API Development - bounswe/bounswe2024group5 GitHub Wiki

What is an API?

An API, or application programming interface, is a set of rules or protocols that let software applications communicate with each other to exchange data, features and functionality. APIs simplify application development by allowing developers to integrate data, services and capabilities from other applications, instead of developing them from scratch. APIs also give application owners a simple, secure way to make their application data and functionality available to internal departments within their organizations. Application owners can also share or market that data and functionality to business partners or third parties.

How do APIs work?

API architecture is usually explained in terms of client and server. The application sending the request is called the client, and the application sending the response is called the server. So in the weather example, the bureau’s weather database is the server, and the mobile app is the client.

There are four different ways that APIs can work depending on when and why they were created.

SOAP APIs: These APIs use Simple Object Access Protocol. Client and server exchange messages using XML. This is a less flexible API that was more popular in the past.
RPC APIs: These APIs are called Remote Procedure Calls. The client completes a function (or procedure) on the server, and the server sends the output back to the client.
Websocket APIs: Websocket API is another modern web API development that uses JSON objects to pass data. A WebSocket API supports two-way communication between client apps and the server. The server can send callback messages to connected clients, making it more efficient than REST API.
REST APIs: These are the most popular and flexible APIs found on the web today. The client sends requests to the server as data. The server uses this client input to start internal functions and returns output data back to the client. Let’s look at REST APIs in more detail below.

What are the different types of APIs?

APIs are classified both according to their architecture and scope of use. We have already explored the main types of API architectures so let’s take a look at the scope of use.

Private APIs: These are internal to an enterprise and only used for connecting systems and data within the business.
Public APIs: These are open to the public and may be used by anyone. There may or not be some authorization and cost associated with these types of APIs.
Partner APIs: These are only accessible by authorized external developers to aid business-to-business partnerships.
Composite APIs: These combine two or more different APIs to address complex system requirements or behaviors.

How to create an API?

Due diligence and effort are required to build an API that other developers will want to work with and trust. These are the four steps required for high-quality API design:

Plan the API: API specifications, like OpenAPI, provide the blueprint for your API design. It is better to think about different use cases in advance and ensure the API adheres to current API development standards.
Build the API: API designers prototype APIs using boilerplate code. Once the prototype is tested, developers can customize it to internal specifications.
Test the API: API testing is the same as software testing and must be done to prevent bugs and defects. API testing tools can be used to strength test the API against cyber attacks.
Document the API: While APIs are self-explanatory, API documentation acts as a guide to improve usability. Well-documented APIs that offer a range of functions and use cases tend to be more popular in a service-oriented architecture.

What are the benefits of API?

APIs simplify design and development of new applications and services, and integration and management of existing ones. But they offer other significant benefits to developers and organizations at large.

Improved collaboration

The average enterprise uses almost 1,200 cloud applications (link resides outside ibm.com), many of which are disconnected. APIs enable integration so that these platforms and apps can seamlessly communicate with one another. Through this integration, companies can automate workflows and improve workplace collaboration. Without APIs, many enterprises would lack connectivity, causing information silos that compromise productivity and performance.

Accelerated innovation

APIs offer flexibility, allowing companies to make connections with new business partners and offer new services to their existing market. This flexibility enables companies to, ultimately, access new markets that can generate massive returns and drive digital transformation. For example, the company Stripe began as an API with just seven lines of code. The company has since partnered with many of the biggest enterprises in the world. Stripe has diversified to offer loans and corporate cards, and was valued at USD 36 billion (link resides outside ibm.com).

Data monetization

Many companies choose to offer APIs for free, at least initially, so that they can build an audience of developers around their brand and forge relationships with potential business partners. If the API grants access to valuable digital assets, the businesses monetize it by selling access. This practice is referred to as the API economy. When AccuWeather (link resides outside ibm.com) launched its self-service developer portal to sell a wide range of API packages, it took just 10 months to attract 24,000 developers, selling 11,000 API keys. This move helped to build a thriving community in the process.

System security

APIs separate the requesting application from the infrastructure of the responding service, and offer layers of security between the two as they communicate. For example, API calls typically require authentication credentials. HTTP headers, cookies or query strings can provide additional security during data exchange. And an API gateway can control access to further minimize security threats.

End-user security and privacy

APIs provide added protection within a network. They can also provide another layer of protection for personal users. When a website requests a user’s location, which is provided through a location API, the user can then decide whether to allow or deny this request. Many web browsers and mobile operating systems, like iOS, have permission structures built-in when APIs request access to applications and their data. When the app must access files through an API, file systems such as windows, Mac and Linux use permissions for that access.