Application Programming Interface (API)

An application programming interface (API) is a way for two or more computer programs to communicate with each other.

API specification language

API specification languages:

• OpenAPI

OpenAPI

OpenAPI, an evolution of Swagger, is a specification for describing APIs in a standardized way.

The OpenAPI Specification (OAS) establishes an interface for describing an API in a way that allows any developer or application to discover it and fully understand its parameters and capabilities.

The implementation of OpenAPI for an API is not mandatory, but it is convenient when looking to publish the API with third-parties.

Architectural types

API architectural types:

• Procedure-oriented
• Resource-oriented
• Query-based
• Event-driven
• Model-context protocol

Procedure-oriented API

A procedure-oriented API establishes that everything is a procedure. Example implementation of procedure-oriented API are SOA or the gRPC framework.

Resource-oriented

In a resource-oriented API, you interact with nouns (e.g., /users/123) using a strictly limited set of standardized verbs (e.g., GET, POST, etc.).

The typical resoure-oriented API is a RESTful API. You can read more on this post about REST.

Query-based API

A query-based API allows the client to request the structure of the data to be returned by the server.

An example of query-based API is GraphQL. You can read this post about GraphQL.

Event-driven API

Event-driven architecture (EDA) examples are WebSockets and server-sent events (SSE).

Model context protocol

Model context protocol (MCP) is used in AI.

It can be considered a multi-architectural procol, as it combines elements of resource-driven, procedure-driven (tools) and template-driven.

Web API

A web API is an API that allows communication through the internet. Because of their popularity, web API are often referred simply as API.

An open API or public API is an API that can be accessed by anyone. This concept usually applies to web APIs.

Most web APIs use HTTP as the protocol to exchange messages.

A web API is considered by some authors as a broader term than web service, while others consider the opposite.

It can be contended that a web service may include a web API, and that a web service is a type of web API.

The fact is that the technologies that are traditionally related to the concept of web services (SOAP and WSDL) are older than those traditionally related to web API (RESTful and gRPC).

HTTP methods are used within the HTTP protocol to exchange information. Some of these methods are POST and GET.

API Formats

Some formats used for API communication are JSON or XML, among others.

SOAP works only with XML format, while REST is compatible with different formats like JSON and XML.

API Platforms

An API platform is a tool designed for developing, testing, and consuming APIs. They help developers interact with APIs, send requests, inspect responses, and debug.

You can read this post about API platforms. It includes tools like Postman.

API Management

API management consists of providing full lifecycle management for APIs, including design, security, analytics, monetization, and governance.

These tools help organizations publish, control, and monitor APIs efficiently.

An API gateway is a component of an API manager.

You can read this post about API management.

API Models

API models, according to CCSP certification:

• Public API
• Partner API
• Private or internal API

Declarative API

Declarativeness is a programming paradigm where the programmer indicates the desired state. It opposes other programming paradigms like imperative, where the programmer indicates the action to take.

A declarative API is an API that is centered around the desired state.

API Security

Common API security issues are:

• Authorization for object access
• Authentication weaknesses
• Rate limiting

OWASP top 10 API on this external link.

OWASP API Security Project on this external link.

An API gateway is set before an API to aggregate API access, provide authentication for API use, rate-limit, and gather statistics and data about API usage.

An API gateway can be installed in the perimeter of a network. There are cloud API gateway like Amazon API Gateway.

API Document Generator

Doxigen can be used as API document generator.

Concepts related to API

A web service is a service offered over the web. You can read this post about web services.

Universal Description, Discovery, and Integration (UDDI) is an standard issued by OASIS that describes a protocol to register and publish web services.

Electronic Data Interchange

Electronic Data Interchange (EDI) is a standard to exchange business information between computer systems. It uses standardized formats like ANSI X12 or EDIFACT.

EDI Standards

EDI standards:

• EPCIS
• IDoc

EPCIS

An example of EDI is EPCIS, a GS1 standard that helps to share information about the physical movement

IDoc

IDoc is a proprietary EDI format, owned by SAP SE. It is used as the internal exchange format on SAP modules and systems (like SAP ECC and SAP CRM).

It is suited for batch-oriented, asynchronous communication.

IDoc was native to SAP ECC and it is still supported in SAP S/4HANA.

Remote procedure call

Remote procedure call (RPC) is…

RPC framework

RPC frameworks:

• gRPC

gRPC

Google Remote Procedure Call (gRPC) is a RPC framework.

You might also be interested in…

• Web Development
• Distributed communication protocols and frameworks
• Data parsers

External References

• M. Chapple, D. Seidl; “CCSP Study Guide Third Edition“, pp. 159-160; Wiley, 2023
• Declarative API