API is the acronym for Application Programming Interface, which is a software intermediary that allows two applications to talk to each other. Each time you use an app like Facebook, send an instant message, or check the weather on your phone, you’re using an API.
How API works
An API is a set of defined rules that explain how computers or applications communicate with one another. APIs sit between an application and the web server, acting as an intermediary layer that processes data transfer between systems.
Here’s how an API works:
A client application initiates an API call to retrieve information—also known as a request. This request is processed from an application to the web server via the API’s Uniform Resource Identifier (URI) and includes a request verb, headers, and sometimes, a request body.
After receiving a valid request, the API makes a call to the external program or web server.
The server sends a response to the API with the requested information.
The API transfers the data to the initial requesting application.
While the data transfer will differ depending on the web service being used, this process of requests and response all happens through an API. Whereas a user interface is designed for use by humans, APIs are designed for use by a computer or application.
APIs offer security by design because their position as middleman facilitates the abstraction of functionality between two systems—the API endpoint decouples the consuming application from the infrastructure providing the service. API calls usually include authorization credentials to reduce the risk of attacks on the server, and an API gateway can limit access to minimize security threats. Also, during the exchange, HTTP headers, cookies, or query string parameters provide additional security layers to the data.
For example, consider an API offered by a payment processing service. Customers can enter their card details on the frontend of an application for an ecommerce store. The payment processor doesn’t require access to the user’s bank account; the API creates a unique token for this transaction and includes it in the API call to the server. This ensures a higher level of security against potential hacking threats.
Types of APIs
Nowadays, most application programming interfaces are web APIs that expose an application's data and functionality over the internet. Here are the four main types of web API:
Open APIs are open source application programming interfaces you can access with the HTTP protocol. Also known as public APIs, they have defined API endpoints and request and response formats.
Partner APIs are application programming interfaces exposed to or by strategic business partners. Typically, developers can access these APIs in self-service mode through a public API developer portal. Still, they will need to complete an onboarding process and get login credentials to access partner APIs.
Internal APIs are application programming interfaces that remain hidden from external users. These private APIs aren't available for users outside of the company and are instead intended to improve productivity and communication across different internal development teams.
Composite APIs combine multiple data or service APIs. These services allow developers to access several endpoints in a single call. Composite APIs are useful in microservices architecture where performing a single task may require information from several sources.
Features of API
Here are some important features of API:
It offers a valuable service (data, function, audience,.).
It helps you to plan a business model.
Simple, flexible, quickly adopted.
Managed and measured.
Offers great developer support.
API architecture refers to a software building block that implements an API. For example, if we look at the TCP/IP protocol, many layers form the building block of this protocol stack. They are all arranged in a specific order. Individually, they perform a single, well-defined responsibility. But, collectively, they achieve the transmission of data between two devices through the Internet.
It is possible to envisage an API architecture in the same way. However, before getting to that, defining the core responsibilities of an API is crucial.
As evident from its acronym, an API provides a mechanism for invoking a task on another system. There are four primary responsibilities of an API.
Interfacing: The interface defines the specifications for accessing the API. In the context of a web API, this interface defines the protocol specifications for accessing the API over the Internet.
Interpretation: The data sent as part of an API request and response is subjected to interpretation. This is done to take additional actions or translate between human and machine, user and platform interpretable data formats.
Computing: As part of its core function, an API executes a business logic. Therefore it requires a computing environment.
Data Processing: All applications rely on some data store that necessitates transfer, dump, or fetching of loads of data. An API relies on these operations too.
To better understand the API architecture, let us split the API responsibilities into individual entities accountable for them. In this way, we stitch the building blocks that define the generic API architecture.
->API Interface Block
The Interface block is responsible for defining the specifications for the API. This is important for the external world to access the API. In most cases, these specifications are governed by the application layer protocol that hosts the API.
HTTP is the most ubiquitous protocol that carries the API payload. Therefore the API interface is defined in terms of the API endpoint URL, the port number, and the HTTP method. The API interface also defines additional HTTP headers.
One of the other popular protocols is MQTT. It is based on the publish-subscribe pattern and makes it easy to build async APIs. In this case, the API endpoints are identified by a topic name instead of the URL.
->API Controller Block
Beyond the interface, an API needs to control the ingress and egress traffic. This is where the API request and responses are interpreted, and additional control mechanisms are applied via the Controller block.
Some of the most apparent control mechanisms include rate limiting, throttling, blacklisting. This is to ensure that the client applications do not misuse the API. It also guards against abuse of the API.
Even more important is the handling of unauthorized access to API. Therefore this building block is also responsible for authentication and authorization. Additionally, it has the ability to peek inside the HTTP headers and data payloads to perform additional checks and transformations.
->API Runtime Block
The Runtime block takes care of the computing responsibility of the API.
Behind the scenes, every API is a piece of software that performs a well-defined business logic serving the needs of the API’s client.
Depending upon a chosen programming language and its toolchain, a runtime environment gets spawned. Then, the business logic execution happens inside this runtime environment, supported by additional configuration data and environment variables.
->API Data Bridge Block
Usually, the data storage engines, like the databases or any form of data store, are universally shared between the individual APIs that form the API service. This approach ensures that there is a single source of truth across all APIs. The APIs must have a bridge between their runtime block and the data engine to facilitate seamless access to data.
The Data Bridge block is responsible for orchestrating this data access. The actual implementation of this block is platform-specific and depends on database drives and programming libraries. These are managed from within the Runtime block.
API Lifecycle Stages
There are three key components of an API lifecycle (create, control, consume) with analytics at the center of it. Each component of the lifecycle can be broken down into several stages.
Stages of an API Lifecycle
Building: Once you have a solid strategy and plan in place, it’s time to build your API. AMPLIFY API Builder helps build and assemble APIs with ease.
Testing: Before publishing, it’s important to complete API testing to ensure they meet performance, functionality and security expectations.
Publishing: Once tested, it’s time to publish your APIs to become available to developers.
Securing: Security risks and concerns are a common problem today. We’ve compiled the top 10 security risks when releasing your APIs.
Managing: Once published, your developers need to manage and maintain APIs to make sure they’re up to date and the integrity of your APIs isn’t compromised.
Onboarding: When you offer your APIs for public or private consumption, onboarding is an important component so developers understand the key capabilities.
Analyzing: Your APIs are live but how are they performing? API Analytics help you understand your digital business and catch abnormalities before they impact your business.
Promoting: There are several ways to market your API including listing it in an API Marketplace.
Monetizing: You can choose to offer your APIs for free or when there is an opportunity for it, you can monetize your APIs and drive additional revenue for your business.
Retirement: Retiring APIs is the last stage of an API lifecycle and happens for a variety of reasons including technology changes and security concerns.
The Tech Platform