What is an API? | Quick Definition

What is an API?

Intro

With a few clicks on a desktop or device, one can buy, sell or publish anything, anytime. Exactly how does it happen? How does information get from right here to there? The unrecognized hero is the API.

What is an API?

API stands for an APPLICATION PROGRAMMING INTERFACE.  An API expresses a software component, its operations, inputs, outputs, and underlying types. But how do you explain the API in plain English? The API functions as a messenger that transfers your request from an application and delivers the response back to you.

Example 1: When you’re searching for flights online. You interact with the airline’s website. The website details the seating and the cost of the flight on that particular date and time. You choose your meal or seating, baggage, or pet requests.

But, if you are not using the airline’s direct website or and are using an online travel agent that combines data from many airlines. To get the information, an application interacts with the airline’s API. The API is the interface that takes data from the travel agent’s website to the airline’s system.

 

It also takes the airline’s response and delivers right back. This facilitates the interaction between the travel service, and the airline ‘systems -to book the flight. API’s entails a library for routines, data structures, object classes, and variables. For example, SOAP and REST services.

 

Example 2: Best Buy makes a Deal of the Day pricing special available through its website. This same data is in its mobile application. The app worries not about the internal pricing system – it can call the Deal of the Day API and ask, what is the pricing special? Best Buy responds with the requested information in a standard format that the app displays to the end-user.

 

Example3:  APIs for social media are crucial. Users can access content and keep the number of accounts and passwords they keep track of low, so they can keep things simple.

  • Twitter API: Interact with most Twitter functions
  • Facebook API: For payments, user data, and login 
  • Instagram API: Tag users, view trending photos

What about REST & SOAP API's?

SOAP and REST use an API-consuming service, known as Web API. Web service is not dependent on any prior knowledge of information. SOAP is a web service protocol that is lightweight platform-independent. SOAP is an XML-based messaging protocol. Unlike SOAP web service, Restful service uses REST architecture, built for point-to-point communication.

SOAP Web service

Simple Object Access Protocol (SOAP) uses HTTP protocols to allow applications to communicate. SOAP is a directional, stateless communication between nodes. There are 3 types of SOAP nodes:

  1. SOAP Sender – creating and transmitting a message.

  2. SOAP Receiver – obtains and processes the message.

  3. SOAP Intermediary- receives and processes header blocks.

RESTful Web Service

Representational State Transfer (REST) relates to the relation between the client and the server and how the state processes. Rest architecture, a REST Server provides resource access to the client. Rest handles the reading and modifying or writing the resources. Uniform Identifier (URI) identifies resources to contain a document. This will capture the resource state.

REST is lighter than SOAP architecture. It parses JSON, a human-readable language that enables data sharing and easier to use data, instead of XML used by SOAP architecture.

There are several principles for designing Restful Web Service, which are:

  • Addressability – Each resource should have at least one URL.
  • Statelessness – A Restful service is a stateless service. A request is independent of any past requests by the service. HTTP is by design a stateless protocol.
  • Cacheable – Data marked as cacheable stores in the system and reuses in the future. As the response to the same request instead of producing the same results. Cache constraints enable response data marking as cacheable or non-cacheable.
  • Uniform interface – Allows a common and standardized interface to use for access. The use of a defined collection of HTTP methods. Abiding by these concepts ensures, REST implementation is lightweight.

Advantages of REST

  • Uses simpler format for messages
  • Offers stronger long-term efficiency
  • It supports stateless communication
  • Use HTTP standards and grammar
  • Data is available as a resource

Disadvantages of REST

  • Fails in standards of Web service such as Security Transactions etc.
  • REST requests are not scalable

REST vs SOAP Comparison

Differences between SOAP and REST web services.

 

SOAP Web Service

Rest Web Service

Requires heavy input payload compared to REST.

REST is lightweight as it uses URI for data forms.

Change in SOAP services often leads to a significant change in code on the client side.

Client-side code is not affected by change in services in REST web provisioning.

Return type is always XML type.

Provides versatility with respect to the form of the returned data.

A XML-based message protocol

An architectural protocol

Requires a SOAP library on the end of the client.

No library support needed typically used over HTTP.

Supports WS-Security and SSL.

Supports SSL and HTTPS.

SOAP defines its own security.

RESTful web services inherit security measures from the underlying transport.

Types of API Release Policies

Release policies for API are:

 

Private release policies: 

The API is only available for internal company use.


Partner release policies:

The API is available only for particular business partners. The companies can control the quality of the API because of the control over who can access it.

 

Public release policies:

The API is for public use. Availability of the release policies is available to the public. Example: Microsoft Windows API and Apple’s Cocoa.

Conclusion

APIs are present everywhere, whether you are booking a flight or engaging with social media applications. SOAP API is based on XML communications, it differs from REST API in that it does not require any special configuration.

Designing Rest Web services should adhere to certain concepts, including addressability, statelessness, cacheability, and a standard interface. API release rules may be divided into three categories: private APIs, partner APIs, and public APIs.

Thank you for reading this article. Check out our article on a Guide to API Security 2022.

Application Security Training Platform | Security Sherpa