What Is an Application Programming Interface (API)?

An application programming interface, or API, is a set of definitions, rules, and protocols that enable communication between two entities : users (either people or software) and information (data resources made available by online and web applications).

Today, APIs form the base framework of modern applications, improve user experience, and enhance business models. Sometimes, an API can even be the business model itself.

How Do APIs Work?

APIs are the “public face” of applications, revealing the functions they perform and the information they can provide, and defining the proper format of requests. When a developer creates and exposes the API for an application, it allows other applications to communicate with it.

In many cases, APIs save valuable developer time because they make commonly used functions readily available. Rather than duplicating the functionality of an existing application, developers can integrate the functionality into their applications by making calls to the existing application’s API.

The way each API is designed, deployed, and functions depends on its architectural style or protocol.

Types of API Architectures and Protocols

An API architecture, or architectural style, refers to the high-level design of an API. This encompasses how the API is structured, organized, and its request/response format. An API protocol also specifies format, while additionally describing the exact messages.

Common API architectures and protocols include:

• REST – Also known as RESTful, this architectural style is based on the principles of representational state transfer. It uses HTTP methods (such as GET, POST, PUT, and DELETE) and abstracted information (in the form of resources and resource models) to create scalable, flexible, and technologically independent structures. Today, REST remains the most popular API architecture.
• GraphQL – An open source query language developed by Meta (formerly Facebook), GraphQL architectures enable the fetching of data from multiple sources via one API call. Because clients only request the necessary data, GraphQL APIs tend to be more efficient (though less cacheable) than REST APIs.
• SOAP – This architectural approach uses the simple object access protocol (SOAP). SOAP messages are generally formatted in XML, which makes them bulkier than REST or GraphQL. Unlike REST APIs, SOAP APIs have strict implementation guidelines that define the structure of the API protocol.
• WebSocket – This API protocol is full-duplex, meaning that client and server can send and receive messages simultaneously. Further, the server can send a message that’s not a response to a client request, but instead is (for example) triggered by an event on the server side. In contrast, REST APIs follow a strict request-response pattern.
• RPC – With a remote procedure call, the developer can use the same code to invoke a function that runs in a different address space (normally, on a remote server) as for a local function, without having to specify the details of the remote interaction. Because multiple languages can be used, this protocol is flexible and commonly used in client-server communication. One example of an RPC is gRPC (Google Remote Procedure Call).

How Are APIs Used Today?

APIs are a critical part of modern software. Today, organizations and businesses build or use many different types of APIs depending on their needs.

The four most common types of APIs found in organizations today are public APIs, private APIs, partner APIs, and third-party APIs.

Public APIs

Public APIs are accessible to users outside your enterprise (either monetized or for free) and enable you to build partnerships with third-party developers and expand your entire business ecosystem.

Because public APIs can be used by third-party developers to build new products, they help drive innovation and are an important tool to help build new partnerships.

Private APIs

Private APIs are accessible only by internal teams withinyour enterprise. They help you to unlock data and foster internal collaboration, or they might invisibly support your organization’s public-facing applications (for example, your website).

Because private APIs are available only to internal users, organizations can build them with optimization in mind. Private APIs also enable greater composability for modern applications, allowing businesses to adapt to current needs. Developers can easily integrate private APIs while building microservices, which reduces duplicative work across teams.

Partner APIs

Partner APIs are used to integrate directly with business partners (for example, when an airline partners with a hotel chain and you can simultaneously book your flight and lodging). Partner APIs are not publicly available – they are accessible to select developers who satisfy the authentication (AuthN) and authorization (AuthZ) requirements of both businesses.

Interoperability strengthens relationships with partner APIs, as they break down silos and enable different organizations to communicate with each other.

Third-Party APIs

Third-party APIs are used by your organization to access data or capabilities that are missing in your applications and services. These APIs run on the third party’s server and usually provide a widely needed service (an example is the Stripe payment processing API used by many e-commerce websites). Depending on the API, they can be used by your organization with or without a fee.

Because third-party APIs are already built by another developer or organization, one of their clear benefits is cost savings. Additionally, third-party APIs act as a key way for organizations to develop apps faster, as developers can immediately use a functionality rather than coding it themselves.

What Application Languages are Used to Create APIs?

Almost any modern programming language can be used to code an API. When coding an API, many developers may choose to use a framework. Frameworks provide building blocks like code libraries and other necessary utilities that make it faster and easier to build applications using the language.

Each programming language generally has one or more frameworks that are popular among developers. The table lists several framework options (many of which are open source).

The choice of which language and framework usually depends on the project’s needs or a developer’s personal preferences.

Examples of APIs

With APIs being a fundamental part of modern software development, the examples are endless. Here, we’ll highlight a few.

Three examples of APIs include:

• Google Maps Platform – Google provides an API that makes Google Maps embeddable on your website or application.
• AWS IoT – The AWS IoT API enables you to connect devices on the Internet of Things (for example, smart home devices) to the AWS cloud. This is one way that smart home automation systems are built.
• NGINX Unit Control API – The Unit API uses a REST architecture for configuration of the open source NGINX Unit application and web server.

What Is an API Strategy?

Organizations today require a modern API strategy that aligns with their goals. An API strategy sets a plan for how an organization will design, develop, manage, govern, and secure its APIs.

According to Gartner’s Top 5 API Lessons for Software Engineering Leaders, there are five best practices to ensure your API strategy is strong:

• Don’t let API governance create bottlenecks. API governance needs to be balanced with developer agility to continue driving innovation.
  
• Treat APIs as products, even if you don’t plan to monetize them. Make sure each API has a clear purpose and audience that aligns with business goals.
• Discover your APIs before hackers do. Prioritizing discoverability and regular monitoring helps prevent security breaches.
  
• Manage the lifecycle of APIs. Comprehensive API lifecycle management ensures that APIs continue to perform with proper security.
  
• Choose best-fit API technologies. What works for one organization may not be exactly what works for yours, which is why it’s important to consider in detail your specific API needs now and for the future.

Regardless of which type of API architecture you choose, or what type of API you’re coding, it’s crucial to consider API security from the beginning, not as an afterthought. To learn more about how to keep your APIs secure from the start and combat common problems like API sprawl, see API Security: Best Practices for Protecting APIs.

And not all metrics are created equal, learn more in Which 12 Metrics to Monitor for a Successful API Strategy.

What Is API Connectivity?

While APIs started as a tool for developers, they have grown into strategic business assets that increase revenue and support enterprise agility. API connectivity  refers to using modular and reusable APIs to link data and applications in cloud-native environments, with the goal of solving challenges in visibility, security, and governance.

Additional Resources

NGINX offers a variety of free resources to meet you at any point of your API journey.

Related Glossary Pages

• What Is API Connectivity?
• What Is the API Developer Experience?
• What Is API-First?
• What Is an API Gateway?
• What Is API Management?
• What Is API Sprawl?

Blogs

• 5 Ways to Fight API Sprawl and Why You Should Care
• Why the API Developer Experience Matters
• API Connectivity Manager Helps Dev and Ops Work Better Together
• The Benefits of an API-First Approach to Building Microservices

eBooks

• API Strategy: Best Practices for Platform Engineering Leaders
• Deploying NGINX as an API Gateway

On-Demand Webinars

• Successfully Implement Your API Strategy with NGINX
• High-Performance Web Application Firewall Testing