The Layman guide to APIs (Theoretically)

The Layman guide to APIs (Theoretically)

What is an API?

An API, or application programming interface, is a set of defined rules that enable different applications to communicate with each other. The most classic analogy is to imagine API as a waiter 💁🏼‍♂️. Just like a waiter goes to and fro between the customer and the kitchen to communicate the needs and deliver the food, exactly like that an API acts as an intermediary layer that processes data transfers between systems and lets them communicate with each other.

Types of API

When talking about APIs the two most common paradigms are SOAP, simple object access protocol and REST, representation state transfer. It’s common to compare SOAP vs. REST. Although the two are often compared as apples to apples, they’re inherently different technologies and aren’t easily compared on a granular level. Why? Because SOAP is a protocol, and REST is an architectural style. A REST API can utilize the SOAP protocol, just like it can use HTTP. So, right off the bat, they’re going to be packaged differently, function differently, and be used in different scenarios.

To give you guys a bird's-eye view of the difference between the two, have a look at this table.

SOAP APIsREST APIs
More Secure: Since SOAP is a protocol, it follows a strict standard to allow communication between the client and the serverLess Secure: REST is an architectural style that doesn’t follow any strict standard
Slow and Heavy: SOAP is difficult to implement and it requires more bandwidthFast and Light: REST is easy to implement and requires less bandwidth such as smartphones.
It only supports XML format so it's easy for programmers to understand it.It supports various formats like HTML, XML and JSON. Hence easier to implement.
SOAP API calls cannot be cached, so the information has to be shared every time which makes them slowREST API calls can be cached, hence is no need to share information whenever a connection needs to be made which makes them fast

What does an API consist of?

1. An Endpoint

An endpoint is a component of an API that refers to the location of the resource, and the API uses endpoint URLs to retrieve the requested resources. For example, The Twitter API exposes data about tweets, direct messages, users, and more. Let’s say you open a specific tweet on a browser then that will have the URL https://twitter.com/priyanshi_goel_/status/1617593652808945664 in which the endpoint is the specific portion of the web address noted as "/priyanshi_goel_/status/1617593652808945664".

2. A Method

API methods are ways to communicate with the database. There are 5 methods that can be used to request, respond, modify or delete data from the database.

Rest API for dummies explained using mommies

The GET method is used to retrieve resource representation/information only. As GET requests do not change the resource’s state i.e., identical requests will produce the same result every time and the resource is not modified in any way. It only retrieves and presents the information. Hence they are said to be safe methods or idempotent.

The POST method is used to send data to the API server to create or update a resource. The simplest example is a contact form on a website. When you fill out the inputs in a form and hit Send, that data is sent to the server. This method is clearly non-idempotent as it is creating or updating data on the server.

The PUT method is similar to the POST but it is idempotent. Calling the same PUT request multiple times will always produce the same result while calling a POST request repeatedly have the side effects of creating the same resource multiple times.

The PATCH method is used only to make partial modifications to the resource i.e., to make changes to the existing data. This method is also non-idempotent.

The DELETE method is exactly as it sounds: delete the resource at the specified URL. This method is one of the more common in RESTful APIs.

3. A Header

API headers are like an extra source of information for each API call you make. Their job is to represent the meta-data associated with an API request and response. If you want to make changes to how your data is stored in the database then the header is where you do all this. A header tells you about:

  • Request and Response Body

  • Request Authorization

  • Response Caching

  • Response Cookies

4. A Body

When you need to send data from a client (let's say, a browser) to your API, you send it as a request body. Similarly, A response body is the data your API sends to the client.

REST API Post Body? - AppGyver

5. Parameters

API Parameters are options that can be passed with the endpoint to influence the response. I see you are still confused 💀. Let's see it this way, have you noticed that after hours of surfing the URL looks like gibberish? Kind of like this

www.yoursite.com?myparam1=123&myparam2=abc&myparam2=xyz

The stuff you see after .com are your parameters whose value keep changing depending upon your browsing.

6. Status Code

Status codes are response codes that are returned by web servers along with responses indicating whether a request sent by the client was processed successfully or not. Some general codes you would know are 200 (Ok), 404 (Not found) etc. There are generally 5 types of status codes

Information Responses (1xx)

This class of status codes returned by the server does not indicate any form of problem. They communicate that the request was received and understood by the server. 100 (Continue) or 102 (Processing)

Successful responses (2xx)

This class of status codes indicates the action requested by the client was received, understood, accepted, and processed successfully. 200 (Ok), 201 (Created), 202 (Accepted)

Redirection (3xx)

This class of status code communicates that a resource is no more available in the requested location. 301 (Moved Permanently), 302 (Found)

Client error responses (4xx)

This class of status code indicates that the client has either made a mistake or has been mistaken. 400 (Bad request), 401 (Unauthorized), 403 (Forbidden), 404 (Not found)

Server error responses (5xx)

This class of status code indicates that the server has either encountered an error or is incapable of performing the request. 500 (Server error), 502 (Bad gateway) etc.

How to make your API secure

As you have learned by now that REST APIs are not as secure as SOAP APIs but that doesn't mean that they can't be made more secure. There are some methods that can take the security of your REST APIs up a notch

  • Making use of OAuth Protocol: Implementing authorization and authentication i.e., verifying the identity of the user or the program with the use of passwords, multi-factor authentication etc. to check if the client is really the one they claim to be (authentication) and see if they are allowed to have access to the resources, like are they allowed to POST or GET (authorization)

  • Making use of Encryption: Since REST APIs use HTTP, encryption can be achieved by using the Transport Layer Security (TLS) protocol or its previous iteration, the Secure Sockets Layer (SSL) protocol. These protocols supply the S in “HTTPS” (“S” meaning “secure'')

  • Timestamp and Parameter Validation: Adding a timestamp to the request headers is a great way to provide security. The server will be able to control whether the request was sent within a reasonable timeframe (1–2min). You can also include parameter validation. If there are strong validation checks on the first step, the request can be rejected as soon as the validation fails.

So, that's it! If you have really read it then you are practically a layman API wizard (theoretically ofcourse). Stay tuned for more stuff 🤙🏼

API First! Make Backend great again! - Donald Trump | Make a Meme