APIs — Core Concepts
What Is an API?
API stands for Application Programming Interface. Strip away the jargon: it’s a defined set of rules for how one piece of software can talk to another.
Every time you log in with Google, see a map embedded in a website, or get a shipping notification from a retailer, an API is doing the work behind the scenes.
How APIs Work
The pattern is almost always the same:
- Request — Your app sends a message to an API endpoint (a URL), asking for something
- Processing — The API server does work: queries a database, runs a calculation, retrieves a file
- Response — The API sends back data, usually as JSON or XML
A typical API call looks like this:
GET https://api.openweathermap.org/data/2.5/weather?q=LondonThe response comes back as structured data:
{
"city": "London",
"temp": 16,
"condition": "cloudy"
}Your app reads that data and displays it however it wants.
REST: The Dominant Style
Most modern web APIs follow REST (Representational State Transfer). REST isn’t a protocol — it’s a set of conventions:
| HTTP Method | What it does | Example |
|---|---|---|
| GET | Read data | Fetch a user’s profile |
| POST | Create data | Submit a new order |
| PUT | Update data | Change a shipping address |
| DELETE | Remove data | Cancel a subscription |
REST APIs treat everything as a resource (a user, a product, an invoice) identified by a URL. The action is conveyed by the HTTP method.
Authentication: Who’s Asking?
APIs don’t answer just anyone. Most require authentication:
- API Keys — A secret token included in each request. Simple and widely used.
- OAuth — A more sophisticated system where users grant apps specific permissions (e.g., “this app can read my calendar but not delete anything”)
- JWT (JSON Web Tokens) — Signed tokens that carry identity info inside them, often used for stateless APIs
Public vs. Private APIs
Not all APIs are the same:
- Public APIs — Open for anyone to use (often with a free tier). Examples: Twitter/X API, Stripe, Twilio
- Private APIs — Used internally between a company’s own services. Amazon’s warehouse management talks to its shipping system through private APIs
- Partner APIs — Shared with specific businesses. A retailer might get special access to a carrier’s API to print shipping labels
Common Misconception
“REST and API are the same thing.” They’re not. REST is one style of API. There’s also GraphQL (used by Facebook, GitHub) which lets clients request exactly the fields they need, and gRPC (used by Google internally) which is faster but more complex. REST is just the most common flavor.
Why APIs Changed Everything
Before APIs were standardized, integrating two software systems meant months of custom engineering. Now a developer can wire up Stripe payments in an afternoon, add Google Maps to a site in an hour, or send SMS via Twilio with five lines of code.
APIs turned software from isolated silos into a connected ecosystem where companies build on each other’s infrastructure.
One Thing to Remember
APIs are contracts between software systems — one side defines what questions it can answer and in what format, the other side asks those questions and uses the answers. The entire modern internet runs on this pattern.
See Also
- Encryption Encryption explained: how your messages and passwords stay secret even when strangers can see them.
- Git Why do millions of programmers obsess over a tool that saves old versions of their work? Because without it, one bad day can delete months of effort.
- Graphql Why do apps ask for exactly the data they need — and why that's a bigger deal than it sounds?