What is an API?

APIs are the building blocks of today's digital products and experiences. They simplify application development and are a core component of the modern distributed application paradigm. It's estimated that traffic from API-based services makes up more than 80% of all internet traffic around the world.

The widespread adoption of APIs has been driven by the rise of cloud-native applications and microservices.

Whether you're a developer moving into the microservices world or an IT decision-maker interested in the power of the API economy to transform your business, there's real value in learning what APIs are and how they work.

For newcomers to the technology, it's often easiest to understand APIs with an example of how they work and what they enable.

Imagine you're ordering delivery using your favorite pizza places app. In the pizzeria's app, they offer you the ability to log in using your Facebook account.

Now, Facebook (presumably) doesn't want to give your neighborhood pizzeria full-on access to its entire platform all willy-nilly. But they can make it easy for the pizza app to communicate with their own systems to authenticate your identity (without interacting or connecting to them in any way they don't want) thanks to APIs. The pizza app just has to make a call to Facebook's API requesting the needed data (delivered in a fraction of a second, putting that 30-minute delivery time guarantee to shame).

Other obvious examples of APIs at play in our hypothetical pizza app could include an integration with a maps app to show you where your delivery driver is with your incoming pie. Or the ability to use a mobile payment service to pay for the food.

All of the above is done inside the pizzeria's app; you never have to open up Facebook or Google Maps or Apple Pay. These connections happen behind the scenes thanks to APIs.

This is how companies can extend their potential market reach by exposing capabilities like authentication, maps, or payment services through APIs.

APIs operate between a calling application (known as the client) and a source application (the server) to deliver data or resources in response to a request. APIs do this through a defined set of rules (or interfaces) and protocols.

Interfaces allow client applications written in any language to call the API to communicate with the source application and get the desired resource.

APIs themselves can be written in most high-level languages. The only things that bind the backend system with the API and the calling application are:

• The interfaces that accept requests and provide responses

• The protocol used to convey the messages back and forth

APIs abstract the underlying program and encapsulate it in a way that enables the client application to easily consume its services.

APIs are used for web-based, mobile, and desktop apps as well as system-to-system communication. Any time two pieces of software need to communicate with each other, there is potential for an API to be used.

In the above diagram, we have a client application sending a request to an API service. The API internally communicates with the application and backend systems to retrieve data and perform computations. Then, the API responds to the client. Besides REST, API services can use other protocols, including SOAP, GraphQL, or gRPC.

There are many different ways of categorizing APIs, but chief among them is the method of access.

Depending on how API endpoints are exposed, an endpoint can be public, private, and partner. API endpoints exposed to anyone on the internet are public. Clients can access these APIs through a token unique to their subscription. Private API endpoints are accessible only within the organization's network. Partner API endpoints are also accessible over the internet, but only to authorized partner organizations.

Public APIs are accessible by anyone over the internet. These APIs are maintained by organizations that have developed, deployed, and now manage the API endpoints. The documentation for these APIs (which show their features and how to access them) is also available in the public domain. An example of public APIs are Twitter's public APIs, which allow developers to create Twitter-based applications.

Private APIs are internal to an organization. Only applications inside the organization's network boundary can access them. This is how many enterprises expose legacy applications to newer applications.

Partner APIs are a mixture of both public and private APIs. Here, an organization creates APIs that are accessible by its own applications as well as those of partner organizations. An example of this is the private API of a tax office that is also made available to banks and social welfare systems.

Composite APIs combine data from several sources, which may be public and others private. For example, a composite API can power a government's digital service platform, using APIs from different state-run public services.

The major benefit of using an API is accessing and consuming data and services from thousands of independent sources. This means organizations of all sizes can access these functionalities without developing their own specialized applications.

Other major benefits to using APIs include:

• APIs increase business agility. By abstracting away the underlying complexity of a service and presenting it as a product, APIs give organizations secure access to data, services, and operating systems that drive innovation for internal partners and third-party consumers.

• When built well, APIs enable developers to be more productive by allowing them to reuse an existing API rather than building new code each time.

• The language-independent nature of APIs enables rapid development and deployment of small, modular applications. APIs can also leverage a vast range of already-built third-party services and data sources.

Another benefit of APIs is related to API monetization. Organizations developing APIs for public consumption can offer a free tier for regular usage, but they can also charge if callers reach certain request counts or want access to premium API features or endpoints.

There are a number of characteristics common to APIs, no matter the type of API or how it is developed.

• Every API must have a defined interface that specifies the actions the API can perform, how a client app can invoke those actions, and what data will be returned as a response.

• An API specifies its message format. The API provider stipulates the message format (for example: JSON, YAML or XML) and structure of the data exchanged between the client and the API.

• An API specification also includes the network protocol the client uses to make the API request and receive its response. Some examples include HTTP, HTTPS, and SFTP.

API security is another important matter. API developers must ensure security. This may be done (for example) by using web application firewalls, secure API gateways that use SSL and TLS encryption, input validation, and user authentication wherever necessary.

API development has gone through several phases over the years, culminating in the evolution of the so-called API economy (more on that in a moment) central to today's digital world. Below are some key terms and concepts essential to understanding the API landscape today.

An important part of an API is its documentation.

You can't just send anything you like an API and expect it to work properly. Each API has a specific purpose. For example, you can't go to your pizzeria and try to buy a trombone. (At least, not at my local pizza parlor.) Instead, in the pizzeria, there's a specific menu that shows you what you can order and a description about what you'll get in turn. This is similar to API documentation.

Let's consider the API documentation for a rideshare application like Uber:

• The ride request API documentation will say that you can request your preferred vehicle type and it will expect you to provide standard drop-off and pickup points in real places.

• The documentation will also tell what information Uber will send back to you after you requested a ride: like the driver's name and vehicle model.

A developer portal is like a catalog for APIs. It's a website that developers go to to find the APIs they want to use and to read the documentation for each API.

According to best practices, APIs should be easy to find, access, and use. A dev portal makes this possible.

API gateways are specialized software that aggregate all incoming API requests and route them through a management system to the appropriate API.

API gateway functions include:

• authentication

• routing

• rate-limiting

• billing

• monitoring

• analytics

• policies

• alerts

Aggregating these functionalities into a unified platform greatly simplifies management and enhances performance from the perspective of a service provider.

Microservices are a software architecture that divides an applications different functions into smaller components called services.

In contrast with the older, monolithic style of application development in which single applications performed multiple functions, a microservice architecture typically comprises distributed, loosely coupled, semi-autonomous, individual software components for different functions.

For example, an application can be made up of one service for user account management, another for online merchant integration, and yet another for payments.

Although APIs and microservices are different, they're usually paired because microservices typically communicate with one another via their exposed APIs.

There are many different approaches to the design and development of APIs in use today. The dominant approach is the RESTful API. REST is not strictly a protocol or standard as it is a set of architectural constraints or guidelines. When a client makes a request, a REST API sends a representation of the resources state to the requester or endpoint.

Other API approaches include:

• SOAP (Simple Object Access Protocol), was introduced in the late 90s and, for a time, the dominant API model. It's still used but has since been eclipsed by REST.

• Developed by Google, gRPC is now widely used and is particularly suitable for mobile API development.

• Created by then Facebook / now Meta, GraphQL is a language for querying databases from client-side applications and is particularly useful for granular data access and mobile API development.

The API economy is increasingly used today. According to a Forbes report, nearly 40% of top US companies employ more than 250 APIs, with more than $2 billion invested in API development in 2020. These days, anyone with a mobile phone and a social media account is constantly tapping into API-linked applications, whether they know it or not.

In the enterprise world, Amazon Web Services, Alibaba Cloud, Google, Meta, and Microsoft Azure all make their services available through APIs and have significant investments in developing the ecosystem. As more and more services are made public and integration continues to increase, the API economy will continue to grow exponentially.

APIs provide unlimited opportunities for service integration, expansion, and development. Theyre crucial to participating in the booming, global digital economy and entering an almost limitless variety of digital services.

IT leaders who want a deeper dive into the API world or want to optimize their engagement in the API economy can start by exploring more of our resources around API management and APIOps.

Software developers seeking to traverse the API landscape can start by becoming familiar with REST and other API design approaches and exploring the API functionalities of their language of choice. Check out Kong Academy for learning resources across multiple languages and platforms.

For more information on Kong, refer to our documentation or explore the Knowledge Center.

Ready to get started with Kong? Get a personalized demo or start a trial today.