Architecture Basic

API

Application Programming Interface. A set of rules and protocols that allows different software systems to communicate with each other.

Pronunciation

/ˌeɪ.piːˈaɪ/
"ay-pee-eye"
Listen on: Forvo Cambridge

What is it

API stands for Application Programming Interface. It’s the set of rules that defines how two applications can talk to each other.

Think of it as a contract between systems: “if you ask me this in this format, I’ll respond with that”.

The Waiter Analogy

The most widely used (and clearest) analogy:

You’re in a restaurant. You are the customer (your application). The kitchen is the server (database or external system). The waiter is the API — takes your order in a standard format, delivers it to the kitchen, and brings back the response.

You don’t need to know how the kitchen works. You just need to know how to talk to the waiter.

Most Common API Types

TypeDescriptionUse case
RESTToday’s standard. Uses URLs and HTTPMost web apps
GraphQLLets you request exactly what you needComplex dashboards
SOAPOlder XML-based protocolLegacy enterprise systems
WebSocketReal-time bidirectional communicationChat, live notifications

How an API Request Works

Your app → [GET /users/123] → API Server

Your app ← [{ id: 123, name: "Ana" }] ← Database
  1. Your app sends a request with a method (GET, POST, PUT, DELETE)
  2. The server processes the request and queries data
  3. The server responds with data in JSON or XML format

APIs in the Real World

When you use everyday services, APIs are working behind the scenes:

  • “Pay with PayPal” on a store → PayPal’s API
  • “Sign in with Google” → Google’s OAuth API
  • Embedded map on a website → Google Maps API
  • Push notifications on your phone → Firebase API

Why It Matters for Your Business

When evaluating software in 2026, APIs determine whether systems can grow and connect:

✅ System with a good API:

  • Can connect to your existing CRM, ERP, or payment system
  • Allows building mobile apps or web portals on top of it
  • Integrates with future tools without rewriting everything

❌ System without API (or with a poorly designed one):

  • It’s an island. Data trapped inside
  • Every integration requires expensive, fragile work
  • Hard to scale or adapt to new business needs

API Security

Well-designed APIs include security mechanisms:

  • API Key: unique password per client (who can call)
  • JWT / OAuth: tokens that verify identity and permissions
  • Rate Limiting: requests-per-minute cap (prevents abuse)
  • HTTPS: encrypted communication channel
  • [[REST]] - The most popular architectural style for designing APIs
  • [[Endpoint]] - The specific URL where an API resource lives
  • [[JWT]] - Token format for authenticating requests
  • [[Microservices]] - Architecture where each service exposes its own API

Additional Resources:

All terms