APIs aren’t as complicated as they seem. That I can promise you. If you understand how puzzles work, you’ll understand APIs. In fact, I actually find APIs way easier to understand than some puzzles.
APIs are just apps that communicate with each other. And the logic behind them is pretty simple. Take one app. Make it communicate with another. Then add another. It’s as simple as that.
API stands for Application Programming Interface. It’s a set of rules and protocols that define how two apps communicate with each other.
It’s like putting the pieces of a puzzle together. You take one endpoint and plug it into another until you’re able to complete the puzzle. In this guide, I’ll break down everything you need to know about APIs and how they work.
-
Navigate This Article:
API Basics
I’ve already discussed how an API works on a basic level. Let’s dive a little deeper with another example.
Forget the puzzle analogy for a moment and think of an API like a waiter in a restaurant. You, the customer, are sitting at your table.
There’s a kitchen somewhere in that restaurant. That’s where all the cooking magic happens. We’ll call this kitchen your data source.
The food you want to order is the “data.” Make sense so far? Good!
You place your order with the waiter. This waiter then goes to the kitchen, tells the chef what you want, and brings your food back to you.
Now, in the tech world, an API is like that waiter. It takes requests from one piece of software and delivers it to another.
How Do APIs Work?
I used the example of a waiter just to give you an overview of how APIs work. But any waiter will tell you that this job is more than just taking and delivering orders.
To give you some perspective, let’s dive a little deeper!
APIs have a few moving parts. But they’re not complicated at all if you learn the basics.
For starters, let’s talk about requests, endpoints, and responses. You won’t understand the logic behind APIs if you don’t understand these.
Think of the weather app on your phone. Weather apps are a very common example of APIs in action. Every time you open it, you’re basically starting a conversation between APIs.
It’s like saying,
“Hey, API, what’s the weather like in my city?”
The API will interpret this as a request because, in reality, that’s what it is. You’re requesting information.
But let’s pause there for a moment and ask ourselves,
“Where do we submit this request?”
That’s where the endpoint comes in.
When the API gets this request, it reads and interprets it.
“Ah, I see you want to know what the weather is like in your city? Gimme a moment, please, I’ll check that for you.”
The API then digs into its pile of data and gives you a response. The response can be something like:
“It’s 60 degrees and windy in Leavenworth, WA.”
I hope I’m beginning to make sense. If not, this request-response cycle will make things clearer:
- Your app sends a request to the API’s endpoint.
- The API grabs the data you asked for and packages it up.
- The API sends back a response to your app.
- The app then displays the info.
There are four different API requests you should also know: GET, POST, PUT, and DELETE.
Bless the soul of whoever named these requests because they made them even easier to understand.
- GET: This is like asking the API to get you certain info without changing anything.
- POST: This is you telling the API to post new data. If you were to send new data (like user preferences) to the weather service, you’d use POST.
- PUT: Here, you’re telling the API to put this new data somewhere. I live in Port Orchard, WA, but I have family in New York. So when I want to know what time it is in New York, I just put the new location into my phone’s clock app.
- DELETE: Probably the most self-explanatory request ever. It deletes stuff.
I’ll wrap up this section with two more things: API Keys and OAuth.
APIs are choosy. Yes, they’re meant to be super social, but they don’t interact with just anyone.
That’s why they have “API keys.” Whoever has these keys can unlock the door and walk up to an API with a new request.
But why do we even need keys in the first place?
It’s simple — to make sure only authorized users get access. If APIs let just anyone order them around, they won’t function as they should.
The API gives each user a unique key. When you make a request, you include this key. The API will then check it to confirm you’re allowed in.
OAuth is like a premium version of a key. You can think of it as a VIP pass that lets you access certain privileged data.
It’s used a lot for apps that need access to your account info without grabbing your password directly. A good example here is when you log into apps using Google or Facebook.
Types of APIs
There are many different types of APIs. For this reason, it’s important that you understand who can use them and how.
Open/Public APIs
These are like the community library of APIs — any developer can access them. They are, for the most part, free.
If you’re a developer, you’ll likely use these APIs when learning web development or working with client’s projects.
Internal/Private APIs
These are APIs that are restricted for use within a single company. The name says it all.
I’ve worked at companies that use such APIs to connect internal systems. That’s because they don’t want the public to access their data.
Partner APIs
These APIs are a bit more exclusive than internal/private APIs. You’ll find them in companies that have a partnership. Such companies can deliver their goods or services even better when these APIs work together.
I’ll give you an example of a hotel booking site like Expedia. When you open their app, you’ll find a section for travel packages.
The travel package builder connects you with hotels, transportation from and to the airport, airline tickets, and even throws in extra stuff like outdoor activities you may be interested in.
From a tech perspective, these are partner APIs communicating with each other. From the user’s perspective, that’s really a great way to plan a vacation!
Composite APIs
These are the multitaskers of the API world. They can contact many different endpoints in a single request. For this very reason, they make complex operations much easier.
Look at your favorite social media app, for example. It doesn’t matter what platform it is; they all work the same.
The moment you open your page, you’ll see your profile info, recent posts, and maybe notifications for any new activity. So instead of making three separate requests for each bit of info, the composite API fetches everything all at once.
That way, the app loads faster. Secondly, there’ll be no need for the back-and-forth between your app and the server.
Common Use Cases for APIs
Did you know that you use APIs almost daily without even realizing it? Here’s what I mean:
Social Media Integration
I’m pretty sure you’ve visited websites or blogs with embedded social media feeds, including right here at HostingAdvice.com. See the screenshot below, taken from our blog? That’s an API at work!
These websites use APIs from platforms like Instagram, Facebook, X, and so on to pull in and display the latest posts right on their page. That way, users get live updates without leaving the site.
Payment Processing
Online shopping wouldn’t be the same without payment APIs. You’d only have the cool design, and that’d be it.
But thanks to APIs, services like PayPal and Stripe are able to handle transactions on sites securely. That explains why you can pay with just a click.
Weather Data
The weather app needs APIs to pull real-time info. Without an API, the app won’t really be of any help to you.
It would either have to gather weather data manually or, more realistically, it would end up showing outdated or generic info. You’d ask it:
“Hey weather app, what’s the weather like in Port Angeles, Washington today?”
Then the app would respond,
“Uhh, not too bad.”
That’s the kind of generic response you’d get without APIs providing seamless, real-time data.
Maps and Geolocation
See the navigation app on your phone? That’s API in action.
Google Maps, for example, has an API that lets websites and apps integrate location services.
Take a typical contact page on a website as an example. Usually, you’ll see a map with directions to the businesses’ physical locations next to the contact form.
You tap on the map, and it automatically opens a navigation app on your browser That’s an API request you’ve just sent.
Automation and Task Management
Services like Zapier and IFTTT (If This Then That) use APIs to automate tasks between apps. Remember, APIs are just these super social apps that love talking to each other.
I don’t know how they do it, but it works. I can’t see myself being that talkative. That’s why my name isn’t API.
Let’s say you’re using Zapier, and you want new Gmail attachments to save automatically to Dropbox. Zapier will instruct the APIs at Gmail to communicate your wish to their counterparts at Dropbox.
Benefits of Using APIs
Think of all the good things that could happen when apps freely communicate with each other. Those are the benefits of using APIs. I’m going to give you some examples.
Improved Efficiency
You’ve seen that APIs are just shortcuts.
Instead of building everything yourself, your app instantly connects with other apps or services.
It’s like plugging your phone into a charger. Without an API, you’d have to buy the phone and its charger, and then guess what?
You’d have to invent electricity to charge the phone!
But thanks to APIs, developers can hook up things way faster. It just makes things easier.
Enhanced Functionality
With APIs, I don’t need to spend months building my own maps. I’m a developer. I’m supposed to be lazy.
A great developer is one who can find lazier ways of doing things. And discovering the magic of APIs and how to use them is like discovering the final boss of laziness.
Want payments? Use PayPal’s API. Need weather data? There’s an API for that too. The list goes on and on.
Scalability
As your app grows, you can use APIs to make it easy to add more stuff.
Let’s say you’ve started a small shop selling a few items. Then suddenly, business is booming.
You’re now thinking along the lines of business expansion. That’s possible even without tearing down the whole shop.
All you need is an API that brings in the features you need. That way, your app grows without a major remodel.
Consistency
I mentioned earlier that APIs are applications that communicate with each other. But I didn’t tell you that you decide how they communicate. You even tell them what to talk about.
Because you’re in charge, you set rules for how your app talks to other services. For example, the weather API will only talk about weather stuff. It has no business predicting the winner of this year’s Super Bowl.
Challenges and Considerations with APIs
APIs are super helpful, but they do have some challenges you should know about.
Security
Security is one of the biggest concerns with APIs. Quite frankly, that shouldn’t surprise you.
Let’s be real here. When apps are too chatty with each other, they’re basically exposed to security threats. That also applies to internal APIs.
Think of APIs that handle sensitive data, like your personal info, payment details, or login credentials, for instance. Now imagine an online store using an API to process payments through PayPal or Stripe.
Without proper security, hackers could potentially intercept that data. That’s why we have authentication methods like API keys or OAuth, which we talked about earlier.
Reliability
Some apps fail because they just can’t pull data. That’s the risk with APIs.
You may have developed the best app out there, but if it relies on APIs, you’ll have to pray that the provider’s server is up and running. A good example is when you’re using an API to show Instagram feeds on your site.
The rest of the app works just fine. But if Instagram’s servers go down or the API gets overloaded, your feed suddenly stops working.
However, there are ways to manage this. For instance, you can decide to build in fallback methods. Here, you’re basically telling the app to do something else if the API doesn’t work.
So instead of responding with “I don’t know,” the app responds with “Here’s my most recent response to this request.”
Sounds better than throwing a 404 error, in my opinion.
Alternatively, you can save API data locally. If the main source fails, the app will then communicate with your local cache and fetch the most relevant data.
Rate Limiting
Every API has limits on how much you can use it. In tech, we call that “rate limiting.”
Do you know why it’s necessary to limit these calls? Because they’re easy to manipulate.
It’s for the same reason most businesses open from 9 AM to 5 PM. They don’t want you to contact them at midnight.
Servers also get overloaded when they receive too many calls. When they become overloaded, they just don’t function as they should.
Let’s say you’re using a free weather API to check the weather 100 times a day. If your app tries to make 101 requests, that last one might get blocked or delayed due to a rate limit.
But that doesn’t necessarily mean your app won’t function after the 101st request. Some providers offer premium plans for developers looking to raise their limits.
Versioning
Developers behind an API may add new features, change existing ones, or improve security. Don’t get me wrong here. It’s actually a great thing!
But the problem comes in when you’re not aware of these changes. In real life, it’s like trying to reach a company’s customer service department.
You’ve done it so many times, you even have muscle memory. You know the number to call and how to navigate the specific department.
For example, when I’m calling my bank, I already know the extension for my branch. I’d call the main customer service number and quickly skip the “Thank you for calling WSECU, we value your —” part and just head straight to dialing the extension.
I’m so used to this pattern that I can even predict who’ll pick up the phone that day. Now imagine a situation where the bank decides to change this extension abruptly.
The next time I try to get a hold of someone from their team, the response could be something like:
“Sorry, the extension you entered is invalid. Please enter the right extension.”
That’s what’s called versioning in APIs.
API providers use it to offer multiple versions of their API, but sometimes, it backfires.
Providers don’t want developers to worry about updating everything immediately when something changes. If an API releases a new version, it might still let the previous one run for a while. That allows you some time to update your app.
But what if you run out of time? What if you just didn’t know about the new version?
Eventually, the provider will retire the old version. When that happens, your app will malfunction.
Popular API Examples and Platforms
You’ve probably interacted with at least one API today. Here are a few examples.
- Google Maps API: If you’ve ever used an app to get directions, see traffic conditions, or find nearby stores, chances are, it’s using the Google Maps API. This API can embed maps, get location data, and even calculate distances between two points.
- X API: X, formerly known as Twitter, has an API app developers can use to see trending topics, post tweets, react to posts, and more. Social media tools use this API to help users manage their accounts, track hashtags, and even analyze engagement.
- Facebook API: Facebook’s API is similar to X’s and many other social media APIs. Developers can use it to access things like user profiles, events, photos, and even ads.
You’ve probably seen apps where you can “Log in with Facebook.” That’s an example of Facebook API in action.
Here’s a screenshot of my Spotify login page. See what I’m talking about?
In the screenshot above, the options to sign in with Google, Facebook, and Apple are all examples of APIs working directly with the Spotify app.
- OpenWeather API: Almost every web developer I know has used this app at some point. It provides weather data, forecasts, and historical data for tons of cities worldwide and in real time.
So, where do you find these APIs? My favorite API marketplace is RapidAPI. Here, you’ll find both free and paid APIs.
Some developers may decide to go with ProgrammableWeb, API Hub, or even APILayer. There’s no secret formula, really. You just go for what works best for your unique needs.
How to Get Started with APIs
Below, I’m going to show you how to put APIs into use. Here’s what I need you to do.
Step 1: Choose an API
First, you need to figure out what kind of API you need for our project. I’ll go with the OpenWeather API for our imaginary weather app.
Step 2: Get an API Key
The API key is our personal access card. With every request we send to the server, we’ll include this key. That way, the server will know who we are before responding to our request.
Also, make sure you keep this key private, just like you would with the keys to your apartment. You don’t want anyone to misuse it.
Step 3: Make your first API call
Now let’s call the API. For example, the weather API call could look like:
https://api.openweathermap.org/data/2.5/weather?q=London&appid=YOUR_API_KEY
That’s your app asking the API:
“What’s the weather like in London?”
The API will then receive this request and respond with the relevant information.
Remember to test out your API before integrating it into your app. The last thing you want is to build a great app only to realize that the API it relies on isn’t even functioning.
I use tools such as Postman or cURL to test out these APIs before integrating them into any app I build.
If you’re a beginner web developer, I recommend Postman. It’s super easy to use. Just your endpoint, add your API key, and you’ll see the response right there.
APIs: The Invisible Call With Visible Impact
It’s crazy to think how often we interact with different types of technologies on a daily basis without even knowing what they are. APIs, for example, are everywhere.
And you don’t even have to be a web developer to understand how just important APIs are. For instance, anyone who learned to drive before MapQuest knows just how difficult it was to navigate.
You’d have to pull out a physical map to find your way around town. That was risky, if you come to think of it. Just one coffee spill could wipe your town off the map.
So whatever you do today, please remember to spare a moment to be thankful for APIs. They make invisible calls, but their impact is very much visible.