What is a cloud API?

Cloud APIs enable communication between cloud-based services, or between cloud-based and on-premise applications.

Learning Objectives

After reading this article you will be able to:

  • Define ‘cloud API’
  • Learn how cloud APIs work
  • Contrast common types of cloud APIs

Related Content

Want to keep learning?

Subscribe to theNET, Cloudflare's monthly recap of the Internet's most popular insights!

Refer to Cloudflare's Privacy Policy to learn how we collect and process your personal data.

Copy article link

What is a cloud API?

Cloud APIs are software programs that transfer data between cloud computing services, or between cloud services and on-premise applications.

They represent a subset of application programming interfaces (APIs), an interface that facilitates the transfer of data between software programs. Developers use APIs to share data and functionalities across multiple applications, without the need to rewrite code or rebuild existing functions into new apps.

Cloud APIs can be configured for a wide range of purposes. A few of the most common uses include the following:

  • Sharing resources across multiple cloud providers
  • Provisioning and managing cloud-hosted infrastructure
  • Streamlining cloud security
  • Automating disaster recovery

While cloud APIs connect services within cloud environments, they may not be compatible with every cloud provider or even be designed to work across different providers’ environments. For this reason, cloud APIs are sometimes categorized by the cloud vendors they support. A vendor-specific cloud API is only designed to work with services from a single cloud provider, while a cross-platform cloud API is compatible with multiple cloud providers.

How do cloud APIs work?

A cloud API can be configured in many different ways depending on the purpose it serves and the protocol it uses.

Generally speaking, cloud APIs work by sending and receiving requests between cloud services, or from the cloud to an on-premise application. To perform API integrations, each API has specific rules that must be followed before a function can be replicated from one API to the other.

The process of making an API connection is fairly complex, but usually follows these steps:

  1. An API client (e.g. an application) initiates a request for specific data, also called an API call.
  2. The API call is received by an API endpoint (e.g. a server).
  3. The API endpoint authenticates the request to ensure the call is from a legitimate source and formatted using the correct API protocol (i.e. SOAP, REST, or RPC) and schema.
  4. The API endpoint returns the requested data to the API client.

Often, cloud API integrations require multiple API calls. Because this process can quickly become unwieldy, developers use API gateways — a reverse proxy service that manages API calls from a centralized location. API gateways are responsible for receiving, routing, and delivering API requests and responses. They may also handle rate limiting, authentication, security policy enforcement, and a number of other functions.

For a more in-depth explanation of this process, read What is an API call?

What are the main types of cloud APIs?

Cloud APIs are often labeled by the layer at which they connect cloud services. Typically, this connection occurs at one of three levels:

  • Infrastructure level: Infrastructure-level APIs, also called infrastructure-as-a-service (IaaS) APIs, help provision and manage cloud-hosted infrastructure. IaaS APIs may be used to streamline the management of virtual servers, cloud storage, cloud security, and other infrastructure-level software and services.
  • Service level: Service-level APIs, or platform-as-a-service (PaaS) APIs, connect this infrastructure to third-party platforms for developing applications. PaaS APIs allow developers to access development tools, operating systems, software, and databases so they can build their own applications.
  • Application level: Application-level APIs, or software-as-a-service (SaaS) APIs, connect infrastructure to cloud-based applications that are managed by third-party providers. SaaS APIs enable users to access fully-built cloud applications (e.g. Gmail) from a client.

To put this into perspective, imagine that Bob wants to outsource the construction of a house. Bob may contact architects, contractors, electricians, interior decorators, and other professionals — all of whom play a distinct role in building and furnishing the house. Similarly, developers use different kinds of APIs when building cloud-based applications or connecting applications to cloud services. Like the team of third-party professionals needed to build a house, each of these APIs helps developers access different functionalities.

How does Cloudflare secure cloud APIs?

Like anything connected to the Internet, APIs are vulnerable to a variety of attacks — from application-layer DDoS attacks to OWASP Top 10 threats. Protecting APIs from abuse requires a layered defense that can prevent, detect, and mitigate incoming attacks.

Cloudflare API Gateway helps organizations discover and catalog shadow APIs, block API data exfiltration, and shield APIs from external and internal threats. Learn more about Cloudflare API Gateway.