We’ve all used the internet before, right? If you didn’t, I’m concerned how you’ve come here. Have you ever wondered how e-commerce sites ever get all their items to be displayed on their website? Or how you can see all of your tweets, emails, etc? That’s what an API is. API is short for Application Programming Interface. Every page on the internet is stored on a remote server. When ever you type www.*site*.com into your browser, you send out a request to that sites remote server, and once your browser receives the response, whether it be a 200, or 404, it interprets the code from that endpoint, and then displays the page.

Why is an API good?

It displays data to many users on many different sites, whether it be Amazon’s API that displays all of their items they have, or a Weather API that displays the weather globally/locally. If you’re creating or already have an app, you’re not new to this thing called an “API”. Many companies also sell there API’s to people who request it. Some API’s have a limited amount of calls per day, or a certain threshold you cannot surpass. When you use an application on your phone, computer, anything, the application connects to the internet and sends data to a server. The server then retrieves that data that you requested, interprets it, and them performs the necessary actions to sent it back to you in a readable way. This is why an API is good.

API provides security

Usually, you wouldn’t keep your personal information just anywhere, or most of your savings around your room, right? Usually, people trust the banks with their money, and to see how much money you have, you would usually login on your computer or phone, and want secure methods of moving your money around, such as authorize and authenticate payments. API is similar, it’s essential to have a trusted environment that follows policies for authentication and authorization. API security comes down to managing a good AP. There are platforms that support three types of security schemes to an API, and they are:

Authentication: Usually a two token string solution (e.g. username and password).

OpenID Connect (OIDC): A simple identity layer on top of the common OAuth framework (e.g. obtain basic profile information using an authentication server, thus verifying the user).

API Key: A single token string (e.g. a small hardware device that provides unique authentication information).

I hope you enjoyed my blog on API, and why it’s an amazing tool that’s a staple on the internet!