What is an API?
An API, which stands for application programming interface, is a set of protocols that enable different software components to communicate and transfer data. Developers use APIs to bridge the gaps between small, discrete chunks of code in order to create applications that are powerful, resilient, secure, and able to meet user needs. Even though you can't see them, APIs are everywhere—working continuously in the background to power the digital experiences that are essential to our modern lives.
Here, we'll give a high-level overview of the history of APIs and how they work before reviewing the different types of APIs and how they are used. We'll also discuss some common benefits and use cases for APIs—and offer a few real-world API examples that can help you get started.
What is the history of APIs?
In order to fully understand the role that APIs play in our lives, it's important to understand how they have evolved. APIs have been around for decades, with modern web APIs first taking shape in the early 2000s. The history of APIs since that period can be roughly broken down into the following five phases:
Phase 1: Commercial APIs
In the early 2000s, web APIs emerged as a new method for emerging startups to not only make products and services available online, but to also enable partners and third-party resellers to extend the reach of their platforms. This era of APIs was defined by Salesforce, eBay, and Amazon, and these companies continue to dominate the API playing field today.
Phase 2: Social media APIs
A shift in the API landscape occurred in the mid-2000s, as a new group of companies—such as Flickr, Facebook, and Twitter—realized that APIs could change the way we share information with one another. While these APIs weren't as intrinsically linked to revenue as their commercial predecessors, they nevertheless provided significant value to their organizations. For instance, Facebook launched version 1.0 of its API in August of 2006, which allowed developers to access Facebook users' friends, photos, events, and profile information. This API played a crucial role in establishing Facebook as one of the most popular social networks in the world.
Phase 3: Cloud APIs
In 2006, Amazon introduced Amazon Simple Storage (S3), which marked yet another turning point in the history of APIs. S3 is a basic storage service in which resources are accessible via API and CLI, and its pay-as-you-go model provides a cost-efficient way for organizations to monetize digital assets in the online economy. Just six months later, Amazon released Amazon Elastic Compute (EC2), which enabled developers to use web APIs to deploy infrastructure that would power the next generation of applications. Both S3 and EC2 continue to play an essential role in application development today.
Phase 4: APIs for mobile applications
The world was introduced to Apple's iPhone and Google's Android in 2007. The ability to carry the web in our pockets radically changed how we live—and spurred a massive investment in mobile applications that are powered by APIs.
For instance, Twilio launched its API-as-a-product platform in 2007, which allowed developers to make and receive phone calls from any cloud application. Instagram then launched its photo-sharing iPhone application in October 2010, and it had one million users just three months later. Instagram did not initially provide an API, but it began work on one in early 2011 in response to user demand. These API-first companies played an essential role in creating the blueprint for how APIs are delivered today.
Phase 5: APIs for connected devices
Around 2010, some developers began using APIs to connect everyday objects—such as cameras, thermostats, speakers, microphones, and sensors—to the cloud. This next generation of devices, which includes Fitbit, Nest, Alexa, can send and receive data, content, media, and other digital resources, further changing the way we interact with the world around us.
How do APIs work?
APIs work by sharing data between applications, systems, and devices. This happens through a request and response cycle. The request is sent to the API, which retrieves the data and returns it to the user. Here's a high-level overview of how that process works.
1. API client
The API client is responsible for starting the conversation by sending the request to the API server. The request can be triggered in many ways. For instance, a user might initiate an API request by entering a search term or clicking a button. API requests may also be triggered by external events, such as a notification from another application.
2. API request
An API request will look and behave differently depending on the type of API, but it will typically include the following components:
- Endpoint: An API endpoint is a dedicated URL that provides access to a specific resource. For instance, the /articles endpoint in a blogging app would include the logic for processing all requests that are related to articles.
- Method: The request's method indicates the type of operation the client would like to perform on a given resource. REST APIs are accessible through standard HTTP methods, which perform common actions like retrieving, creating, updating, and deleting data.
- Parameters: Parameters are the variables that are passed to an API endpoint to provide specific instructions for the API to process. These parameters can be included in the API request as part of the URL, in the query string, or in the request body. For example, the /articles endpoint of a blogging API might accept a “topic” parameter, which it would use to access and return articles on a specific topic.
- Request headers: Request headers are key-value pairs that provide extra details about the request, such as its content type or authentication credentials.
- Request body: The body is the main part of the request, and it includes the actual data that is required to create, update, or delete a resource. For instance, if you were creating a new article in a blogging app, the request body would likely include the article's content, title, and author.
3. API server
The API client sends the request to the API server, which is responsible for handling authentication, validating input data, and retrieving or manipulating data.
4. API response
Finally, the API server sends a response to the client. The API response typically includes the following components:
- Status code: HTTP status codes are three-digit codes that indicate the outcome of an API request. Some of the most common status codes include 200 OK, which indicates that the server successfully returned the requested data, 201 Created, which indicates the server successfully created a new resource, and 404 Not Found, which indicates that the server could not find the requested resource.
- Response headers: HTTP response headers are very similar to request headers, except they are used to provide additional information about the server's response.
- Response body: The response body includes the actual data or content the client asked for—or an error message if something went wrong.
In order to better understand this process, it can be useful to think of APIs like restaurants. In this metaphor, the customer is like the user, who tells the waiter what she wants. The waiter is like an API client, receiving the customer's order and translating it into easy-to-follow instructions for the kitchen—sometimes using specific codes or abbreviations that the kitchen staff will recognize. The kitchen staff is like the API server because it creates the order according to the customer's specifications and gives it to the waiter, who then delivers it to the customer.
What are the benefits of APIs?
APIs connect various software systems, applications, and devices by allowing them to communicate with one another. This unlocks many benefits, ranging from enhanced user experiences to increased business efficiency. The most common advantages of APIs include:
- Automation: APIs can be used to automate repetitive, time consuming work so that humans can focus on more complex tasks. This improves productivity, especially for developers and testers.
- Innovation: Public APIs can be used by external engineering teams, which spurs innovation and accelerates development by enabling developers to repurpose existing functionality to create new digital experiences.
- Security: APIs can provide an additional layer of protection against unauthorized breaches by requiring authentication and authorization for any request to access sensitive data.
- Cost efficiency: APIs provide access to useful third-party tools and infrastructure, which helps businesses avoid the expense of building complex in-house systems.
What are the different types of APIs?
There are many different types of APIs and ways to categorize them. For instance, you can categorize APIs by who has access to them. This organizational framework includes:
- Private APIs: Private APIs, also known as internal APIs, are used to connect different software components within a single organization, and they are not available for third-party use. For instance, a social media application might have a private API that handles the login workflow, another private API that handles the feed, and yet another private API that facilitates communication between users. Some applications may include dozens or even hundreds of private APIs.
- Public APIs: Public APIs provide public access to an organization's data, functionality, or services, which third-party developers can integrate into their own applications. Some public APIs are available for free, while others are offered as billable products. For instance, an e-commerce application may incorporate a public payment API, such as Stripe, to handle payment processing without having to build that functionality from scratch.
- Partner APIs: Partner APIs enable two or more companies to share data or functionality in order to collaborate on a project. They are not available to the general public and therefore leverage authentication mechanisms to ensure they are only used by authorized partners.
What are the most common API architectural styles?
You can also categorize APIs according to their architectural style, of which there are many. The most frequently used architectural styles are:
1. REST
As discussed above, REST is the most popular API architecture for transferring data over the internet. In a RESTful context, resources are accessible via endpoints, and operations are performed on those resources with standard HTTP methods such as GET, POST, PUT, and DELETE.
2. SOAP
SOAP, which stands for Simple Object Access Protocol, uses XML to transfer highly structured messages between a client and server. SOAP is often used in enterprise environments or legacy systems, and while it includes advanced security features, it can be slower than other API architectures.
3. GraphQL
GraphQL is an open source query language that enables clients to interact with a single API endpoint to retrieve the exact data they need, without chaining multiple requests together. This approach reduces the number of round trips between the client and server, which can be useful for applications that may run on slow or unreliable network connections.
4. Webhooks
Webhooks are used to implement event-driven architectures, in which requests are automatically sent in response to event-based triggers. For instance, when a specific event occurs in an application, such as a payment being made, the application can send an HTTP request to a pre-configured webhook URL with the relevant event data in the request payload. The system that receives the webhook can then process the event and take the appropriate action.
5. gRPC
RPC stands for Remote Procedure Call, and gRPC APIs were originated by Google. In gRPC architectures, a client can call on a server as if it were a local object, which makes it easier for distributed applications and systems to communicate with one another.
What are some common API use cases?
APIs are extremely versatile, and they support a wide range of use cases that includes:
1. Integrating with internal and external systems
One of the most common reasons developers turn to APIs is to integrate one system with another. For instance, you can use an API to integrate your customer relationship management (CRM) system with your marketing automation system, which would allow you to automatically send a marketing email when a sales representative adds a new prospective customer to the CRM.
2. Adding or enhancing functionality
APIs let you incorporate additional functionality into your application, which can improve your customers' experience. For instance, if you're working on a food delivery application, you might incorporate a third-party mapping API to let users track their order while it's en route.
3. Connecting IoT devices
APIs are essential to the Internet of Things (IoT) ecosystem, which includes devices such as smart watches, fitness trackers, doorbells, and home appliances. Without APIs, these devices would not be able to connect to the cloud—or to one another—which would render them useless.
4. Creating more scalable systems
APIs are used to implement microservice-based architectures, in which applications are built as a collection of small services that communicate with one another through private APIs. Microservices are managed, deployed, and provisioned independently of one another, which enables teams to scale their systems in a reliable yet cost-efficient way.
5. Reducing costs
APIs help organizations reduce operational costs by automating time-intensive tasks, such as sending emails, pulling reports, and sharing data between systems. They can also reduce development costs by enabling teams to reuse existing functionality, instead of reinventing the wheel.
6. Improving organizational security and governance
APIs power many workflows that are essential for organizational security. For instance, single sign-on (SSO), which enables users to use one username and password for multiple systems, is made possible by APIs. APIs are also used to enforce and automate corporate governance rules and policies, such as a requirement that expenses be approved before employees are reimbursed.
This list is far from exhaustive, and it will keep growing as developers continue to create innovative solutions that change the ways we live, work, and interact with one another.
What are some real-world examples of APIs?
If you're looking for real-world examples of APIs, a good place to start is a public API catalog, such as Postman's Public API Network. The Public API Network, which supports a community of over 35 million developers, is a searchable, highly organized library of APIs that makes it easy to find the API that's right for you. You can use the network's search functionality if you're looking for something specific, or browse by category if you want to get inspired. Some companies that have published great examples of APIs on the Public API Network include:
Salesforce
Salesforce is cloud-based CRM software that enables customers to find and connect with customers, close deals, and provide service at scale. The Salesforce public workspace includes many API resources for developers across Salesforce Clouds and products.
Notion
Notion is a note-taking app that provides a single space to think, write, and plan. The Notion team has published a straightforward collection to help developers start interfacing with the Notion API. They provide up-to-date and practical solutions, making it easier to connect and automate your tasks in Notion.
Discord
Discord is a social platform that facilitates voice, video, and message-based communication, as well as media and file sharing. The Discord team has published collections that help developers build Discord apps to customize their Discord servers. They've also included a helpful introduction to help you get started.
Pinterest enables users to share images, connect with one another, and get inspired. The Pinterest API significantly increases the scope of what you can do as a site or application developer, and they've published collections to help you get started.
DoorDash
DoorDash is a food ordering and delivery platform, and DoorDash Drive enables you to use DoorDash's on-demand logistics platform and fleet of Dashers to deliver your goods quickly and easily. The DoorDash team has published collections that make it easy to get started with the DoorDash APIs.
Other common questions about APIs
Who works with APIs?
While developers are most likely to work with APIs as part of their job, Postman's State of the API report found that many non-developers, such as product managers, business analysts, and customer support professionals, work with APIs, as well.
Which industries use APIs?
APIs are used extensively in the technology industry, as they are the primary building blocks of applications and other digital services. Financial institutions also rely on APIs to facilitate their customers' transactions, and healthcare providers use APIs to manage patient data and keep it secure.
What is the API-first strategy?
The API-first strategy is an approach to software development in which applications are designed and built as a collection of internal and external services that are delivered through APIs. APIs are the building blocks of these applications, and the API-first strategy helps teams prioritize their quality, security, and performance.
What are some tools that can help you build and integrate APIs?
API development is an iterative and collaborative process, so it's important to leverage the appropriate tooling to ensure everything runs as smoothly as possible. For instance, teams should use a source control management tool like GitHub or BitBucket to keep track of API changes, and a CI/CD pipeline such as Jenkins or CircleCI will help them automate the API testing and deployment processes. It's also essential for teams to use an API platform that integrates with these tools, which will reduce friction and augment existing workflows.
How do you build an API?
The API development process can vary widely according to the API's purpose, language, and scope. Nevertheless, every new API will need to be designed, implemented with an API development framework, and thoroughly tested to ensure it's working as expected. Learn more about how to build an API.
What is API management?
API management is the practice of establishing efficient, standardized processes for working with APIs. Organizations who prioritize API management typically leverage an API platform like Postman, which can help them design, develop, test, secure, deploy, and monitor APIs at scale. This improves collaboration by reducing redundant work, increases visibility into API-related projects, and supports greater organizational alignment.
What is the difference between SOAP APIs and REST APIs?
SOAP (Simple Object Access Protocol) and REST (Representational State Transfer) are two of the most common architectural styles for building APIs. SOAP APIs use XML and include built-in features for security and error handling, which makes them well-suited for enterprise environments with strict standards. On the other hand, REST APIs use JSON for resource representation, which is less verbose than XML. REST APIs are usually easier to understand, consume, and integrate than SOAP APIs, but they lack some of SOAP's advanced features. Learn more about the differences between SOAP and REST.
What is the difference between APIs and webhooks?
Webhooks are lightweight callback functions that facilitate event-driven communication between APIs. In the traditional request-response cycle, an API client actively sends a request to an API server in order to retrieve data or perform actions. In contrast, a webhook listens for a specific event, such as a new user account being created or a payment being made, and performs a pre-configured action in response. This eliminates the need for the API client to poll the server, as the server will automatically perform the appropriate action or return the relevant data when the specified event occurs.
What is the difference between service-oriented architecture (SOA) and microservice architecture?
Service-oriented architectures (SOAs) and microservice architectures are both comprised of modular services that perform specific business functions, but they have several key differences. For instance, microservices communicate with one another through APIs, whereas SOA services rely on an enterprise service bus (ESB) for routing, transforming, and managing messages. Additionally, SOA services tend to use SOAP, whereas microservices tend to use lightweight protocols like REST. Finally, SOA services are less granular than microservices, and they may also be dependent on one another.
API Glossary
Use this API glossary to build a strong API vocabulary and learn more about how APIs are designed, developed, deployed, and managed.