An application programming interface (API) is a way for one piece of software to use the functions of another piece of software.
After reading this article you will be able to:
Copy article link
An application programming interface (API) is a set of rules that enables a software program to transmit data to another software program.
An API is an "interface," meaning a way for one thing to interact with another. As a real-world example, an ATM has an interface — a screen and several buttons — allowing customers to interact with their bank and request services, like getting cash. Similarly, an API is how one piece of software interacts with another program to obtain needed services.
Imagine Jennifer builds a website that helps commuters check highway traffic before they leave for work. Jennifer could spend a lot of time and money setting up a complex highway tracking system to provide this information to her website's users. But these capabilities already exist, as outside parties have created such systems. Instead of reinventing the wheel in this way, Jennifer's website uses an API that is offered by an external highway tracking service. Now Jennifer can focus on building other aspects of the website.
An API call, also known as an API request, is a message directed at an API that triggers the API's use.
API calls have to be formatted in accordance with the API's requirements in order to work. The API's requirements are called its "schema." The schema also describes the types of responses that are provided to each request.
Suppose a commuter uses Jennifer's website to check traffic on Highway 192. The website sends an API call to provide this information — a message that reads "Highway 192." The highway tracking service's API server receives this message and replies with travel times on Highway 192. Imagine the API's schema in this way:
|API request||API response|
|"Highway 192"||Travel times on Highway 192|
|"Highway 217"||Travel times on Highway 217|
|"Highway 225"||Travel times on Highway 225|
(Note that this is a highly simplified example — real-world API requests, responses, and schemas are more complex.)
Now suppose that Jennifer's website sends an API request for "Highway ASDFGHJ." This is not a valid request because it does not conform to the API's schema, which only allows for actual names of highways. The server will not be able to provide a usable response to such a request.
An endpoint is the end of a communications channel. An API endpoint is the place where an API response originates from.
In the example, the client of the API connection is Jennifer's website, and the endpoint is the server that hosts the API. Jennifer's API calls have to go to a certain URL (a URL is a web address, like www.cloudflare.com/learning) that the API server is responsible for in order to get a response.
API integration is the combination of two or more applications using APIs. API integration is what enables one application to benefit from the capabilities of another application, just as combining a sales team and a marketing team in one office enables those two teams to work together and benefit from each other's efforts. API integrations are also commonly used to synchronize data between two applications or databases.
Anything that involves computer code can have an API, from operating systems to software libraries. A web API is specifically for use by web applications that are accessed over the Internet.
SOAP APIs and REST APIs describe different categories of APIs.
SOAP (Simple Object Access Protocol) is a type of protocol. SOAP APIs are APIs that only use the SOAP protocol.
REST (REpresentational State Transfer) is an architectural style for web services. A REST API is any API built using REST architecture. Unlike SOAP APIs, REST APIs work with any protocol. Most APIs today are REST APIs.
Just as allowing a person to use an application introduces the risk that the person will abuse the application, an API introduces the risk that an API client will abuse the service. Additionally, web API calls travel over the Internet and can be intercepted, spoofed, or modified just like any other data transfer over a network.
API security is the practice of protecting APIs from attacks and abuse. Given the importance of APIs to the modern Internet, API security is a core component of web application security. Crucial API security measures include:
About web application security
Learning Center navigation