What is an API?
API is an acronym for Application Programming Interface. An API is a tool that allows applications to communicate with each other.
The API operating principle is very simple. An application sends data (known as a request) to a server. The server processes this information and sends back a response. The application then interprets that data and presents it in a readable way.
The response usually comes in JSON format. JSON is an open standard data format that is lightweight and human-readable. It is widely supported in many programming languages.
The big advantage of an API is that developers don't need to know how a server processes this information, which simplifies their work. And also due to this benefit, companies can safely provide their data and functionality to third parties.
APIs are extremely popular. All the most used applications like Facebook, Amazon, and many others apply it.
What is REST?
The API usage growth in all market segments causes the necessity of protocols, standards, and rules that would facilitate to standardize data exchange through the API. The most widespread decision to resolve this issue has become REST.
REST (Representational State Transfer) is a set of web API architecture principles, or constraints, (not a protocol or a standard), that dictate how web service applications communicate over the internet. For this purpose, REST API (also known as a RESTful API) uses the HTTP protocol between client and host server at a predefined set of URLs.
REST API request and response structure
Request:
- Method (HTTP verbs: GET, PUT, POST, DELETE, etc.)
- URL (resource and parameters)
- Headers (meta-data of the request)
- Body (the content of the request)
Response:
- Status code
- Headers (meta-data of the response)
- Body (the content of the response)
HTTP verbs
- GET: The get method is used to read (retrieve) data on the server.
- POST: The post method is used to create data.
- PUT: The patch method is used to update data.
- DELETE: The delete method is used to delete data.
URL structure
- Host name defines the address of the server providing the data
- Base path defines the API product name, which is typically associated with some business entity, as well as its version
- Resource name defines the specific API resource, which further details and clarifies possible API request options
- Query parameters can be used to send supplementary request information, e.g. for filtering, sorting or other actions.
Response codes
HTTP status codes are three-digit codes delivered in the HTTP header. They indicate whether a specific HTTP request has been successfully completed. They also help to identify the cause of the problem when a resource does not load properly.
These codes are grouped into five classes:
- Informational responses (100–199)
- Successful responses (200–299)
- Redirection messages (300–399)
- Client error responses (400–499)
- Server error responses (500–599)
The most common responses are:
| HTTP CODE | STATUS | DESCRIPTION |
|---|---|---|
| 200 | OK | The request has succeeded |
| 201 | Created | The request has been fulfilled and resulted in a new resource being created |
| 400 | Bad Request | The request could not be understood by the server due to incorrect syntax |
| 401 | Unauthorized | The request requires user authentication |
| 403 | Forbidden | The client does not have access rights to the content |
| 404 | Not Found | The server has not found anything matching the Request-URI |
| 429 | Too Many Requests | The user has sent too many requests in a given amount of time (“rate limiting”) |
| 500 | Internal Server Error | The server encountered an unexpected condition that prevented it from fulfilling the request |
| 502 | Bad Gateway | The server, while acting as a gateway or proxy, received an invalid response from the upstream server it accessed in attempting to fulfill the request |
| 503 | Service Unavailable | The server is currently unable to handle the request due to a temporary overloading or maintenance of the server |
| 504 | Gateway Timeout | The server is acting as a gateway and cannot get a response in time for a request |
Glossary
|
Term |
Description |
|---|---|
| Analytics | Metrics and insights provided to API consumers, allowing them to monitor usage patterns, performance, and other relevant data, ultimately optimizing their API integration. |
| API | Application Programming Interface, establishes the rules and protocols for software applications to communicate and interact with each other. |
| API Consumer | Developers or software applications that utilize APIs to access specific functionalities or data. |
| API Gateway (backend-facing) | Expose enterprise service (backend) APIs for external consumption and consumption by BFFs/BFIs in case of north-south traffic (API consumption by other backends only in exceptional cases where event-driven approaches are not feasible or useful) |
| API Gateway (consumer-facing) | Expose API towards API consumers, including applications, UIs, customer journeys, external partners, etc. API Gateway serves the API access points for consumer. Registered Consumer Apps can call an API with keys and secrets or other authentication methods. |
| API Provider | Companies, organizations, or individuals that develop and offer APIs for use by developers. |
| Authentication | The verification process to confirm the identity and permissions of a user or application requesting API access. |
| Backend-for-frontend (BFF) | UI-specific component consuming APIs exposed by the backend-facing API Gateway, creating data transfer objects (DTOs) and implementing lightweight solutions to ensure performance, caching etc. BFFs are only consumed by one specific UI and are part of that UI. |
| Backend-for-integration (BFI) | Consumer-specific component focusing on exposing tailored APIs for specific partners; consuming APIs exposed by the backend-facing API Gateway, creating data transfer objects (DTOs) and implementing lightweight solutions to ensure performance, caching etc. BFIs are only consumed by one specific external partner, and are part of the specific integration logic with that external partner. Ideally, BFIs are implementing the Facade pattern. |
| Documentation | Comprehensive information and instructions provided by API providers, guiding developers on the effective usage of their APIs. |
| Endpoint | A specific URL within an API that represents a resource or a specific functionality. Developers make requests to these endpoints to interact with the API. |
| Identity Provider | Provide Identities and Tokens to serve API Gateway, Developer Portal and any other component requiring token-based authentication or other forms of authentication |
| Integration |
The process of incorporating and utilizing an API within a software application to enhance its capabilities. |
| Quota | A technique implemented by API Gateway to control the number of API requests a user or application can make within a specified bigger timeframe to limit the number of requests allowed for a consumer. Most used together with Rate Limiting. |
| Rate Limiting | A technique implemented by API Gateway to control the number of API requests a user or application can make within a specified small timeframe, ensuring fair usage and preventing abuse. Most used together with Quotas. |
| Request | A call made by an API consumer to an API endpoint, typically specifying the desired operation, parameters, and data, in order to retrieve information or perform an action. |
| Response | The data and information returned by an API endpoint in reply to a request made by an API consumer. It includes status codes, headers, and the actual data payload. |
| REST | Representational State Transfer, a widely used architectural style for designing networked applications, including APIs, that emphasizes stateless communication and resource-oriented design. |
| SDK | An abbreviation for Software Development Kit, comprising tools, libraries, and documentation that facilitate developers in integrating and working with specific APIs more efficiently. |
| Testing Sandbox | A controlled environment within API marketplaces that allows developers to test their applications and APIs without impacting production data or services. |
| Versioning | The practice of assigning unique identifiers, such as version numbers, to APIs, enabling effective management of changes, updates, and backward compatibility. |
| Webhooks | A mechanism provided by some APIs where developers can register a URL to receive automatic notifications or data updates whenever a specific event or trigger occurs. |
