Application Programming Interface (API)

An application programming interface (API) is a way for two or more computer programs to communicate with each other.

Concepts related to API

Electronic Data Interchange (EDI) is a is a process between two computer systems that enables two companies to exchange business information.

A web service is a service offered over the web.

Universal Description, Discovery, and Integration (UDDI) is an standard issued by OASIS that describes a protocol to register and publish web services.

An example of EDI is EPCIS, a GS1 standard that helps to share information about the physical movement

Web API

A web API is an API that allows communication through the internet. Because of their popularity, web API are often referred simply as API.

An open API or public API is an API that can be accessed by anyone. This concept usually applies to web APIs.

Most web APIs use HTTP as the protocol to exchange messages.

A web API is considered by some authors as a broader term than web service, while others consider the opposite.

It can be contended that a web service may include a web API, and that a web service is a type of web API.

The fact is that the technologies that are traditionally related to the concept of web services (SOAP and WSDL) are older than those traditionally related to web API (RESTful and gRPC).

HTTP methods are used within the HTTP protocol to exchange information. Some of these methods are POST and GET.

Web API Architectures

API architectures:

• Web Services
• REST
• gRPC
• GraphQL

Web Services

You can read this post about web services.

REST

Representational State Transfer (REST) API, also known as RESTful API, is an application programming interface (API or web API) architecture that conforms to the constraints of REST architectural style and allows for interaction with RESTful web services.

REST calls web resources by using uniform resource identifiers (URIs).

The client-server protocol is mainly stateless.

OpenAPI, an evolution of Swagger, is a specification for describing RESTful APIs in a standardized way.

RESTful are lighter than SOAP, but less robust against errors.

Other characteristics:

• Based on URLs
• Offers outputs in many formats, such as JSON (preferred data format) or XML
• Used for stateless communications.
• Data transport is done using HTTP methods, such as GET, POST, DELETE or PATCH.
• It uses native HTTP replies such as 200, 204, 404 or 409.

gRPC

Google Remote Procedure Call (gRPC) is a web API.

GraphQL

GraphQL is a data query and manipulation language for APIs.

There are different GraphSQL servers:

• Express GraphSQL
• Mercurius
• Apollo

Express GraphSQL is FOSS.

Mercurius is FOSS under a MIT license.

Apollo is a suite of tools for working with GraphQL, which includes the Apollo Server and Apollo Client libraries. Apollo Server is a server-side JavaScript library that helps you build GraphQL APIs, while Apollo Client is a client-side JavaScript library that allows you to consume those APIs from your front-end application.

Apollo is source-viewable software, under an Elastic license.

API Formats

Some formats used for API communication are JSON or XML, among others.

SOAP works only with XML format, while REST is compatible with different formats like JSON and XML.

API Platforms

An API platform allows to share, build and test APIs

API platforms:

• hoppscotch
• Insomnia REST
• Postman
• Thunder Client

The most popular is probably Postman.

hoppscotch

hoppscoth is developed by delocalised company Hoppscotch.

It is FOSS under a MIT license.

hoppscotch repository

Insomnia REST

Insomnia is developed by American company Kong Inc.

Imsomnia cliente is free and open source software (FOSS) under an Apache 2.0 license.

Imsomnia server is proprietary and closed source.

Insomnia repository

Postman

Postman is an API platform that allows to share, build and test APIs, among other actions. It was the largest hub in 2023.

It is closed source and proprietary, owned by company Postman Inc.

Newman tool to manage Postman collection is FOSS.

Thunder Client

Thunder Client is available as a plugin for Visual Studio Code.

API Models

API models, according to CCSP certification:

• Public API
• Partner API
• Private or internal API

Declarative API

Declarativeness is a programming paradigm where the programmer indicates the desired state. It opposes other programming paradigms like imperative, where the programmer indicates the action to take.

A declarative API is an API that is centered around the desired state.

API Security

Common API security issues are:

• Authorization for object access
• Authentication weaknesses
• Rate limiting

OWASP top 10 API on this external link.

OWASP API Security Project on this external link.

An API gateway is set before an API to aggregate API access, provide authentication for API use, rate-limit, and gather statistics and data about API usage.

An API gateway can be installed in the perimeter of a network. There are cloud API gateway like Amazon API Gateway.

You might also be interested in…

• Web Development
• Distributed communication protocols and frameworks
• Data parsers

External References

• M. Chapple, D. Seidl; “CCSP Study Guide Third Edition“, pp. 159-160; Wiley, 2023
• Declarative API