Application Programming Interfaces—or APIs—are one of the core components of the modern distributed application paradigm. Their widespread adoption has been driven by the rise of cloud-native applications and microservices. But, what is an API? And more importantly, why should you care?
Whether you’re a developer moving into the microservices world and want some orientation, or an IT decision-maker interested in the API economy to transform your business, you should start by learning what APIs are and how they work.
This article will briefly discuss the origin and evolution of APIs, their benefits, opportunities, common features, and some key concepts involved in API development. Finally, we will cover the role of APIs in digital transformations across a spectrum of industries and emerging modern digital ecosystems.
A basic definition of APIs
An API is a piece of software that operates between a calling application (client) and a source application (server) to deliver data (resources) in response to a request.
The API does this through a defined set of rules (interfaces) and protocols. Interfaces allow client applications written in any language to call the API to communicate with the source application and get the desired resource.
APIs themselves can be written in most high-level languages. The only things that bind the backend system with the API and the calling application are:
- The interfaces that accept requests and provide responses
- The protocol used to convey the messages back and forth.
APIs abstract the underlying program and encapsulate it in a way that enables the client application to easily consume its services.
Types of APIs
There are various ways of categorizing APIs—as we will see later—but chief among them is the method of access.
Are accessible by anyone over the internet. These APIs are maintained by organizations that have developed, deployed, and now manage the API endpoints. The documentation for these APIs, which show their features and how to access them, is also available in the public domain. An example is Twitter’s public APIs, allowing developers to create Twitter-based applications.
Are internal to an organization. Only applications inside the organization’s network boundary can access them. This is how many enterprises expose their legacy applications to newer applications.
Are a mixture of both public and private APIs. Here, an organization creates APIs that are accessible by its own applications as well as those of partner organizations. An example of this is the private API of a tax office which is also made available to banks and social welfare systems.
Combine data from several sources, which may be public and others private. For example, a composite API can power a government’s digital service platform, using APIs from different state-run public services.
Benefits of APIs
The major benefit of using an API is accessing and consuming data and services from thousands of independent sources. This means organizations of all sizes can access these functionalities without developing their own specialized applications.
Some examples of services accessible by APIs include getting data from geolocation services, accessing weather updates or financial data, or login services through Google or Facebook.
The language-independent nature of APIs enables rapid development and deployment of small, modular applications. APIs can also leverage a vast range of already-built third-party services and data sources.
Another benefit of APIs is related to monetization. Organizations developing APIs for public consumption can offer a free tier for regular usage, but they can also charge if callers reach certain request counts or want access to premium API features or endpoints.
Common features of APIs
There are a number of characteristics common to APIs, irrespective of their type or how they are developed.
Every API must have a defined interface which specifies the actions that API can perform, how a client app can invoke those actions, and what data will be returned as a response.
An API specifies its message format. The API provider stipulates the message format (for example, JSON, YAML or XML) and structure of the data exchanged between the client and the API.
An API specification also includes the network protocol the client uses to make the API request and receive its response. Some examples include HTTP, HTTPS and SFTP.
Finally, API developers must ensure security—for example, by using web application firewalls, secure API gateways that use SSL and TLS encryption, input validation, and user authentication wherever necessary.
API development today
API development has gone through several phases over the years, culminating in the evolution of the so-called API Economy central to today’s digital world. There are some key terms and concepts to understand the API landscape today.
API gateways are specialized software that aggregates all incoming API requests and routes them through a management system to the appropriate API. Typical functions of an API gateway include the following:
Aggregating these functionalities into a unified platform greatly simplifies management and enhances performance from the perspective of a service provider.
Microservices are a software architecture that divides an application’s different functions into smaller components called services. In contrast with the older, monolithic style of application development in which single applications performed multiple functions, a microservice architecture typically comprises distributed, loosely coupled, semi-autonomous, individual software components for different functions.
For example, an application can be made up of one service for user account management, another for online merchant integration and yet another for payments.
Although APIs and microservices are different, they’re usually paired because microservices typically communicate with one another via their exposed APIs.
Different approaches to API development
There are many different approaches to the design and development of APIs in use today. The dominant approach is the RESTful (Representational State Transfer) API. REST is not strictly a protocol or standard as it is a set of architectural constraints or guidelines. When a client makes a request, a REST API sends a representation of the resource’s state to the requester or endpoint.
Other API approaches include SOAP (Simple Object Access Protocol), introduced in the late 90s and, for a time, the dominant API model. It’s still used but has since been eclipsed by REST.
Developed by Google, gRPC is now widely used and is particularly suitable for mobile API development.
Created by Facebook (now Meta), GraphQL is a language for querying databases from client-side applications and is particularly useful for granular data access and mobile API development.
The API Economy
The API economy is increasingly used today. According to a Forbes report, nearly 40% of top US companies employ more than 250 APIs, with more than $2 billion invested in API development in 2020. These days, anyone with a mobile phone and a social media account is constantly tapping into API-linked applications—whether they know it or not.
In the enterprise world, Amazon Web Services, Alibaba Cloud, Google, Meta and Microsoft Azure all make their services available through APIs and have significant investments in developing the ecosystem. As more and more services are made public and integration continues to increase, the API economy will continue to grow exponentially.
APIs provide unlimited opportunities for service integration, expansion and development. They are crucial to participating in the booming, global digital economy and entering an almost limitless variety of digital services.
IT leaders who want a deeper dive into the API world or want to optimize their engagement in the API economy can start by exploring our growing number of eBooks on API management and APIOps.
Software developers seeking to traverse the API landscape can start by becoming familiar with REST and other API design approaches and exploring the API functionalities of their language of choice.
Check out the Kong Learning Lab for state-of-the-art learning resources across multiple languages and platforms. Once confident, download and install the Kong Gateway, which is an open source API gateway available for major operating systems. You can also refer to their documentation or explore the Knowledge Center.