The way that the internet is going and micro apps and micro SaaS at some point you will have to learn about API’s.
I’ve put this super simple crash course together to get you started.
Super simple learning page that’s helped several of my team pick up the basics.
API Learning Portal
Track your progress and master APIs with interactive exercises.
Understanding API Basics
Learn what APIs are, how they work, and why they are important.
Making API Requests
Master HTTP methods and learn how to construct API requests.
Interpreting API Responses
Understand how to read and handle API responses.
API Authentication & Security
Learn how to secure your API interactions.
Integrating APIs into Applications
Embed API calls into your applications and handle responses.
Advanced API Concepts
Dive into more complex API usage.
How do APIs work?
APIs work by sharing data between applications, systems, and devices. This happens through a request and response cycle. The request is sent to the API, which retrieves the data and returns it to the user. Here’s a high-level overview of how that process works.
Let’s use the example of a restaurant to explain how APi works below. If any wording is confusing try my API terminology guide link found here.
1. API client
The API client is responsible for starting the conversation by sending the request to the API server. The request can be triggered in many ways. For instance, a user might initiate an API request by entering a search term or clicking a button. API requests may also be triggered by external events, such as a notification from another application.
2. API request
An API request will look and behave differently depending on the type of API, but it will typically include the following components:
- Endpoint: An API endpoint is a dedicated URL that provides access to a specific resource. For instance, the /articles endpoint in a blogging app would include the logic for processing all requests that are related to articles.
- Method: The request’s method indicates the type of operation the client would like to perform on a given resource. REST APIs are accessible through standard HTTP methods, which perform common actions like retrieving, creating, updating, and deleting data.
- Parameters: Parameters are the variables that are passed to an API endpoint to provide specific instructions for the API to process. These parameters can be included in the API request as part of the URL, in the query string, or in the request body. For example, the /articles endpoint of a blogging API might accept a “topic” parameter, which it would use to access and return articles on a specific topic.
- Request headers: Request headers are key-value pairs that provide extra details about the request, such as its content type or authentication credentials.
- Request body: The body is the main part of the request, and it includes the actual data that is required to create, update, or delete a resource. For instance, if you were creating a new article in a blogging app, the request body would likely include the article’s content, title, and author.
3. API server
The API client sends the request to the API server, which is responsible for handling authentication, validating input data, and retrieving or manipulating data.
Most business use cases for APIs will look like the below, some may differ but the basic use case is below.
4. API response
Finally, the API server sends a response to the client. The API response typically includes the following components:
- Status code: HTTP status codes are three-digit codes that indicate the outcome of an API request. Some of the most common status codes include 200 OK, which indicates that the server successfully returned the requested data, 201 Created, which indicates the server successfully created a new resource, and 404 Not Found, which indicates that the server could not find the requested resource.
- Response headers: HTTP response headers are very similar to request headers, except they are used to provide additional information about the server’s response.
- Response body: The response body includes the actual data or content the client asked for—or an error message if something went wrong.
In order to better understand this process, it can be useful to think of APIs like restaurants. In this metaphor, the customer is like the user, who tells the waiter what she wants. The waiter is like an API client, receiving the customer’s order and translating it into easy-to-follow instructions for the kitchen—sometimes using specific codes or abbreviations that the kitchen staff will recognise. The kitchen staff is like the API server because it creates the order according to the customer’s specifications and gives it to the waiter, who then delivers it to the customer.
API Tooling Network
The network of API tooling is forever increasing, working with APIs, the landscape of tools grows exponentially.
To help navigate the growing ecosystem, I’ve tried to map out the key categories and tools that have proven valuable in real-world projects.
Here’s a breakdown:
Protection Layer:
Cloudflare: A go-to for DDoS protection and CDN services
AWS WAF (Web Application Firewall): Protects web apps from common exploits
Azure Firewall: Cloud-native network security solution
Code Generation:
Swagger Codegen: Generate server stubs and client SDKs
RAML Codegen: Generate APIs from RAML specifications
Monitoring:
Datadog: Unified monitoring and analytics platform
New Relic: Real-time performance monitoring
AppDynamics: Application performance management & IT operations analytics
Deployment and Management:
Azure API Management: Fully managed gateway for APIs
AWS API Gateway: Create, publish, and secure APIs at scale
Kong: Open-source API gateway and microservices management layer
Apigee: API management and predictive analytics platform
IBM API Connect: Create, run, manage, and secure APIs
Security:
API Fortress: Continuous API testing and monitoring
Nessus: Vulnerability assessment tool
Auth0: Identity platform for authentication and authorization
Burp Suite: Web vulnerability scanner
OWASP ZAP: Open-source web app scanner
Testing:
SoapUI: API testing tool for SOAP and REST APIs
Rest-Assured: Java DSL for easy testing of REST services
Mockoon: Quickly create mock APIs
JMeter: Load testing tool for analyzing and measuring performance
WireMock: Mock your APIs for fast, robust, and comprehensive testing
Design and Development:
API Blueprint: API description language
Postman: Collaboration platform for API development
Swagger (OpenAPI): Interface description language for RESTful APIs
RAML: RESTful API Modeling Language
FakeRest: Fake a REST API for prototyping or testing
Additional Tools:
Keycloak: Open-source identity and access management
MuleSoft Anypoint Platform: Integration and API platform
Okta: Identity and access management platform
What are some common API use cases?
APIs are extremely versatile, and they support a wide range of use cases that includes:
1. Integrating with internal and external systems
One of the most common reasons developers turn to APIs is to integrate one system with another. For instance, you can use an API to integrate your customer relationship management (CRM) system with your marketing automation system, which would allow you to automatically send a marketing email when a sales representative adds a new prospective customer to the CRM.
2. Adding or enhancing functionality
APIs let you incorporate additional functionality into your application, which can improve your customers’ experience. For instance, if you’re working on a food delivery application, you might incorporate a third-party mapping API to let users track their order while it’s en route.
3. Connecting IoT devices
APIs are essential to the Internet of Things (IoT) ecosystem, which includes devices such as smartwatches, fitness trackers, doorbells, and home appliances. Without APIs, these devices would not be able to connect to the cloud—or to one another—which would render them useless.
4. Creating more scalable systems
APIs are used to implement microservice-based architectures, in which applications are built as a collection of small services that communicate with one another through private APIs. Microservices are managed, deployed, and provisioned independently of one another, which enables teams to scale their systems in a reliable yet cost-efficient way.
5. Reducing costs
APIs help organizations reduce operational costs by automating time-intensive tasks, such as sending emails, pulling reports, and sharing data between systems. They can also reduce development costs by enabling teams to reuse existing functionality, instead of reinventing the wheel.
6. Improving organizational security and governance
APIs power many workflows that are essential for organizational security. For instance, single sign-on (SSO), which enables users to use one username and password for multiple systems, is made possible by APIs. APIs are also used to enforce and automate corporate governance rules and policies, such as a requirement that expenses be approved before employees are reimbursed.
As developers and tech leaders, you need to stay informed about changes to the tooling for the task at hand. They not only streamline our workflows but also help us build more secure, efficient, and scalable API-driven applications.
While it’s great to know about all these tools, focus on mastering the ones that align best with your project needs and tech stack. I hope this page has been helpful.