API Full-Form | What is API?

If you have ever used Swiggy (a food ordering app), you have probably seen an embedded Google Map like this:

It is a Google Map that shows the live location of your delivery partner. Ever wondered about the mechanism behind this? Does Google allow Swiggy to access their database? Or is Swiggy granted some special permissions for this purpose?

Well, the short answer for your curiosity is by using APIs.

In this article, we have covered everything that you need to know about APIs. The following is our lineup for this article:

What is API?

The full form of API is Application Programming Interface. APIs make a big part of the web. According to a public report published by Postman (an API testing software), the number of API collections on their platform grew from 17.3 million in 2019 to 46 million in 2021.

API is a medium through which two systems can talk to each other. To understand APIs properly, think of a function in a language, say JavaScript –

function add(parameter1, parameter2){
   return parameter1 + parameter2
}

This function is taking parameters from the user and returning a value by operating (addition in this case) on them. APIs are just like functions, they take the parameters and return some response depending on the request. Consider the following example –

fetch('https://example.com/parameter1+parameter2')
   .then((data) => {
       return data.json()
   })
   .catch(err => {
       console.log(err)
   })

fetch is a method in JavaScript to call an API. It usually returns a JSON (JavaScript Object Notation) value. then is used to pair the results i.e. process the result further. data.json() is used to decode the value received as a JSON Object into a JavaScript object. catch is also used to pair the results, but instead of taking the results further, catch reports the error in case something wrong happens at any end.

In the above example, note that we are making an API call using an URL ‘https://example.com/parameter1+parameter2’. We are asking the server to provide us the data by using fetch. If the data is received, we are using .json() to convert it from JSON to a Javascript Object. And we are using catch to detect if any error is encountered.

We are passing the parameters and getting a response, just like we do in a function. But now, the addition function is present on the server, and we need to use an URL to access it. We have to ask the server to take the parameters and send us back a response.

Thus, APIs are similar to a function, but there are some differences between the two. Normal functions can be called directly within a program, but APIs are hosted on the server and can be accessed only via an URL.

Use of APIs

API is a set of rules and definitions that allow different computers, software, or services to communicate with each other over the internet. When two systems communicate, the server is the one that provides the API, and the client is the one who consumes it.

APIs take a request from the client or user and send it to the server, which then sends back a response based on the request.

APIs are like a cog between two machines that help in transferring the motion.

If the above definition was too technical for you, let us now simplify the working of an API using a simple analogy –

Imagine that you are sitting in a restaurant with a menu to choose from. You want to send your order to the kitchen, but how do you do that?

Yes! You would ask the waiter to send your order to the kitchen and bring back the food for you. In this case note, the waiter is your API, the order is your request, the kitchen is the server, and the food is the response.

That is what an API does: they help the client to talk with the server. It is a mediator that takes your request to the server and delivers the response back to you.

Developers/Companies build APIs on the server and allow external applications (clients) to leverage them. This allows the clients to re-create complex functionality in their applications without having to build them from scratch. It can simplify app development, saving both time and money.

APIs also help the providers in sharing their resources without revealing the functionality.

Recall the example of the swiggy app. They can use Google Maps in their app because they are using Google Maps API. Google allows developers to make use of various services including Google Authentication, Google Translate, Google AdSense, Google Cloud, etc. In this case, Google has allowed swiggy to use their maps without even sharing the code behind it.

To better understand the flow behind the screen, consider the following image:

In the above example, The data is stored in a database hosted on a physical server. The Google Maps API acts as a mediator between the application (swiggy in this case) and the Database. The application uses this API to ask the webserver to perform a task based on the request made.

Whenever an application/client makes a request, the following flow is carried out behind the scenes:

• API takes the request to the Database or server.

• The request made by the user is processed.

• The server prepares a response and sends it back to the API.

• API then turns the response into a standard format (XML or JSON) and transfers it to the client application.

• The application decodes the data and leverages it.

Note that the application is the client, and both the api and database together make a server.

Fun fact: Even you can include Google Maps in your applications!

Elements of an API

There are three important elements of an API 1. Procedures: They are functions that perform any specific task. E.g. Adding, Deleting data from a resource. 2. Protocols: They are a set of rules that determine how the API would communicate with the client application. E.g. REST (Representational State Transfer), SOAP (Service Object Access Protocol) 3. Tools: They are the blocks required to build a program.

Types of APIs

Based on the type of release, there are three main types of APIs:

1. Private APIs:

They are also known as Internal APIs. They are usually meant to be used within the organisations. They are only exposed to the internal systems. And they are designed to improve upon solutions and services of an organisation’s backend. Many companies use private APIs to make their applications work without revealing their code. E.g. Home-Cost API, which is a home-cost calculator. This API can be used throughout a supply store and its warehouses without any external interference.

2. Public APIs

They are also known as developer-facing APIs. They are public-ally available for everyone without any restrictions. There are two kinds of public APIs – open-source and commercial. Companies may use such APIs to generate additional revenue. E.g. OpenWeatherMap API.

3. Partner APIs

Partner APIs are meant to share the data between two business parties. One company grants the permissions to access the API and the other company makes use of it. These APIs are not publicly available. E.g. AWS, Twitter, etc.

Based on use cases, there are three main types of APIs:

1. Database APIs

These APIs enable the applications to communicate with Database Management Systems. Such APIs support queries and help developers in accessing the specific data by using them. E.g MongoDB, Google Firebase’s API, etc.

2. Remote APIs

Remote APIs allow the modification of data from outside the computers by making a request. Applications access resources located outside the device that requests them. These APIs are cross-platform and support bi-directional streaming of the data. E.g. Jenkins API, Java Database API, etc.

3. Web APIs

Web APIs generally use HTTP for request messages. This is the most common class of APIs. Web APIs can be used by developers to extend the functionalities in their applications. E.g Google Maps API, Twitter API, etc.

Based on protocols, there are two main types of API

1. SOAP (Simple Object Access Protocol)

SOAP was developed by Microsoft. It is a lightweight protocol that uses Extensible Markup Language (XML – a simple format to store data) as a format to transfer data. SOAP contains the syntax rules for request and response messages to be followed by web applications. SOAP is generally used within organizations to ensure the high security of the data. The use of SOAP has fairly declined after the introduction of REST (Representational State Transfer) and JSON (Javascript Object Notation). E.g. Stop-light API.

2. REST (Representational State Transfer)

Unlike SOAP, REST uses JSON (a lightweight text format to transfer the data in key-value pairs) as a format to transfer data. REST is not a standard protocol but an architectural style that defines how the data would be transferred. REST APIs are stateless. It means that they can transfer data uniformly. REST APIs are built on multi-layered systems with defined server-client architecture. REST APIs are the most popular APIs due to their lightweight and fast nature. E.g. Spotify API, Twitter API, etc.

Advantages of APIs

• Since APIs can access app components, the transfer of data becomes flexible.

• APIs can be easily integrated into any application irrespective of the platform or technology used.

• With APIs, data migration becomes easier.

• With APIs, developers can build a complex application without worrying about the code that goes behind it.

• APIs help companies and developers in automating their processes to enhance their productivity and efficiency.

• APIs are highly customisable and adaptable and thus, allows the user right to implement and update them in the way they desire.

Disadvantages of APIs

• Since APIs are a single point of entry, they are vulnerable to attacks from hackers. (Many APIs have loosely coded logic. It may allow hackers to use this vulnerability maliciously. It even allows them to access the main application, thereby causing a loss of private data.)

• Once the API is compromised, it can lead to the loss of all other related or attached systems.

• Since APIs are on the internet, they are vulnerable to every kind of web attack including XSS attacks (adding external malicious scripts) and SQL injection (code injection technique to access the database).

• APIs are difficult to manage.

• There are chances of a system crash during the API testing.

Examples of APIs

• OpenWeatherMap API – This API allows users to access the weather details of any city throughout the world.

• Twitter API – Using this API, users can perform a lot of actions on the Twitter platform including posting a tweet, deleting a tweet, etc.

Conclusion

We have discussed various fundamentals of an API. We discussed what APIs are, how they work, the advantages and disadvantages of API, etc. Now that you have understood what APIs are, here is a question for you to ponder upon – “How would you explain APIs to your grandparents?”