An API, or application programming interface, is a set of rules that lets two software systems share data and functionality. It acts as a bridge between applications, without exposing their internal workings.
While the idea originated in the 1940s, the API economy exploded as microservices became more popular in the 2010s. In a microservice architecture, a suite of smaller, loosely coupled services work together to act as a single application, driving digital transformation. To do this, however, those services must interact seamlessly.
We’ll walk you through the ins and outs of APIs, including how they work, what types exist, what purposes they serve, how to integrate them, and more.
How do APIs work?
Pretty much anyone who knows anything about APIs will tell you they’re the software equivalent of a restaurant waiter taking your order, bringing it to the kitchen, and then returning to your table with the food you ordered.
In more technical terms, an API generally serves as a set of rules between an application and a server that governs how they communicate with each other. The defined communication protocol allows apps to be developed, connected, and integrated more quickly and at scale.
Here’s how an API works:
API request: A request originates from a client application and is processed via the API’s management system or the API gateway.
API call: The API’s management system or the API gateway calls the web server or external program.
API response: The server sends the requested information to the API.
API data transfer: The API communicates the data to the client application that requested it.
What are the types of APIs?
The term “API” is often used generically to refer to any API. But the truth is there are several different varieties. They can be broken down by management strategy and purpose.
By API management strategy
Public API: Also known as an open API or an external API, a public API is accessible to any outside developer. Some public APIs are free, but others have a subscription fee. Public APIs often restrict shared assets and have lower authentication measures.
Partner API: Partner APIs are reserved for authorized business partners who have completed an onboarding process and received an official license. This gives the API owner more control over who uses the API and how they use it. Because of their more restricted access, partner APIs tend to have stronger security measures than public APIs.
Private API: Also known as internal APIs, private APIs are used by internal software development teams to enhance productivity by connecting systems and data. They are a scalable solution that makes it easy to incorporate new systems with existing systems. Private APIs are not available to outside users, but some companies eventually make them public.
Composite API: A composite API consists of two or more data or service APIs, allowing access to several endpoints per call. Bundling calls and responses reduces the server load to improve system speed. This is especially useful for a microservice architecture since a single task may need data from multiple sources.
By purpose
System API: A system API extracts data from core systems, such as an ERP or billing system.
Process API: A process API combines data from multiple system APIs to break down data silos and improve agility.
Experience API: An experience API targets user experience by reconfiguring data based on audience and context.
What’s the difference between remote APIs, web APIs, and web services?
A remote API interacts through a communications network. While not all remote APIs use the internet and an HTTP protocol, many do, which qualifies them as web APIs. That means that while web APIs are also remote APIs, some remote APIs are not web APIs. That said, most APIs fall into both categories.
Similarly, a web service is a type of API, but not all APIs qualify as web services. A web service must communicate over a network and typically limits access to approved partners. It often uses the SOAP protocol, which we’ll unpack that in the next section.
What API protocols and architectures are available ?
API architectures and protocols control what data the API shares and how it shares that information. Three main options are available:
REST (Representational State Transfer)
The most common API architecture. REST APIs are lightweight, scalable, and designed for simplicity.
Core principles:
Client-server separation: Clients and servers operate independently.
Stateless: Every request is self-contained — no memory of previous interactions.
Uniform interface: Standard rules govern communication.
Layered system: API calls can pass through multiple layers without changing format.
Cacheable: Responses can be stored to improve performance.
RESTful APIs are widely used in web services due to their flexibility and ease of integration.
SOAP (Simple Object Access Protocol)
A protocol that defines exactly how APIs exchange messages. It uses XML and often runs over HTTP.
What makes SOAP different:
Strict formatting: Every message follows a fixed XML structure.
Built-in security: SOAP includes standards for authentication and access control.
More overhead: Powerful, but heavier and harder to implement than REST.
SOAP is still popular in enterprise systems that require formal contracts and secure transactions.
RPC (Remote Procedure Call)
A protocol that lets one system trigger a function on another system, like calling a script remotely.
Key traits:
Minimalist format: Uses JSON-RPC or XML-RPC to send instructions.
Low complexity: Fast and lightweight, but lacks modern security features.
Use case: Good for internal tools or simple systems, but rarely used for public-facing APIs.
What are the uses of APIs?
The uses of APIs are limited only by your creativity. However, many businesses use them for the following purposes:
Expand reach: APIs can help their owners expand their reach and brand recognition. This is particularly true for a public API, around which an entire ecosystem of apps may spring up.
Generate revenue: While some companies offer APIs for free to build relationships, others sell an API key, creating a direct revenue stream. In some cases, APIs can also provide revenue in other ways, such as by creating a sales funnel or distribution channel.
Improve collaboration: The average enterprise uses a staggering number of cloud apps: nearly 1,200. Without APIs to connect them, the information in each application can become siloed, limiting collaboration.
Enhance efficiency and scalability: Since APIs automate data handoff between applications, employees don’t need to go through a time-consuming, error-prone manual process. API integrations can also improve scalability by simplifying the process of connecting systems and applications.
Promote innovation: Because of their flexibility, APIs support innovation. They may allow companies to connect with new business partners, launch new services, and add value.
Improve visibility: A streamlined system improves visibility into processes, allowing for better monitoring and reporting.
What are examples of APIs?
APIs are so standard that you may have utilized one today without even realizing it. While APIs have widespread uses, here are a few common instances you’re probably familiar with:
Travel booking
If you’ve ever looked up airfare on an airline’s website, you interacted with the airline’s API. You requested flight information, and the API retrieved it from the company’s database. Travel booking platforms use even more APIs to access information from multiple hotels and airlines.
Google Maps
The Google Maps API gives developers access to a wealth of geographic data, including interactive maps. Businesses often leverage this tool to give potential customers clear driving directions to their locations.
Universal logins
Many websites and apps allow users to sign in through other platforms and social media, like Google, Facebook, and Twitter. They do this by authenticating users through the services’ APIs, thereby saving users the trouble of setting up a new account and remembering yet another password.
Third-party payment processing
“Pay with PayPal” has become ubiquitous on e-commerce platforms. This API allows users to pay for items without exposing sensitive data.
How do you integrate APIs?
Depending on your company’s needs, timeframe, and budget, several methods are available for integrating APIs. Review the API documentation and assess your goals to decide what is best for your company.
Custom integrations
Custom integrations are developed by a skilled expert to connect existing third-party systems for greater functionality. Since custom integrations tend to be costly and time consuming, they are fading in popularity.
Connector applications
Connector applications serve as intermediaries between popular software platforms via their APIs to help manage and maintain integrations. Because connector applications tend to be affordable and easy to use, they’re quite popular. They may be classified by the app or protocol they support, so you can find options like Salesforce connectors, HTTP connectors, and JDBC connectors.
Integration management platforms
API integration management platforms are typically SaaS applications used to connect other SaaS applications and cloud-based systems. With one request, they can collect and combine data from multiple sources in a single query. They act as Integration Platform as a Service (iPaaS) solutions.
What are common API errors, and how do you fix them?
Most API errors break down into two main categories: request errors and server errors. You can often determine the cause of the error and how to fix it by the HTTP status code.
Request errors
Request errors are generally client-side errors. They have 400-level HTTP status codes, such as the following:
400 Bad Request: This infuriatingly vague message just means something went wrong. Check your request and cross your fingers that you find an issue with your header, query, or body field.
401 Unauthorized: If you’re not authenticated, you could get this error. You may need to sign up and get an API key.
403 Forbidden: While you’re authenticated, you’re not allowed to make the request based on your permissions. This may occur if you try to access features beyond your subscription plan or you use the wrong API key.
404 Not Found: This is the most common error code, and it can have several potential meanings. While it usually indicates something is wrong on the client side, it can also result from a server problem. The first troubleshooting step should be checking the client code for typos.
429 Too Many Requests: API subscriptions often have limits per minute, per hour, and/or per day. If you exceed those limits, you may get this message. Be aware of your limits and consider adjusting your subscription if necessary.
Server errors
If you see a 500-level HTTP status code, you’re probably experiencing a server error. You may need to contact API support to resolve the issue.
500 Internal Server Error: This generally means the API server crashed, but it may be worth checking your docs to make sure everything is right on your end.
501 Not Implemented: If the API developer has not yet implemented the HTTP method you used to request a URL, you may get this status. Trying a different method may yield better results.
502 Bad Gateway: Instead of reaching the API server, you contacted a gateway or a proxy server. While that server attempted to call the API server, the API server did not respond.
503 Service Unavailable: If a server receives too many requests and is overloaded, you’ll get this message. You might try again later.
504 Gateway Timed Out: This status is similar to 502 in that it means you contacted a gateway or a proxy server. However, in this case, the API server didn’t respond quickly enough. If you are requesting a high volume of data, breaking it down into smaller chunks may help.
APIs are the unsung heroes behind the digital tools we rely on every day. Whether you're connecting systems, automating tasks, or just trying to fix a mysterious 401 error, a solid grasp of API fundamentals can save you time and sanity.
If you're looking to dig deeper into the tech that powers your environment, check out our Sysadmin Glossary for quick-hit definitions on everything from ACLs to XML. And if you ever hit a wall, the PDQ community is always a good place to trade tips, troubleshoot, or just swap war stories.
