, located locally or remotely etc.) interact with each other.

API application additionally allows splitting large and complex information systems into independent components and working with them separately (by different teams on different platforms). Such products are easier to scale unlike monolithic systems created on the basis of a single script (within a single platform).

Alongside, API will be needed for certain project categories only – usually complex and high-load ones. When it comes to smaller niche tasks, it is much easier to go without software interfaces, giving preference to classic monolithic systems.

Howard

About the Author

I'm Howard Steele, the founder and editor-in-chief of this website. With over 10 years of web building I know how complicated and tiresome this task can be for a non-IT person. Can’t decide which service to choose? Feel free to ask me for advice. Just describe your website needs, and I’ll gladly help you.

» Helpful Tips » What is an API?