What and How of APIs (Application Programming Interface)

Have you ever wondered how you are able to sign up for a website using Google or Facebook? Or how you are able to transfer money from your account to your friend’s accounts by using Paytm or Google Pay?

Well, the magic behind all these is what we call Web APIs.

API stands for Application Programming Interface. An API is a software intermediary that allows two applications to talk to each other. In other words, an API is a messenger that delivers your request to the provider that you’re requesting it from and then delivers the response back to you.

An API defines functionalities that are independent of their respective implementations, which allows those implementations and definitions to vary without compromising each other. Therefore, a good API makes it easier to develop a program by providing the building blocks.

Types of APIs

There are numerous types of APIs. For example, you may have heard of Java APIs, or interfaces within classes that let objects talk to each other in the Java programming language. Along with program-centric APIs, there are also Web APIs such as the Simple Object Access Protocol (SOAP), Remote Procedure Call (RPC), and perhaps the most popular—at least in the name— Representational State Transfer (REST). There are 15,000 publicly available APIs, according to Programmable Web, and many thousands of more private APIs that companies use to expand their internal and external capabilities.

RESTFUL APIs have become so common nowadays that API has become synonym REST APIs.

Who uses API?

These services can be accessed by different kinds of users like:

• Web Browsers

• Mobile applications

• Desktop applications

• IOTs (Internet of Things)

What is Web API?

Web API as the name suggests is an API over the web which can be accessed using the HTTP protocol. It is a concept and not a technology. We can build Web API using different technologies such as Java, .NET etc.

For example, Twitter's REST APIs provide programmatic access to read and write data using which we can integrate twitter's capabilities into our own application.

Let’s take another example:

We make a reservation from different web applications like MakeMyTrip, Ixigo or Paytm and all other reservation web applications, but all applications make a reservation using credentials from the IRCTC website only, i.e., user performing reservation must have login credentials of IRCTC website.

A Web API is a developer's dream.

• It can extend the functionality of the browser

• It can greatly simplify complex functions

• It can provide easy syntax to complex code

Four types of web APIs

APIs are broadly accepted and used in web applications. There are four principal types of API commonly used in web-based applications: public, partner, private and composite.

In this context, the API "type" indicates the intended scope of use.

• Public APIs. A public API is open and available for use by any outside developer or business. An enterprise that cultivates a business strategy that involves sharing its applications and data with other businesses will develop and offer a public API.

Public APIs typically involve moderate authentication and authorization. An enterprise also may seek to monetize the API by imposing a per-call cost to utilize the public API.

• ·Partner APIs. A partner API, only available to specifically selected and authorized outside developers or API consumers, is a means to facilitate business-to-business activities. For example, if a business wants to selectively share its customer data with outside CRM firms, a partner API can connect the internal customer data system with those external parties -- no other API use is permitted.

Partners have clear rights and licenses to access such APIs. For this reason, partner APIs generally incorporate stronger authentication, authorization and security mechanisms. Enterprises also typically do not monetize such APIs directly; partners are paid for their services rather than through API use.

• Internal APIs. An internal (or private) API is intended only for use within the enterprise, to connect systems and data within the business. For example, an internal API may connect an organization's payroll and HR systems.

Internal APIs traditionally present weak security and authentication -- or none at all -- because the APIs are intended for internal use, and such security levels are assumed to be in place through other policies. This is changing, however, as greater threat awareness and regulatory compliance demand increasingly influence an organization's API strategy.

• Composite APIs. Composite APIs generally combine two or more APIs to craft a sequence of related or interdependent operations. Composite APIs can be beneficial to address complex or tightly-related API behaviours, and can sometimes improve speed and performance over individual APIs.

API protocols and architectures

APIs exchange commands and data, and this requires clear protocols and architectures -- the rules, structures and constraints that govern an API's operation. Today, there are three categories of API protocols or architectures: REST, RPC and SOAP. These may be dubbed "formats," each with unique characteristics and tradeoffs and employed for different purposes.

• REST. The representational state transfer (REST) architecture is perhaps the most popular approach to build APIs. REST relies on a client/server approach that separates the front and back ends of the API and provides considerable flexibility in development and implementation. REST is "stateless," which means the API stores no data or status between requests. REST supports caching, which stores responses for slow or non-time-sensitive APIs. REST APIs, usually termed "RESTful APIs," also can communicate directly, or operate through intermediate systems such as API gateways and load balancers.

REST (representational state transfer) is a very popular web API architecture. To be a REST API, an API must adhere to certain architectural constraints, or principles, including:

1. Architecture: the interface is separated from the backend and data storage. This allows for flexibility, and for different components to evolve independently of each other.

2. Statelessness: no client context is stored on the server between requests.

3. Cacheability: clients can cache responses, so a REST API response must explicitly state whether it can be cached or not.

4. Layered system: the API will work whether it is communicating directly with a server, or through an intermediary such as a load balancer.

• RPC. The remote procedural call (RPC) protocol is a simple means to send multiple parameters and receive results. RPC APIs invoke executable actions or processes, while REST APIs mainly exchange data or resources such as documents. RPC can employ two different languages, JSON and XML, for coding; these APIs are dubbed JSON-RPC and XML-RPC, respectively.

• SOAP. The simple object access protocol (SOAP) is a messaging standard defined by the World Wide Web Consortium and broadly used to create web APIs, usually with XML. SOAP supports a wide range of communication protocols found across the internet such as HTTP, SMTP and TCP. SOAP is also extensible and style-independent, which allows developers to write SOAP APIs in varied ways and easily add features and functionality. The SOAP approach defines how the SOAP message is processed, the features and modules included, the communication protocol(s) supported and the construction of SOAP messages.