An API or Application Programming Interface is a mechanism that allows two software components to communicate with each other. We can think of an API as a waiter at a restaurant: it takes your request and orders the chef – in this case, the system – to execute the task. Then, it brings back a response – in this case, the food – to the user. Simply put, an API uses requests and responses to perform tasks in your application. We can see examples of API usage in everyday activities on our phones. Whether it is logging into Facebook or checking the weather, APIs are used everywhere.
How do APIs Work?
We can think of APIs as an interaction between a client and a server. The application sends requests to the server, which brings back a response to the client. For example, when we are searching for a restaurant in Google, the user’s phone (client) sends a request to Google’s database (server), and the API is what allows these requests to be made.
Types of APIs
SOAP API:
A SOAP API stands for a Simple Object Access Protocol. This is an older and less flexible API that exchanges messages between the client and server using XML (a type of markup language).
RPC API:
An RPC API is a remote procedure call protocol. When using this API, a client has to use a function, and the server returns an output.
WebSocket API:
Another contemporary web API that uses JSON objects to convey data is the WebSocket API. Client apps and the server can communicate in both directions using a WebSocket API. The server can communicate with connected clients via callback messages, making it more effective than REST APIs.
REST API:
A REST API is the most popular and flexible type of API. REST stands for Representational State Transfer, which defines multiple functions that the client can use to receive data from servers. In this type of API, clients and servers exchange data using HTTP.
API Security
There are two main ways of securing an API:
Authentication Tokens:
Authentication tokens are a way to check that a user is who they say they are. These are used to authorize users to make the API call. An authentication token is like a password for your API and is unique to the server you are using.
API Keys:
API keys are used to verify the application that is making the API call. They identify and ensure that the application has the right to access and use the API call. Although they are not as secure as tokens, API keys enable monitoring of the API in order to collect useful information. When you see a long string of characters and numbers in a website URL, that is the API Key, which the website uses to make internal API calls.
References
- Cleveroad - Header Image
- Amazon Web Services
- Stoplight
- Okta Developer
- Dataverse Project
by 
by 
by 
by 