What Is An API, Anyway?

API is the acronym for Application Programming Interface, which is a software intermediary that allows two applications to talk to each other. Every time you use an app like Facebook, send an instant message, or check the weather on your phone, you’re using an API. 

Application programming interfaces, or APIs, simplify software development and innovation by enabling applications to exchange data and functionality easily and securely. 

Developers use APIs to enhance their products by accessing another company’s data, software, services, or code, thereby providing additional features while saving time and money.

When you use an application on your mobile phone, the application connects to the Internet and sends data to a server. The server then retrieves that data, interprets it, performs the necessary actions and sends it back to your phone. The application then interprets that data and presents you with the information you wanted in a readable way. 

Imagine you’re sitting in a restaurant with a menu of choices to order from. The kitchen is the part of the “system” that will prepare your order. What is missing is the critical link to communicate your order to the kitchen and deliver your food back to your table. That’s where the waiter or API comes in. The waiter is the messenger, or API, that takes your request or order and tells the kitchen, the system, what to do. Then the waiter delivers the response back to you - the food you ordered

Example Of An  API

You may be familiar with the process of searching flights online and you are presented a variety of options to choose from, including different cities, departure and return dates and more. Suppose that you are online booking you are flight on an airline website.

You choose a departure city and date, a return city and date, cabin class, as well as other variables. In order to book your flight, you interact with the airline’s website to access their database and see if any seats are available on those dates and what the costs might be. But what if you are not using the airline’s website - a channel that has direct access to the information? What if you are using an online travel service, such as Kayak or Expedia, which aggregates information from a number of airline databases?

The travel service, in this case, interacts with the airline’s API. The API is the interface that, like your helpful waiter, can be asked by that online travel service to get information from the airline’s database to book seats, baggage options and other requirements. The API then takes the airline’s response to your request and delivers it right back to the online travel service, which then shows you the most updated, relevant information.

An API Provides A Layer Of Security

Your online device's data is never fully exposed to the server, and likewise the server is never fully exposed to your device. Instead, each communicates with small packets of data, sharing only that which is necessary, like ordering from a takeout restaurant. You tell the restaurant what you would like to eat, they tell you what they need in return and when that is completed you get your meal.

How An API Works

An API is a set of defined rules that explain how computers or applications communicate with one another. APIs sit between an application and the web server, acting as an intermediary layer that processes data transfer between systems ands are designed for use by a computer or application, as follows: 

  •  A client application initiates an API call to retrieve information, also known as a request. This request is processed from an application to the web server via the API’s Uniform Resource Identifier (URI) and includes a request verb, headers, and sometimes, a request body.
  • After receiving a valid request, the API makes a call to the external program or web server. The server then sends a response to the API with the requested information.
  •  The API transfers the data to the initial requesting application.

While the data transfer will differ depending on the web service being used, this process of requests and response all happens through an API. 

APIs offer security by design because their position as middleman insures the integrity of the  functionality between two systems. The API endpoint separates the consuming application from the infrastructure providing the service. 

API calls usually include authorisation credentials to reduce the risk of attacks on the server, and an API gateway can limit access to minimise security threats. Also, during the exchange, HTTP headers, cookies, or query string parameters provide additional security layers to the data.

The Modern API

What an “API” is has evolved. Once often described any sort of generic connectivity interface to an application, the modern API has taken on some characteristics that make them extraordinarily useful:

  • Modern APIs adhere to standards (typically HTTP and REST), that are developer-friendly, easily accessible and understood broadly.
  • They are treated more like products than code. They are designed for consumption for specific audiences (e.g., mobile developers), they are documented, and they are versioned in a way that users can have certain expectations of its maintenance and lifecycle.
  • Because they are much more standardised, they have a much stronger discipline for security and governance, as well as monitored and managed for performance and scale.
  • Like any piece of productised software, the modern API has its own software development lifecycle (SDLC) of designing, testing, building, managing, and versioning for different uses and languages.  Furthermore, modern APIs are well documented for adaptation and versioning.

APIs have become so valuable that they comprise a large part of many business’ revenue and giant companies like Google, eBay, Salesforce.com, Amazon, and Expedia are among those businesses that make big money from APIs. 

IBM:      Hubspot:    MuleSoft:     APIMetrics:     OKTA:    Postman

You Might Also Read: 

Endpoint Security Is More Important Than Ever:

 

« Clearview Faces £17 Million Penalty For Breaching Data Laws
Dealing With Scam Emails »

ManageEngine
CyberSecurity Jobsite
Check Point

Directory of Suppliers

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Riverbed Technology

Riverbed Technology

The Riverbed Network and Application Performance Platform enables organizations to visualize, optimize, accelerate and remediate the performance of any network for any application.

IS Decisions

IS Decisions

IS Decisions builds affordable and easy-to-use Access Management software solutions, allowing IT teams to effectively secure access to Active Directory infrastructures, SaaS apps and data within.

Efecte

Efecte

Efecte is a Nordic SaaS company specialized in IT Service Management, Self-Service, Identity Management and Access Governance solutions.

CYRISMA

CYRISMA

CYRISMA is a revolutionary cybersecurity platform that helps organizations manage risk without the usual headaches associated with enterprise cybersecurity tools.

Kiberna

Kiberna

Kiberna are a small but niche company specialising in data driven security to manage your cyber risks.

Zyston

Zyston

Zyston's solutions provide end-to-end management of your cybersecurity needs. Our range of services help protect your business where it needs it the most.

Open Web Application Security Project (OWASP)

Open Web Application Security Project (OWASP)

The Open Web Application Security Project (OWASP) is a nonprofit foundation that works to improve the security of software.

Plerion

Plerion

Plerion is an all-in-one Cloud Security Platform that supports workloads across AWS, Azure, and GCP delivering cloud security posture management, workload security, data security and more.

TeKnowledge

TeKnowledge

TeKnowledge enables governments and enterprises around the world to navigate the challenges with digital transformation today and tomorrow with elite cybersecurity protection and managed services.

Identifid

Identifid

Identifid offers a suite of fraud prevention and identity authentication solutions to businesses and governments using the latest advances in AI, vision processing, and biometric recognition.

SecureFlag

SecureFlag

SecureFlag is dedicated to enhancing secure coding across all technical profiles within the Software Development Lifecycle.

XY Cyber

XY Cyber

XY Cyber enable Generative AI for Cyber Operations. We simplify the complex world of cyber threats into actionable strategies, empowering your defense with AI-powered solutions.

DeepTempo

DeepTempo

At DeepTempo, we build AI models and related software that protect enterprises and service providers from sophisticated cyber threats.

Reasonable Risk

Reasonable Risk

Reasonable Risk is the only SaaS GRC platform with Duty of Care Risk Analysis (DoCRA) built in, providing a sensible and defensible cybersecurity position for an organization.

Verax AI

Verax AI

Verax Protect helps security leaders mitigate the risks of using AI in the workplace by actively stopping the leakage of any sensitive data, harmful or malicious responses, and other security threats.

Daylight Security

Daylight Security

Daylight Security is the leading provider of Managed Agentic Security Services, offering tailored MDR solutions that are delivered by Agentic AI and backed by elite human experts.