Learn API Development

The way that the internet is going and micro apps and micro SaaS at some point you will have to learn about API’s.
I’ve put this super simple crash course together to get you started.

Super simple learning page that’s helped several of my team pick up the basics.

API Learning Portal

API Learning Portal

Track your progress and master APIs with interactive exercises.

Understanding API Basics

Learn what APIs are, how they work, and why they are important.

Making API Requests

Master HTTP methods and learn how to construct API requests.

Interpreting API Responses

Understand how to read and handle API responses.

API Authentication & Security

Learn how to secure your API interactions.

Integrating APIs into Applications

Embed API calls into your applications and handle responses.

Advanced API Concepts

Dive into more complex API usage.

© API Learning Portal

How do APIs work?

APIs work by sharing data between applications, systems, and devices. This happens through a request and response cycle. The request is sent to the API, which retrieves the data and returns it to the user. Here’s a high-level overview of how that process works.

Let’s use the example of a restaurant to explain how APi works below. If any wording is confusing try my API terminology guide link found here.

explaining apis
Postman

1. API client

The API client is responsible for starting the conversation by sending the request to the API server. The request can be triggered in many ways. For instance, a user might initiate an API request by entering a search term or clicking a button. API requests may also be triggered by external events, such as a notification from another application.

2. API request

An API request will look and behave differently depending on the type of API, but it will typically include the following components:

  • Endpoint: An API endpoint is a dedicated URL that provides access to a specific resource. For instance, the /articles endpoint in a blogging app would include the logic for processing all requests that are related to articles.
  • Method: The request’s method indicates the type of operation the client would like to perform on a given resource. REST APIs are accessible through standard HTTP methods, which perform common actions like retrieving, creating, updating, and deleting data.
  • Parameters: Parameters are the variables that are passed to an API endpoint to provide specific instructions for the API to process. These parameters can be included in the API request as part of the URL, in the query string, or in the request body. For example, the /articles endpoint of a blogging API might accept a “topic” parameter, which it would use to access and return articles on a specific topic.
  • Request headers: Request headers are key-value pairs that provide extra details about the request, such as its content type or authentication credentials.
  • Request body: The body is the main part of the request, and it includes the actual data that is required to create, update, or delete a resource. For instance, if you were creating a new article in a blogging app, the request body would likely include the article’s content, title, and author.

3. API server

The API client sends the request to the API server, which is responsible for handling authentication, validating input data, and retrieving or manipulating data.

Most business use cases for APIs will look like the below, some may differ but the basic use case is below.

business use case apis

4. API response

Finally, the API server sends a response to the client. The API response typically includes the following components:

  • Status code: HTTP status codes are three-digit codes that indicate the outcome of an API request. Some of the most common status codes include 200 OK, which indicates that the server successfully returned the requested data, 201 Created, which indicates the server successfully created a new resource, and 404 Not Found, which indicates that the server could not find the requested resource.
  • Response headers: HTTP response headers are very similar to request headers, except they are used to provide additional information about the server’s response.
  • Response body: The response body includes the actual data or content the client asked for—or an error message if something went wrong.

In order to better understand this process, it can be useful to think of APIs like restaurants. In this metaphor, the customer is like the user, who tells the waiter what she wants. The waiter is like an API client, receiving the customer’s order and translating it into easy-to-follow instructions for the kitchen—sometimes using specific codes or abbreviations that the kitchen staff will recognise. The kitchen staff is like the API server because it creates the order according to the customer’s specifications and gives it to the waiter, who then delivers it to the customer.


API Tooling Network


The network of API tooling is forever increasing, working with APIs, the landscape of tools grows exponentially.
To help navigate the growing ecosystem, I’ve tried to map out the key categories and tools that have proven valuable in real-world projects.

Here’s a breakdown:

Protection Layer:

cloudflare
aws waf
azure f

Cloudflare: A go-to for DDoS protection and CDN services

AWS WAF (Web Application Firewall): Protects web apps from common exploits

Azure Firewall: Cloud-native network security solution

Code Generation:

swagger
RAML

Swagger Codegen: Generate server stubs and client SDKs


RAML Codegen: Generate APIs from RAML specifications

Monitoring:

datadog
new relic
app dynamics

Datadog: Unified monitoring and analytics platform


New Relic: Real-time performance monitoring


AppDynamics: Application performance management & IT operations analytics


Deployment and Management:

azure deploy
aws api
kong
apigee
ibm

Azure API Management: Fully managed gateway for APIs

AWS API Gateway: Create, publish, and secure APIs at scale

Kong: Open-source API gateway and microservices management layer


Apigee: API management and predictive analytics platform


IBM API Connect: Create, run, manage, and secure APIs

Security:

api fortress
nessus
auth0
burp suite
wsap zap

API Fortress: Continuous API testing and monitoring


Nessus: Vulnerability assessment tool

Auth0: Identity platform for authentication and authorization


Burp Suite: Web vulnerability scanner


OWASP ZAP: Open-source web app scanner


Testing:

soap ui
rest assured
mockoon
Jmeter
wire mock

SoapUI: API testing tool for SOAP and REST APIs


Rest-Assured: Java DSL for easy testing of REST services


Mockoon: Quickly create mock APIs


JMeter: Load testing tool for analyzing and measuring performance


WireMock: Mock your APIs for fast, robust, and comprehensive testing


Design and Development:

blueprint api
postman
swagger codegen
raml html
rest

API Blueprint: API description language


Postman: Collaboration platform for API development


Swagger (OpenAPI): Interface description language for RESTful APIs


RAML: RESTful API Modeling Language


FakeRest: Fake a REST API for prototyping or testing


Additional Tools:

keycloak
mulesoft
OKTA

Keycloak: Open-source identity and access management

MuleSoft Anypoint Platform: Integration and API platform

Okta: Identity and access management platform


What are some common API use cases?

APIs are extremely versatile, and they support a wide range of use cases that includes:

1. Integrating with internal and external systems

One of the most common reasons developers turn to APIs is to integrate one system with another. For instance, you can use an API to integrate your customer relationship management (CRM) system with your marketing automation system, which would allow you to automatically send a marketing email when a sales representative adds a new prospective customer to the CRM.

2. Adding or enhancing functionality

APIs let you incorporate additional functionality into your application, which can improve your customers’ experience. For instance, if you’re working on a food delivery application, you might incorporate a third-party mapping API to let users track their order while it’s en route.

3. Connecting IoT devices

APIs are essential to the Internet of Things (IoT) ecosystem, which includes devices such as smartwatches, fitness trackers, doorbells, and home appliances. Without APIs, these devices would not be able to connect to the cloud—or to one another—which would render them useless.

4. Creating more scalable systems

APIs are used to implement microservice-based architectures, in which applications are built as a collection of small services that communicate with one another through private APIs. Microservices are managed, deployed, and provisioned independently of one another, which enables teams to scale their systems in a reliable yet cost-efficient way.

5. Reducing costs

APIs help organizations reduce operational costs by automating time-intensive tasks, such as sending emails, pulling reports, and sharing data between systems. They can also reduce development costs by enabling teams to reuse existing functionality, instead of reinventing the wheel.

6. Improving organizational security and governance

APIs power many workflows that are essential for organizational security. For instance, single sign-on (SSO), which enables users to use one username and password for multiple systems, is made possible by APIs. APIs are also used to enforce and automate corporate governance rules and policies, such as a requirement that expenses be approved before employees are reimbursed.

uses


As developers and tech leaders, you need to stay informed about changes to the tooling for the task at hand. They not only streamline our workflows but also help us build more secure, efficient, and scalable API-driven applications.

While it’s great to know about all these tools, focus on mastering the ones that align best with your project needs and tech stack. I hope this page has been helpful.