An API (the full form is Application Programming Interface) is a contract (or specification) promised by the software which it will honor if other software wants to interact with it for performing business operations.
API allows two or more software applications to talk to each other through a well-defined computing interface.
1. API Example in Real Life
Mobile apps can be one of the very familiar examples of APIs. Mobile applications generally contain all the UI related parts of the application.
All the real-time data displayed in the mobile apps is fetched through the APIs. All the weather information, emails, game scores, live telecasts, and many more such real-time data is fetched from APIs deployed on the server.
Similarly, many modern websites fetch the on-demand data (which is fetched from the server exactly when it is needed) using technologies such as AJAX, Web Sockets, etc. This kind of interaction happens through an API.
Another example you can see on this page is the Social sharing buttons. When you click on them, a popup appears for confirmation about your action. Once you confirm, the post is shared with the selected social media website through an API. The social sharing buttons use the API provided by those websites to share any URL on the internet.
2. How to use API
We are not required to know how an API works internally for serving a specific business goal or any task. All we will need to know is how to interact with the API.
For example, all airline ticket booking applications will use an API exposed by the airline company. Anytime a customer uses any such application and books a flight ticket, the application passes the passenger and flight booking information to the API.
The booking API will process the data and book the ticket for the customer and the application will get a successful response with booking details in return.
The booking applications do not know and need not know how the API works internally. All they are required to do is pass the booking information in a well-defined format to the API and wait for the response.
Similarly, any application/mobile app can use an API or expose an API to other software.
3. What is the purpose of an API
The software applications are developed in pieces. To avoid writing a piece of software multiple times in different places, it is written as a reusable component.
Such a reusable component is then exposed to other components and applications via an interface i.e. API.
The API helps in making the component standard, reusable, easily understood by the users, and abstract. The abstraction helps in exposing only minimum relevant information to other entities and protect the business logic to perform an action.
Making reusable APIs not only benefits the users, but it also makes easy the developer’s life as well. The defined scope of API helps in the designing, testing, building, managing, and versioning of the component.
4. How to develop an API
4.1. API Specification
As we already said, API is a reusable abstract component that exposes its programming interface without exposing how it works internally. To achieve this goal, the very first thing is a standard, clean, well documented, and easy to use API specification.
The specification should clearly tell the followings:
- A very clear business operation it will perform
- The API URL or interface
- HTTP protocal and methods
- Request structure and individual fields
- Response structure and individual fields
- Valid values for fields in request, where it is applicable
- Any mechanism for filering and sorting the data
- Any authentication/authorization information
- The possible success and error codes
- And, any other relevant information it should
4.2. API Security
The information is of the utmost importance in any application, especially the user’s nonpublic personal information (NPI data). To protect this information, API must be secured from unauthorized access.
Only authorized users with secure credentials should be able to access the API.
4.3. Audit Logging
A publicly exposed API will be used by thousands of users every day. To understand how the API is used or abused by its user, it is necessary to log the critical information related to API usages.
A proper monitoring system will trigger the alerts in case of somebody misuses the API interface or make an unauthorized entry into the application.
API performance is very essential to make it usable in the first place. No application would like to block its users while a request is being processed in the server. Only certain applications are expected to block where they perform operations in real-time. For example, money transfer and bill payments.
A poorly performing API will not be used by its consumers and thus will cause a loss to the business.
Let me know your thoughts on designing an API and its best practices.