What is an API?

API stands for “application programming interface”. It refers to a set of capabilities built into a piece of software that allow other programs to access its functions.

Who would use an API?

Many applications offer a public API. This is a set of functions that anyone can take advantage of in their own programs. For example, to integrate their own code with a mainstream piece of software. Documentation is published to help developers get the best from the API, and major changes won’t be rolled out without warning.

Developers may also use APIs to make their own software components work together. These are called internal APIs, as they’re not intended to be used by anyone outside of the development team. While third parties may be able to make use of internal API functions, the details are not normally publicly documented, and their workings could be updated or changed at any time.

What sort of programs offer APIs?

Many major desktop applications have extensive public APIs. For example, Microsoft Office offers functions that allow developers to add custom features, or use Office functions and data in their own applications. Web services can offer APIs too. Weather and travel sites provide public APIs so that partner sites can extract and aggregate key information.

Meanwhile, social media platforms such as Facebook and TikTok offer APIs that app developers can use to integrate media content into their apps. Or to embed their apps in a user’s online feed.

How do I add an API to my own platform?

A simple API could be implemented via a web server, which receives data requests over an HTTP connection and returns information in response. This would be called a REST architecture, short for representational state transfer.

A more sophisticated model is SOAP (Simple Object Access Protocol). This works similarly to REST, but is more strictly defined. All messages must be encoded in XML, and security standards are enforced to ensure that API calls can’t be spoofed or intercepted by a third party.

Other types of API might use the remote procedural call (RPC) model. Here, a connecting program sends commands and parameters to the API, which responds by carrying out actions.

What are the risks of using APIs?

Creating any sort of API – whether public or internal – risks opening up security issues. For example, Facebook has experienced huge data leaks through abuse of a public API. And only last year, Australian telecoms provider Optus revealed that an attacker had exploited an internal API to access the personal information of up to ten million customers.

There are also risks for those who make use of APIs, since their code relies on a service they don’t control. Several publishers of third-party social media tools were recently caught out when Twitter terminated its public API without warning, making their products worthless. (Incidentally, if you haven’t yet set up two-factor authentication for Twitter, then now is the time.)