An application programming interface (API) is code that enables two software programs to communicate. An API defines how a developer should request services from an operating system (OS) or other application, and expose data within different contexts and across multiple channels.
Any data can be shared with an application programming interface. APIs are implemented by function calls composed of verbs and nouns; the required syntax is described in the documentation of the application being called. For example, on a real estate website, one API might publish available real estate properties by geography, while a second API provides current interest rates and a third offers a mortgage calculator.
In the early days of Web 2.0, the concept of integrating data and applications from different sources was called a mashup. The web, software designed to exchange data via the internet and cloud computing have all combined to increase the interest in APIs and services.
APIs are made up of two related elements:
The software that wants to access the features and capabilities of the API is said to call it, and the software that creates the API is said to publish it.
APIs authorize and grant access to data that users and other applications request. Access is authenticated to a service or portion of functionality using predefined roles that govern who or what service can access specific actions and data. APIs also provide an audit trail that details who and what have had system access and when it happened.
Applications that call APIs were traditionally written in specific programming languages. Web APIs can be called through any programming language, but webpages created in Hypertext Markup Language (HTML) or application generator tools can also access them.
The most common architectures for APIs are Representational State Transfer (REST) and Simple Object Access Protocol (SOAP), which defines a standard communication protocol specification for a message exchange based on Extensible Markup Language or XML. SOAP requires less low-level infrastructure-related code than REST. However, REST APIs are easier to scale and redeploy, and simpler to implement and integrate with websites and services. REST APIs are most often used today, particularly for web interactions.
APIs have improved the quality and delivery of software and services. Custom software that was developed for a specific purpose is often written to reference APIs that provide features that are useful in a variety of contexts. This reduces development time, cost and the risk of errors.
The growing number of web services that cloud providers expose through APIs also has encouraged the creation of cloud-specific applications, internet of things efforts and apps to support mobile devices and users.
APIs add a digital layer through which a company’s data and enterprise assets are presented with requisite governance and security. This approach enhances customer, employee and partner interactions. Greater functionality and scope of services increase the value delivered to users and improves the customer experience. For example, the previously website anticipates a customer’s needs related to searching for real estate.
APIs also create new monetization opportunities for businesses, such as the productization of data with customized packages and plans for business partners.
APIs are a set of rules. They standardize how developers write application code, improving an organization’s internal software development processes.
Using the same rules and formats streamlines code and makes it more transparent. Standardization also facilitates collaboration among developers as they build software components with the intent to integrate with APIs. This, in turn, facilitates feature development and reduces time to market.
Public APIs and ones shared with partners enable an organization to do the following:
There are challenges and limitations associated with APIs, including the following:
There are four types of APIs: private, public, partner and composite.
APIs also are classified as local, web, remote and program.
Good API design is critical for successful API use. Software architects spend considerable time reviewing all the possible applications of an API and the most logical way for it to be used.
The data structures and parameter values are of particular importance because they must match between the caller of an API and its publisher.
Strong security is also an important aspect of API design. Exploitation of misconfigured APIs is a common practice for cyber attackers. APIs are a gateway that present an organization’s systems and data to internal and external users. Any compromise can create broad and serious security problems.
Operating systems and middleware tools expose their features through collections of APIs usually called toolkits. Two different sets of tools that support the same API specifications are interchangeable to programmers and are the basis for compatibility and interoperability claims. Microsoft’s .NET API specifications are the basis for an open source Linux equivalent middleware package now supported by Microsoft, for example.
Many software products and tools deliver functionality via APIs, from DevOps tools such as Docker, Jenkins and GitLab to enterprise platforms such as Microsoft SharePoint. Social media, in particular, takes advantage of open APIs to facilitate third-party functionality, such as the ability to create news feeds and share photos.
The internet is the primary driver for APIs. Companies such as Facebook, Google and Yahoo publish APIs to encourage third-party developers to build on their capabilities. These APIs have provided everything from new internet features that browse the sites of other services, to mobile device apps that offer easy access to web application resources. New features, such as content delivery, augmented reality and novel applications of wearable technology, are created in large part though these APIs.
The ubiquity of the internet, expanded use of cloud computing and a shift from monolithic applications to microservices have all contributed to increased API use. Trends around APIs include the following:
REST and the web. Web API calls can come from any programming language, but webpages created in HTML or application generator tools can also make them. The increased role of the internet and the cloud in daily life and business activities has expanded the use of APIs and simple programming tools, or even no programming at all, for API access.
APIs and the cloud. Cloud computing introduces new capabilities to divide software into reusable components, connect components to requests and scale the number of copies of software as demand changes.
These cloud capabilities have shifted the focus of APIs from simple RPC-based programmer-centric models to RESTful web-centric models, and even to what is called functional programming or lambda models of services that can be instantly scaled as needed in the cloud.
APIs as services. The trend to think of APIs as representing general resources has changed. Many applications and users do make use of APIs as a general tool, but they are also considered services and will normally require more controlled development and deployment.
SOA and microservices are examples of service APIs. Services are the hottest trend in APIs, to the point where it’s possible that all APIs in the future will be seen as representing services.
Artificial intelligence in APIs. AI and machine learning are increasingly being used to automatically generate documentation and monitor API usage trends.
The company that publishes the API controls all aspects of its design and use, including security, reliability and charging for use. It also controls the addition of functions, whether they are developed by the publisher or third parties. That means the company must uphold API performance under its terms of service, as it would with any application or service.
The following are key aspects of API publishing and management:
API testing. Like all software, APIs must be tested. This validates the published API against the specifications that users employ to format their requests. API testing also ensures that:
API testing is usually done as part of application lifecycle management, both for the software that publishes the API and for all the software that uses it. APIs also must be tested in their published form to ensure that they can be accessed properly.
API management. API management refers to the set of activities associated with publishing an API for use. Management makes it possible for users to find the API and its specifications and regulate access to it based on owner-defined permissions or policies.
API management has become prevalent as businesses increasingly depend on them, adopt more of them and deal with the administrative complexities that they introduce. Organizations have different management needs, but they typically encompass basic functions, including security, governance, analytics and version control.
APIs require strong documentation, advanced levels of security, comprehensive testing, routine versioning and high reliability. To address these requirements, organizations use API management software, either as a combined platform or with individual tools. These tools typically involve several core components: a developer portal, lifecycle management, a policy manager, analytics and an API gateway.
API endpoints and security. API endpoints are the points where the client and server communicate, and where the API receives resource requests. They are typically a URL exposed by the server that enables other systems to connect to the endpoints. They function as entry points into the corporate network. Endpoints are where a developer’s code interacts with an organization’s code and data.
API endpoints are attractive targets to attackers and must be protected. Some security measures are as follows:
Find out everything you need to know about building an enterprise API strategy with this comprehensive guide.
API caching can increase the performance and response time of an application, but only if it’s done right. Learn about some of …
Recent layoffs will create an influx of software engineers on the job market in the coming months, which might benefit smaller …
Unsafe memory access can cause financial woes for enterprises and personal harm to individuals, experts say, advising enterprises…
Responding to user demand, Oracle struck a deal with Red Hat to make the latter’s Enterprise Linux operating system an integral …
AI-powered automated inventory tracking systems aren’t perfect. However, retailers with high rates of lost sales from missing …
Explore scaling options in AKS, such as the horizontal pod and the cluster autoscaler. Then, follow a step-by-step tutorial on …
Software developers can find good remote programming jobs, but some job offers are too good to be true. Follow these tips to spot…
Who should be the Scrum product owner and how does an organization choose the right person for that job? It’s not an easy …
All Rights Reserved, Copyright 2019 – 2023, TechTarget
Do Not Sell or Share My Personal Information