An application program interface (API) is code that allows two software programs to communicate with each other.
The API defines the correct way for a developer to write a program that requests services from an operating system (OS) or other application. APIs are implemented by function calls composed of verbs and nouns. The required syntax is described in the documentation of the application being called.
How APIs work
APIs are made up of two related elements. The first is a specification that describes how information is exchanged between programs, done in the form of a request for processing and a return of the necessary data. The second is a software interface written to that specification and published in some way for use.
The software that wants to access the features and capabilities of the API is said to call it, and the software that creates the API is said to publish it.
Why APIs are important for business
The web, software designed exchange information via the internet and cloud computing have all combined to increase the interest in APIs in general and services in particular.
Software that was once custom-developed for a specific purpose is now often written referencing APIs that provide broadly useful features, reducing development time and cost and mitigating the risk of errors.
APIs have steadily improved software quality over the last decade, and the growing number of web services exposed through APIs by cloud providers is also encouraging the creation of cloud-specific applications, internet of things (IoT) efforts and apps to support mobile devices and users.
Three basic types of APIs
APIs take three basic forms: local, web-like and program-like.
Local APIs are the original form, from which the name came. They offer OS or middleware services to application programs. Microsoft's .NET APIs, the TAPI (Telephony API) for voice applications, and database access APIs are examples of the local API form.
Web APIs are designed to represent widely used resources like HTML pages and are accessed using a simple HTTP protocol. Any web URL activates a web API. Web APIs are often called REST (representational state transfer) or RESTful because the publisher of REST interfaces doesn't save any data internally between requests. As such, requests from many users can be intermingled as they would be on the internet.
Program APIs are based on remote procedure call (RPC) technology that makes a remote program component appear to be local to the rest of the software. Service oriented architecture (SOA) APIs, such as Microsoft's WS-series of APIs, are program APIs.
Why API design matters
Traditionally the applications that publish APIs have to be written in a programming language, but because APIs are increasingly generalized, additional validation of an API's structure is important.
Good API design is critical for successful API use, and software architects spend considerable time reviewing all the possible applications of an API and the most logical way for it to be used.
The data structures and parameter values are of particular importance because they must match between the caller of an API and its publisher.
REST and the web
Although applications that call APIs have traditionally been written in programming languages, the internet and the cloud are changing that. Web APIs can be called through any programming languages, but can also be accessed by webpages created in HTML or application generator tools.
The increased role the web plays in our lives and business activities has resulted in an explosion in the REST model and the use of simple programming tools, or even no programming at all, for API access.
API examples in the developer community
Operating systems and middleware tools expose their features through collections of APIs usually called "toolkits," and two different sets of tools that support the same API specifications are interchangeable to programmers, which is the basis for compatibility and interoperability claims. Microsoft's .NET API specifications are the basis for an open source Linux equivalent middleware package now supported by Microsoft, for example.
The internet is currently the primary driver for APIs, and companies like Facebook, Google and Yahoo publish APIs to encourage developers to build on their capabilities. These APIs have given us everything from new internet features that browse the sites of other services, to mobile device apps that offer easy access to web resources.
New features, such as content delivery, augmented reality and novel applications of wearable technology, are created in large part though these APIs.
APIs trends in the cloud
Cloud computing introduces new capabilities in dividing software into reusable components, connecting components to requests and scaling the number of copies of software as demand changes.
These cloud capabilities have already begun to shift the focus of APIs from simple RPC-programmer-centric models to RESTful web-centric models, and even to what is called "functional programming" or "lambda models" of services that can be instantly scaled as needed in the cloud.
APIs as services
The trend to think of APIs as representing general resources has changed terminology. Whereas APIs are expected to be used as a general tool by many applications and users, they are said to be services, and will normally require more controlled development and deployment.
SOA and microservices are examples of service APIs. Services are the hottest trend in APIs, to the point where it's possible that all APIs in the future will be seen as representing services.
Like all software, APIs have to be tested. The purpose of testing is validation of the published APIs against the specifications, which users of those APIs will use in formatting their requests.
This testing is usually done as a part of application lifecycle management (ALM), both for the software that publishes the APIs and for all the software that uses them. APIs also have to be tested in their published form to ensure that they can be accessed properly.
API management is a step beyond what's normally associated with software development. It's the set of activities associated with publishing the API for use, making it possible for users to find it and its specifications and regulating access to the API based on owner-defined permissions or policies.