An application programming interface (API) is a way for one piece of software to use the functions of another piece of software.
After reading this article you will be able to:
Related Content
Subscribe to theNET, Cloudflare's monthly recap of the Internet's most popular insights!
Copy article link
An application programming interface (API) is a set of rules that enables a software program to transmit data to another software program.
An API is an "interface," meaning a way for one thing to interact with another. As a real-world example, an ATM has an interface — a screen and several buttons — allowing customers to interact with their bank and request services, like getting cash. Similarly, an API is how one piece of software interacts with another program to obtain needed services.
Imagine Jennifer builds a website that helps commuters check highway traffic before they leave for work. Jennifer could spend a lot of time and money setting up a complex highway tracking system to provide this information to her website's users. But these capabilities already exist, as outside parties have created such systems. Instead of reinventing the wheel in this way, Jennifer's website uses an API that is offered by an external highway tracking service. Now Jennifer can focus on building other aspects of the website.
An API call, also known as an API request, is a message directed at an API that triggers the API's use.
API calls have to be formatted in accordance with the API's requirements in order to work. The API's requirements are called its "schema." The schema also describes the types of responses that are provided to each request.
Suppose a commuter uses Jennifer's website to check traffic on Highway 192. The website sends an API call to provide this information — a message that reads "Highway 192." The highway tracking service's API server receives this message and replies with travel times on Highway 192. Imagine the API's schema in this way:
| API request | API response |
|---|---|
| "Highway 192" | Travel times on Highway 192 |
| "Highway 217" | Travel times on Highway 217 |
| "Highway 225" | Travel times on Highway 225 |
(Note that this is a highly simplified example — real-world API requests, responses, and schemas are more complex.)
Now suppose that Jennifer's website sends an API request for "Highway ASDFGHJ." This is not a valid request because it does not conform to the API's schema, which only allows for actual names of highways. The server will not be able to provide a usable response to such a request.
An endpoint is the end of a communications channel. An API endpoint is the place where an API response originates from.
In the example, the client of the API connection is Jennifer's website, and the endpoint is the server that hosts the API. Jennifer's API calls have to go to a certain URL (a URL is a web address, like www.cloudflare.com/learning) that the API server is responsible for in order to get a response.
API integration is the combination of two or more applications using APIs. API integration is what enables one application to benefit from the capabilities of another application, just as combining a sales team and a marketing team in one office enables those two teams to work together and benefit from each other's efforts. API integrations are also commonly used to synchronize data between two applications or databases.
Anything that involves computer code can have an API, from operating systems to software libraries. A web API is specifically for use by web applications that are accessed over the Internet.
Web APIs are incredibly important for the modern Internet. Almost all user-facing applications rely on APIs to function (not just Jennifer's website!). Entire software development philosophies rely on the use of APIs — one such philosophy is JAMstack, with JAM standing for JavaScript, APIs, markup. Another example is microservices architecture, which uses APIs in order to call the different functions that make up an application. Even applications built without these approaches usually rely on APIs.
SOAP APIs and REST APIs describe different categories of APIs.
SOAP (Simple Object Access Protocol) is a type of protocol. SOAP APIs are APIs that only use the SOAP protocol.
REST (REpresentational State Transfer) is an architectural style for web services. A REST API is any API built using REST architecture. Unlike SOAP APIs, REST APIs work with any protocol. Most APIs today are REST APIs.
Just as allowing a person to use an application introduces the risk that the person will abuse the application, an API introduces the risk that an API client will abuse the service. Additionally, web API calls travel over the Internet and can be intercepted, spoofed, or modified just like any other data transfer over a network.
API security is the practice of protecting APIs from attacks and abuse. Given the importance of APIs to the modern Internet, API security is a core component of web application security. Crucial API security measures include:
Cloudflare API Gateway includes these and other security features to protect against API threats. To read about API security in more depth, see What is API security?