As the world is moving towards distributed systems, and also with the rise of ubiquitous networking, there is a need for sharing data, resources or even softwares across different applications, without compromising privacy and also maintaining a layer of abstraction which makes them universally understandable and easy to use, which is exactly what an API provides us. Well, that was a lot of tech jargon! Let's try to understand.
What is an API?
If one were to google 'What is an API?', you'll most probably get something of the sort:
"API stands for Application Programming Interface, which is a software intermediary that allows two applications to talk to each other."
It is actually as simple as that.
An API is a software which can be used by other softwares, to communicate with other softwares or even hardwares. It acts as a bridge between different softwares and devices.
How does an API work?
Say, If you were to build a software application for banking and your friend has already deployed a calculator application for calculating simple interest and compound interest, you probably wouldn't write the whole code from scratch, you would re-use the pre-existing external software components so as to prevent re-inventing the wheel and make your life as a developer easier.
But what if your friend is not willing to share his application's source code with you, as he doesn't want to compromise the security of his code or what if your friend's app uses some technology which you are not familiar with, how would you be able to use it in your own application?
The solution is for your friend to make an Application Programming Interface or an API and give its endpoint to you. Using this endpoint you can make API calls, which would help the two applications in communicating easily.
Now what is an endpoint? An endpoint is a simple URL through which you can use an API (or a Web API).
Your friend may create the following endpoints for you to use:
You would have to use HTTP methods like GET, POST, PUT, DELETE, etc to make use of the endpoint.
This way, your friend's source code remains private, and you can also make use of it in your own app regardless of the technologies used in both the softwares.
This also provides a layer of abstraction to the user of the API, as the user doesn't need to know the internal implementation of the code.
Let's take the example of an elevator for this.
Think of an elevator as a software component for a while. Its API would include information about what it can do, like go up, go down, open the doors, etc. It would also include information or an API Documentation about how you could make it do those things. For instance, if you're on the ground floor and want to go up to the fourth floor, you would just push the button for the fourth floor.
The API provides a layer of abstraction and doesn’t have to explain what happens in the internals of an elevator. That’s why, if you know how to operate a geared elevator, you can easily operate a hydraulic elevator without having to learn a whole new set of skills, and I'm quite sure you wouldn't even know the difference between the two.
High Level Programming languages also have APIs which provide abstraction, like Collections in Java and STL in C++, because of which the developer doesn't need to implement some of the basic components like Lists, Linked Lists, HashMaps etc. from scratch and they are also easy to use and manipulate.
Privacy and Authentication
Now, there is another security problem. Anyone on the internet with the API endpoint can access your friend's application. This can be problematic if you are sending some data and resources which are private or only authorised personnel can view or use, or if there are some high number of computations taking place in your application to produce the results, you would naturally want to reduce the number of hits on your API, to limit the system usage. This requirement is fulfilled by integrating an authentication mechanism, such as adding a secret key or a token.
What happens in this is, the users of the API need to register themselves on the owner's platform (generally for a developer account), after which they'll be provided with a secret key, which the user would have to send every time they're making a request at the endpoint. This reduces the number of unauthorised requests and also helps the owner of the API to know who all are using their services, and this model can also be used to create paid or subscription based plans to monetize the APIs. A good example would be Twitter's API, which has free and premium plans based on how many requests the users can make.
Generally, API gateways, which are a part of API management tools, are used to intercept all incoming requests, and manage all the authentication, rate limiting, billing and analytics. API gateways provide a single point of entry to your applications, which bundle or encapsulate the internal software architecture and also help in providing APIs tailored to different clients.
Types of Web APIs
Web APIs are APIs that can be accessed using the HTTP protocol. It can be categorized on the basis of who all can view and use it as follows:
- Open/Public APIs: These are available to the developers or the external users with minimal restrictions. Example is Twitter API.
- Internal APIs: These are used within an organization to exchange data and resources, and are hidden from any external user.
- Partner APIs: These are similar to Public APIs, but these feature restricted access, meant for business partners. These are very common in Software as a service (SaaS) ecosystems. Example is the Shopify API which enables their partners to access the data present in their partner dashboard, programmatically.
Types of Web API Architectures and Protocols
Different use cases call for different implementations and architectures. This also means different accepted data types and commands. Following are some of the most used architectures and protocols to construct an API:
- REST (Representational State Transfer): is a sought after web API architecture. To be a REST API, an API must adhere to certain architectural constraints, like Client-Server Architecture, Statelessness, Cachebility, Layered System, etc. These are primarily used to access and work with data, and requires minimum bandwidth. It supports multiple formats such as JSON, XML, HTML, YAML and plain text.
- SOAP (simple object access protocol): is a well established web API protocol, which uses XML as the message format to transfer data. Its main function is to define the structure of the messages and methods of communication. These are driven by functionality rather than data and require more bandwidth than REST architecture. It supports only one message format - XML.
- JSON and XML RPC: An RPC is a remote procedural call protocol. They are the simplest and oldest types of APIs. The RPC was developed for the client to execute code on a server. JSON-RPC used JSON to encode its calls, while XML-RPC used XML for the encoding.
Most of the software industry uses REST APIs, then comes SOAP, whereas RPC is used very rarely.
Need and Uses of API in the real world
As we have already discussed earlier, APIs make software development easier and faster. The complexity in including or building on new features is reduced because of the abstraction that an API provides, and also the data and resources can be used easily across applications.
Smart Devices and Automation
Nowadays, a lot of smart hardware devices or IoT (Internet of Things) devices are coming into the market to automate or give useful insights to the user, like Amazon's Alexa enabled devices and speakers or even fitness bands like FitBit. These devices also use APIs to communicate and interact with their servers where they can store the data and process it to build wonderful insights.
Create New Services and Applications
Several companies like Spotify and Twitter provide their APIs to developers, which can be used to create different applications, like Obscurify.com which uses Spotify API to view the usage data and compare it with different users to determine how obscure your music taste is in a particular region.
You might have also seen how you can Sign Up on different sites using Google or Facebook, this is also possible because of APIs!
Communication in Distributed Systems
As the applications keep getting bigger in terms of both the number of users and the code complexity, different approaches are taken to scale up the applications, like creating a distributed system, which is a system having it's different components located or "distributed" on different machines, which can communicate and coordinate with each other, while giving the illusion of appearing as a single coherent system to the end-user. For communication between these distributed systems, APIs are used.
In a client-server architecture, server handles the business logic by interacting with the databases and processing the data, whereas the client handles how to visually represent that data. APIs are used to bridge the communication gap between these two. The backend developers develop the API on the server side and send its API documentation with it's endpoint to the frontend developers, who can use it on the client side to visualise the data.
Another architecture used is the microservices architecture, where a microservice is a small, single service offered by a company, where like distributed computing, the service is distributed or broken down into smaller services to make it easier to manage and scale. Microservices rely on APIs for communication, as it lets one service interact with another.
Business Growth and Collaboration
For a business to expand, having an API is a must, as this opens up new horizons for the company, like having third party integrations, where they can share their data and resources through APIs to collaborate with other businesses and developers to build new features and services.
Businesses can also integrate analytics into their APIs, to view how and who all are using their data, to get better insights, and also monetize their APIs to add another source of income.
As we have seen, APIs are an integral part of software development, which makes the whole process more understandable, less complex and more efficient. It also helps developers and businesses to collaborate with each other to build some exciting services.
I hope that the introduction of this article doesn't sound all gibberish now, and it does make some sense to you!