Chinu's Tech Blog

Understanding APIs: the Building Blocks of Modern Technology

Understanding APIs: the Building Blocks of Modern Technology

Chinu Anand's photo
Chinu Anand
·

8 min read

Table of contents

API or Application Programming Interface plays a crucial role in this online world. There are mainly 3 components of a web application -

  1. Frontend - the UI of the web app through which the user interacts and uses the application's functionalities, a good UI/UX is necessary for greater reach, the simpler the better.

  2. Backend - the code which provides the functionalities, different features and actions like when you click something, what should happen, is written all here. All the data and actions are managed here.

  3. API - this is like a mediator between Frontend and Backend, all the features that the backend provides wait for the request to do its work and send the response, the connection and transport thing is done by API.

Before getting into APIs a brief knowledge of HTTP is required, please refer to An intro to HTTP, HTTPs and APIs.

Now let's understand the theoretical aspects of this API thing.

Understanding API

An API, or Application Programming Interface, is a set of rules and protocols that allows different software applications to communicate with each other. These interfaces can be used to connect different systems, such as a website and a database, or to access external services, such as social media platforms or weather data.

APIs are a crucial component of modern software development, as they allow developers to easily connect different systems and services without having to build them from scratch. This allows for greater flexibility and faster development times, as well as the ability to easily integrate new features and functionality into existing systems.

One of the key benefits of using APIs is that they allow for data and functionality to be shared between different systems and applications. For example, a website might use an API to access a database and display information to users, or an app might use an API to access a social media platform and display updates from friends.

Another benefit of APIs is that they allow for greater flexibility and scalability. For example, if a website or application becomes popular and needs to handle a large number of users, an API can be used to distribute the load across multiple servers.

APIs also provide a way for third-party developers to access and use the data and functionality of a particular service or platform. This allows for innovation and the development of new applications and services, which can lead to new business opportunities.

Type of APIs

From the perspective of developers generally, there are two types of APIs which are used globally -

SOAP API

  • Simple Object Access Protocol

  • Old Protocol

  • Uses SOAP protocol for connection and transportation

  • Platform/Language independent

  • Very Secure

  • Need less coding

  • Uses XML as the messaging format

  • Slow and heavier

  • Caching is not possible

REST API

  • Representational State Transfer

  • New and mainly used these days

  • Uses HTTP protocol for connection and transportation

  • Language dependent

  • Less Secure

  • Require a bit more coding

  • Uses JSON as the messaging format

  • Fast and lightweight

  • Caching is possible

In this blog, I will focus on REST API as it is used widely now.

Components of an API

Endpoint

An API Endpoint is a digital location where an API receives requests about a specific resource on its server. In APIs, an endpoint is typically a URL (uniform resource locator) that provides the location of a resource on the server.

Method

An API method embodies a method request and its response. A method is defined in a way that includes what a client should do to submit a request to the server to access the service and get a response.

Body

A request body is the data sent by the client to API to process, similarly a response body is the data sent by API to the client as a response.

Parameter

Parameters are the values that are passed to an API when making a request. These values are used to specify the desired action or data that the API should return. It is two types - query parameters and path parameters.

Status Code

Status codes are standard response codes that indicate the outcome of a request made to an API. These codes are returned by the server in the response to a client's request, and they provide information about the success or failure of the request.

API Methods

API methods are HTTP methods, they are used to specify the type of action that should be performed on a resource in an API. The most common API methods are -

GET

This method is used to retrieve information from the server.

POST

This method is used to create a new resource on the server. It is typically used when submitting a form or uploading a file.

PUT

This method is used to update an existing resource on the server.

PATCH

This method is used to partially update an existing resource on the server. The only difference between PUT and PATCH is, PUT overrides the whole existing data and PATCH adds the data on existing data.

DELETE

This method is used to delete a resource from the server.

API Status Codes

Status codes are also the same as HTTP status codes, they are 3-digit integers and they are classified based on their first-digit -

  1. 1XX (informational) - the request has been received and the server is continuing to process it.

  2. 2XX (successful) - the request was successful and the server has returned the requested data.

  3. 3XX (redirection) - the request needs additional information or action before it can be fulfilled.

  4. 4XX (client error) - the request contains bad syntax or cannot be fulfilled by the server.

  5. 5XX (server error) - the server failed to fulfil a valid request.

The most common status codes are -

  • 200 OK - the request was successful and the server returned the requested data.

  • 201 Created - the request was successful and a new resource was created as a result.

  • 204 No Content - the request was successful, but there is no data to return.

  • 400 Bad Request - the request was invalid.

  • 401 Unauthorized - the request requires authentication and the client did not provide credentials.

  • 403 Forbidden - the client does not have permission to access the requested resource.

  • 404 Not Found - the requested resource could not be found.

  • 500 Internal Server Error - an error occurred on the server and the request could not be completed.

How APIs are made

APIs are typically built on the back end using a variety of programming languages and frameworks. The process of creating an API typically involves the following steps:

  1. Define the API's requirements: Before building the API, it's important to define what the API will do, what data it will need to access, and what kind of requests it will need to handle.

  2. Design the API's endpoints: An API's endpoints are the URLs that clients will use to interact with the API. These endpoints should be designed to be easy to understand and use, and should include any path and query parameters that will be needed to make requests.

  3. Choose a programming language and framework: There are many programming languages and frameworks that can be used to build an API. Some popular choices include Node.js with Express, Python with Flask or Django, and Java with Spring.

  4. Implement the API: Once the language and framework have been chosen, the developer can start implementing the API. This typically involves writing code to handle requests, access data, and return responses.

  5. Test the API: Before deploying the API, it's important to test it to ensure that it is working as expected and that there are no bugs or errors. This can be done by manually testing the API or by using automated testing tools.

  6. Deploy and monitor the API: Once the API has been tested and is working properly, it can be deployed to a production environment. After the deployment, it is important to monitor the API to ensure that it is performing well and to identify and fix any issues that arise.

In the backend, there are several concepts of components which make building an API efficiently. The languages may vary but the concept remains the same. These components are -

  1. Route - it specifies which path to take to access certain endpoints.

  2. Controller - it consists of all the functions which we need to perform and process on the backend.

  3. Model - it defines what kind of data and in what format to send and receive.

How to make API secure

REST API is not as secure as SOAP, so there are some methods to make it more secure. The ways to do so are -

Authentication and Authorization

Use authentication mechanisms such as OAuth or JSON Web Tokens (JWT) to verify the identity of the client and to ensure that only authorized clients can access the API.

Input Validation

Validate all input data, such as query parameters and request body, to ensure that it is in the correct format and does not contain any malicious data.

Data Encryption

Use encryption to protect sensitive data, such as passwords and personal information, both in transit and at rest.

Use HTTPS

Use HTTPS to encrypt all communication between the client and the API to prevent man-in-the-middle attacks.

Limit Access

Limit the number of requests that can be made to the API and implement rate limiting to prevent denial of service attacks.

Regularly Update

Keep all software and libraries used to build the API up to date to ensure that any security vulnerabilities are patched.

Logging and Monitoring

Implement logging and monitoring to detect and respond to security incidents and suspicious activity.

Use API gateway

Use API gateway to handle security features such as authentication, rate limiting, and request/response transformation, rather than building them into the API.

Overall, APIs are a powerful tool for modern software development and enable developers to easily connect different systems and services, share data and functionality, and build new applications and services.

Programming BlogsAPIs