APIs, or application programming interfaces, are sets of functions and procedures that serve as bridges between applications, dictating how services interact within an ecosystem. They specify accepted requests and their formats, enabling seamless data and functionality exchange between software entities.
Common services accessible via APIs include geolocation data, weather updates, financial information, and authentication services through platforms like Google or Facebook.
In this post, we'll cover the basics of APIs, including their common use cases, features and API management best practices. We'll also outline key concepts around API development and the role of APIs in digital transformation.
APIs are fundamental to modern digital products, simplifying application development and forming a core component of distributed applications. They account for more than 80% of global internet traffic, driven by cloud-native applications and microservices. Understanding APIs and their functionality can transform business operations, offering significant learning value.
APIs are the building blocks of today's digital products and experiences. They simplify application development and are a core component of the modern distributed application paradigm. It's estimated that traffic from API-based services makes up more than 80% of all internet traffic around the world.
The widespread adoption of APIs has been driven by the rise of cloud-native applications and microservices.
Whether you're a developer moving into the microservices world or an IT decision-maker interested in the power of the API economy to transform your business, there's real value in learning what APIs are and how they work.
For newcomers to the technology, it's often easiest to understand APIs with an example of how they work and what they enable.
Imagine you're ordering delivery using your favorite pizza places app. In the pizzeria's app, they offer you the ability to log in using your Facebook account.
Now, Facebook (presumably) doesn't want to give your neighborhood pizzeria full-on access to its entire platform all willy-nilly. But they can make it easy for the pizza app to communicate with their own systems to authenticate your identity (without interacting or connecting to them in any way they don't want) thanks to APIs. The pizza app just has to make a call to Facebook's API requesting the needed data (delivered in a fraction of a second, putting that 30-minute delivery time guarantee to shame).
Other obvious examples of APIs at play in our hypothetical pizza app could include an integration with a maps app to show you where your delivery driver is with your incoming pie. Or the ability to use a mobile payment service to pay for the food.
All of the above is done inside the pizzeria's app; you never have to open up Facebook or Google Maps or Apple Pay. These connections happen behind the scenes thanks to APIs.
This is how companies can extend their potential market reach by exposing capabilities like authentication, maps, or payment services through APIs.
APIs function by mediating between a client application and a server to deliver data or resources. They operate through defined rules and protocols, allowing applications written in different languages to communicate. APIs are employed in web, mobile, and desktop applications, as well as system-to-system communications. They abstract and encapsulate underlying programs, facilitating easy service consumption by client applications.
APIs themselves can be written in most high-level languages. The only things that bind the backend system with the API and the calling application are:
The interfaces that accept requests and provide responses
The protocol used to convey the messages back and forth
APIs abstract the underlying program and encapsulate it in a way that enables the client application to easily consume its services.
APIs are used for web-based, mobile, and desktop apps as well as system-to-system communication. Any time two pieces of software need to communicate with each other, there is potential for an API to be used.
In the above diagram, we have a client application sending a request to an API service. The API internally communicates with the application and backend systems to retrieve data and perform computations. Then, the API responds to the client. Besides REST, API services can use other protocols, including SOAP, GraphQL, or gRPC.
There are many different ways of categorizing APIs, but chief among them is the method of access.
Depending on how API endpoints are exposed, an endpoint can be public, private, and partner. API endpoints exposed to anyone on the internet are public. Clients can access these APIs through a token unique to their subscription. Private API endpoints are accessible only within the organization's network. Partner API endpoints are also accessible over the internet, but only to authorized partner organizations.
Public APIs are accessible by anyone over the internet. These APIs are maintained by organizations that have developed, deployed, and now manage the API endpoints. The documentation for these APIs (which show their features and how to access them) is also available in the public domain. An example of public APIs are Twitter's public APIs, which allow developers to create Twitter-based applications.
Private APIs are internal to an organization. Only applications inside the organization's network boundary can access them. This is how many enterprises expose legacy applications to newer applications.
Partner APIs are a mixture of both public and private APIs. Here, an organization creates APIs that are accessible by its own applications as well as those of partner organizations. An example of this is the private API of a tax office that is also made available to banks and social welfare systems.
Composite APIs combine data from several sources, which may be public and others private. For example, a composite API can power a government's digital service platform, using APIs from different state-run public services.
The major benefit of using an API is accessing and consuming data and services from thousands of independent sources. This means organizations of all sizes can access these functionalities without developing their own specialized applications.
Other major benefits to using APIs include:
APIs increase business agility. By abstracting away the underlying complexity of a service and presenting it as a product, APIs give organizations secure access to data, services, and operating systems that drive innovation for internal partners and third-party consumers.
When built well, APIs enable developers to be more productive by allowing them to reuse an existing API rather than building new code each time.
The language-independent nature of APIs enables rapid development and deployment of small, modular applications. APIs can also leverage a vast range of already-built third-party services and data sources.
Another benefit of APIs is related to API monetization. Organizations developing APIs for public consumption can offer a free tier for regular usage, but they can also charge if callers reach certain request counts or want access to premium API features or endpoints.
There are a number of characteristics common to APIs, no matter the type of API or how it is developed.
Every API must have a defined interface that specifies the actions the API can perform, how a client app can invoke those actions, and what data will be returned as a response.
An API specifies its message format. The API provider stipulates the message format (for example: JSON, YAML or XML) and structure of the data exchanged between the client and the API.
An API specification also includes the network protocol the client uses to make the API request and receive its response. Some examples include HTTP, HTTPS, and SFTP.
API security is another important matter. API developers must ensure security. This may be done (for example) by using web application firewalls, secure API gateways that use SSL and TLS encryption, input validation, and user authentication wherever necessary.
APIs play a crucial role in connecting diverse software systems and enabling seamless functionality across various industries. At the core of it all, APIs ultimately empower developers to build rich, interactive applications across almost all industries. The process of leveraging specialized APIs in sectors like e-commerce, healthcare, communication, and entertainment, businesses can enhance user experiences, streamline operations, and unlock new capabilities with efficiency and security.
Payment Processing APIs
APIs like Stripe and PayPal enable secure and efficient online transactions by offering robust encryption, fraud detection, and regulatory compliance, ensuring customer data is protected during purchases. For example, e-commerce platforms integrate these payment gateways to streamline checkout and facilitate customer purchases.
Social Media Integration APIs
APIs from platforms such as Facebook and Twitter allow applications to interact with social media services, enabling features like content sharing, analytics retrieval, and comment management. A common use case is apps that let users share content directly to their social media profiles.
Maps and Geolocation APIs
APIs like Google Maps provide location-based services, mapping, and real-time tracking functionalities. Ride-sharing apps, for instance, use geolocation APIs to monitor driver and passenger locations for efficient pickups and drop-offs.
Communication APIs
Twilio and similar APIs facilitate messaging, voice, and video communications within applications, supporting customer engagement and support features. For example, customer support platforms integrate Twilio to enable in-app voice calls.
Weather Data APIs
APIs such as OpenWeatherMap deliver real-time weather data and forecasts, enhancing user experiences with timely information. Travel apps often use these APIs to provide weather updates for user destinations.
E-commerce APIs
E-commerce APIs integrate product catalogs, manage inventory, and process orders, allowing online marketplaces to aggregate products from multiple vendors seamlessly.
Healthcare APIs
Healthcare APIs enable secure interoperability between systems, allowing the safe exchange of patient data. Telemedicine platforms, for example, access electronic health records via APIs to support remote consultations.
Entertainment APIs
APIs from services like Spotify and Netflix allow applications to integrate media streaming, enabling features such as smart home devices controlling playback through API commands.
API development has gone through several phases over the years, culminating in the evolution of the so-called API economy (more on that in a moment) central to today's digital world. Below are some key terms and concepts essential to understanding the API landscape today.
An important part of an API is its documentation.
You can't just send anything you like an API and expect it to work properly. Each API has a specific purpose. For example, you can't go to your pizzeria and try to buy a trombone. (At least, not at my local pizza parlor.) Instead, in the pizzeria, there's a specific menu that shows you what you can order and a description about what you'll get in turn. This is similar to API documentation.
Let's consider the API documentation for a rideshare application like Uber:
The ride request API documentation will say that you can request your preferred vehicle type and it will expect you to provide standard drop-off and pickup points in real places.
The documentation will also tell what information Uber will send back to you after you requested a ride: like the driver's name and vehicle model.
A developer portal is like a catalog for APIs. It's a website that developers go to to find the APIs they want to use and to read the documentation for each API.
According to best practices, APIs should be easy to find, access, and use. A dev portal makes this possible.
API gateways are specialized software that aggregate all incoming API requests and route them through a management system to the appropriate API.
API gateway functions include:
Aggregating these functionalities into a unified platform greatly simplifies management and enhances performance from the perspective of a service provider.
Microservices are a software architecture that divides an application's different functions into smaller components called services.
In contrast with the older, monolithic style of application development in which single applications performed multiple functions, a microservice architecture typically comprises distributed, loosely coupled, semi-autonomous, individual software components for different functions.
For example, an application can be made up of one service for user account management, another for online merchant integration, and yet another for payments.
Although APIs and microservices are different, they're usually paired because microservices typically communicate with one another via their exposed APIs.
There are many different approaches to the design and development of APIs in use today. The dominant approach is the RESTful API. REST is not strictly a protocol or standard as it is a set of architectural constraints or guidelines. When a client makes a request, a REST API sends a representation of the resource's state to the requester or endpoint.
Other API approaches include:
SOAP (Simple Object Access Protocol), was introduced in the late 90s and, for a time, the dominant API model. It's still used but has since been eclipsed by REST.
Developed by Google, gRPC is now widely used and is particularly suitable for mobile API development.
Created by then Facebook / now Meta, GraphQL is a language for querying databases from client-side applications and is particularly useful for granular data access and mobile API development.
The API economy is increasingly used today. According to a Forbes report, nearly 40% of top US companies employ more than 250 APIs, with more than $2 billion invested in API development in 2020. These days, anyone with a mobile phone and a social media account is constantly tapping into API-linked applications, whether they know it or not.
In the enterprise world, Amazon Web Services, Alibaba Cloud, Google, Meta, and Microsoft Azure all make their services available through APIs and have significant investments in developing the ecosystem. As more and more services are made public and integration continues to increase, the API economy will continue to grow exponentially.
APIs provide unlimited opportunities for service integration, expansion, and development. They're crucial to participating in the booming, global digital economy and entering an almost limitless variety of digital services.
IT leaders who want a deeper dive into the API world or want to optimize their engagement in the API economy can start by exploring more of our resources around API management and APIOps.
Software developers seeking to traverse the API landscape can start by becoming familiar with REST and other API design approaches and exploring the API functionalities of their language of choice. Check out Kong Academy for learning resources across multiple languages and platforms.
For more information on Kong, refer to our documentation or explore the Knowledge Center.
Ready to get started with Kong? Get a personalized demo or start a trial today.
InfoWorld’s annual awards recognize the most innovative software development, DevOps, cloud, data management, and AI/ML products on the information technology landscape. We are extremely proud to see Kong Konnect recognized for its role in unifying
APIs have quietly powered the global shift to an interconnected economy. They’ve served as the data exchange highways behind the seamless experiences we now take for granted — booking a ride, paying a vendor, sending a message, syncing financial rec
The challenges of an acquisition frequently appear in a number of critical areas, especially when dealing with a platform as important as Kafka: API Instability and Change : Merged entities frequently rationalize or re-architect their services, whic
Why API Security Matters More Than Ever Imagine you've built a sophisticated smart house, controlling everything from lights to the espresso machine with just a smartphone tap. Now picture a hacker hijacking your system, turning your morning latte
Everyone's telling you to innovate faster with AI. Move quicker. Ship more features. Deploy more agents. But before we sprint headlong into the AI revolution, we need to have a proper dollars-and-cents conversation that most companies are avoiding.
The numbers tell a compelling story. While 65% of organizations that use APIs are currently generating revenue from them, a significant gap exists between API adoption and AI readiness. 83.2% of respondents have adopted some level of an API-first ap
Multimodal AI is a critical player in the new wave of artificial intelligence. By combining different types of data like text, images, and audio, multimodal AI creates more intuitive and versatile AI systems that can more closely mimic human decisio