An API, or application programming interface, is a set of rules or protocols that let software applications communicate with each other to exchange data, features and functionality.
APIs simplify application development by allowing developers to integrate data, services and capabilities from other applications, instead of developing them from scratch. APIs also give application owners a simple, secure way to make their application data and functionality available to internal departments within their organizations. Application owners can also share or market that data and functionality to business partners or third parties.
Learn how intelligent automation can make your business operations a competitive advantage.
Register for the guide to operationalize FinOps
A simple way to understand how APIs work is to look at a common example—third-party payment processing. When a user purchases a product on an ecommerce site, they may be prompted to “Pay with Paypal” or another type of third-party system. This function relies on APIs to make the connection.
When the buyer clicks the payment button, an API calls to retrieve information—also known as a request. This request is processed from an application to the web server through the API’s Uniform Resource Identifier (URI) and includes a request verb, headers, and sometimes, a request body.
After receiving a valid request from the product webpage, the API makes a call to the external program or web server, in this case, the third-party payment system.
The server sends a response to the API with the requested information.
The API transfers the data to the initial requesting application, here the product website.
While the data transfer will differ depending on the web service being used, the requests and responses all happen through an API. There is no visibility on the user interface, meaning APIs exchange data within the computer or application, and appear to the user as a seamless connection.
APIs simplify design and development of new applications and services, and integration and management of existing ones. But they offer other significant benefits to developers and organizations at large.
The average enterprise uses almost 1,200 cloud applications (link resides outside ibm.com), many of which are disconnected. APIs enable integration so that these platforms and apps can seamlessly communicate with one another. Through this integration, companies can automate workflows and improve workplace collaboration. Without APIs, many enterprises would lack connectivity, causing information silos that compromise productivity and performance.
APIs offer flexibility, allowing companies to make connections with new business partners and offer new services to their existing market. This flexibility enables companies to, ultimately, access new markets that can generate massive returns and drive digital transformation. For example, the company Stripe began as an API with just seven lines of code. The company has since partnered with many of the biggest enterprises in the world. Stripe has diversified to offer loans and corporate cards, and was valued at USD 36 billion (link resides outside ibm.com).
Many companies choose to offer APIs for free, at least initially, so that they can build an audience of developers around their brand and forge relationships with potential business partners. If the API grants access to valuable digital assets, the businesses monetize it by selling access. This practice is referred to as the API economy. When AccuWeather (link resides outside ibm.com) launched its self-service developer portal to sell a wide range of API packages, it took just 10 months to attract 24,000 developers, selling 11,000 API keys. This move helped to build a thriving community in the process.
APIs separate the requesting application from the infrastructure of the responding service, and offer layers of security between the two as they communicate. For example, API calls typically require authentication credentials. HTTP headers, cookies or query strings can provide additional security during data exchange. And an API gateway can control access to further minimize security threats.
APIs provide added protection within a network. They can also provide another layer of protection for personal users. When a website requests a user’s location, which is provided through a location API, the user can then decide whether to allow or deny this request. Many web browsers and mobile operating systems, like iOS, have permission structures built-in when APIs request access to applications and their data. When the app must access files through an API, file systems such as windows, Mac and Linux use permissions for that access.
Today most APIs are web APIs that expose an application's data and functionality over the internet. Here are the four main types of web API:
Open APIs are open source application programming interfaces you can access with the HTTP protocol. Also known as public APIs, they have defined API endpoints and request and response formats.
Partner APIs connect strategic business partners. Typically, developers access these APIs in self-service mode through a public API developer portal. Still, they need to complete an onboarding process and get login credentials to access partner APIs.
Internal APIs remain hidden from external users. These private APIs aren't available for users outside of the company and are instead intended to improve productivity and communication across different internal development teams.
Composite APIs combine multiple data or service APIs. They allow programmers to access several endpoints in a single call. Composite APIs are useful in microservices architecture where performing a single task may require information from several sources.
Because APIs allow companies to open access to their resources while maintaining security and control, they have become a valuable aspect of modern business and personal applications. Here are some popular examples of API uses that users encounter almost every day:
A popular API example is the function that enables people to log in to websites by using their Facebook, Twitter or Google profile login details. This convenient feature allows any website to leverage an API from one of the more popular services for quick authentication. This capability helps save them the time and hassle of setting up a new profile for every web application or new membership.
These “smart devices” offer added functionality, such as internet-enabled touchscreens and data collection, through APIs. For example, a smart fridge can connect to recipe applications or take and send notes to mobile phones through text message. Internal cameras connect to various applications so that users can see the contents of the refrigerator from anywhere.
Travel booking sites aggregate thousands of flights, showcasing the cheapest options for every date and destination. APIs enable this service by providing application users access to the latest information about availability from hotels and airlines. This access is available either through a web browser or the travel booking company’s own application. With an autonomous exchange of data and requests, APIs dramatically reduce the time and effort involved in checking for available flights or accommodation.
The mapping apps use core APIs that display static or interactive maps. These apps also use other APIs and features to provide users with directions, speed limits, points of interest, traffic warnings and more. Users communicate with an API when plotting travel routes or tracking items on the move, such as a delivery vehicle.
Each tweet contains descriptive core attributes, including an author, a unique ID, a message, a timestamp when it was posted and geolocation metadata. Twitter makes the core attributes of public tweets and replies available to developers and allows them to post tweets on other webpages through the company's API.
APIs are an integral part of the growth in software-as-a-service (SaaS) products. Platforms like CRMs (customer relationship management tools) often include a number of built-in APIs that let companies integrate with applications they already use, such as messaging, social media and email apps. This integration drastically reduces time spent switching between applications for sales and marketing tasks. It also helps reduce or prevent data silos that may exist between departments using different applications.
As the use of web APIs has increased, it has lead to the development of certain protocols. These protocols provide users with a set of defined rules, or API specifications that create accepted data types commands and syntax. In effect, these API protocols facilitate standardized information exchange.
SOAP (Simple Object Access Protocol): Built with XML, SOAP enables endpoints to send and receive data through SMTP and HTTP. SOAP APIs make it easier to share information between apps or software components that are running in different environments or written in different languages.
XML-RPC (XML-Remote Procedure Call): The XML-RPC protocol relies on a specific XML format to transfer data. XML-RPC is older than SOAP, but much simpler, and relatively lightweight in that it uses minimum bandwidth.
REST (Representational State Transfer): REST is a set of web API architecture principles. REST APIs—also known as a RESTful API)—are APIs that adhere to certain REST architectural constraints. It’s possible to build RESTful APIs with SOAP protocols, but the two standards are usually viewed as competing specifications.
A web service is a software component that can be accessed and facilitates data transfers through a web address. Because a web service exposes an application’s data and functionality to other applications, in effect, every web service is an API. However, not every API is a web service.
APIs are any software component that serves as an intermediary between two disconnected applications. While web services also connect applications, they require a network to do so. Where some APIs are open source, web services are typically private and only approved partners may access them.
Microservices is an architectural style that divides an application into smaller, independent components (also called microservices), connected using REST APIs. Building an application as a collection of separate services enables developers to work on one application component independent of the others, and makes applications easier to test, maintain and scale.
Manage your API lifecycle across multiple clouds, boost socialization and optimize monetization efforts across your entire business ecosystem.
Connect, automate and unlock business potential with Integration solutions.
Connect applications, data, business processes and services, whether they are hosted on-premises, in a private cloud or within a public cloud environment.
Learn how REST APIs provide a flexible, lightweight way to integrate applications and to connect components in microservices architectures.
Learn about API management and how a unified API management platform can help your organization scale.
Read why IBM was named as a Leader in the 2023 Gartner® Critical Capabilities for API Management report.
Discover the different types of APIs, protocols and development styles and how each one optimizes data management between systems.
Use IBM API Connect to secure and manage enterprise APIs throughout their lifecycle. It helps you and your customers consistently create, manage, secure, socialize and monetize enterprise APIs, and is also available as a highly scalable API management platform on IBM Marketplace and AWS.