What is an API?

An API, which stands for application programming interface, is a set of protocols that enable
different software components to communicate and transfer data. Developers use APIs to bridge
the gaps between small, discrete chunks of code in order to create applications that are powerful,
resilient, secure, and able to meet user needs
APIs allow different software applications to communicate with each other, They are used to
retrieve data or perform actions, such as creating records or updating existing ones.

How do APIs work?

APIs work by sharing data between applications, systems, and devices. This happens through a
request and response cycle.
• The client initiates the requests via the APIs URI (Uniform Resource Identifier)
• The API makes a call to the server after receiving the request
• Then the server sends the response back to the API with the information
• Finally, the API transfers the data to the client
APIs are considered safe in terms of attacks as it includes authorization credentials and an API
gateway to limit access so as to minimize security threats. To provide additional security layers
to the data, HTTP headers, query string parameters, or cookies are used.

The different components of an API :

The API client is responsible for assembling requests in response to user actions and sending
them to the appropriate .
Endpoints are Uniform Resource Identifiers (URIs) that provide access to specific resources in a
database.

Four types of web APIs:

 1. Private API: This type of API is designed for internal use within an organization. It is not
available to the public and requires authentication to access.
2. Partner API: This type of API is shared externally, but only among those with a business
relationship with the API company. It requires specific rights or licenses to access and is
not available to the public.
3. Open/Public API: This type of API is available to any developer. It typically has relatively
low authentication and authorization measures and is often restricted in the assets it
shares.
4. Composite API: This type of API combines multiple data sources into a single API.

What is a REST API?

There are numerous types of APIs, making it difficult for new developers to differentiate between
each kind. In particular, Representational State Transfer (REST) is a software architectural style
that developers apply to web APIs. REST APIs provide simple, uniform interfaces because they
can be used to make data, content, algorithms, media, and other digital resources available
through web URLs. Essentially, REST APIs are the most common APIs used across the web today.

The following are the six REST design principles, also known as architectural
constraints :
1. Uniform interface: All API requests for the same resource should look the same, no
matter where the request comes from. The REST API should ensure that the same piece
of data, such as the name or email address of a user, belongs to only one uniform resource
identifier (URI). Resources shouldn’t be too large but should contain every piece of
information that the client might need.
2. Client-server decoupling: In REST API design, client and server applications must be
completely independent of each other. The only information the client application should
know is the URI of the requested resource; it can’t interact with the server application in
any other ways. Similarly, a server application shouldn’t modify the client application
other than passing it to the requested data via HTTP.
 3. Statelessness: REST APIs are stateless, meaning that each request needs to include all the
information necessary for processing it. In other words, REST APIs do not require any
server-side sessions. Server applications aren’t allowed to store any data related to a
client request.
4. Cacheability: When possible, resources should be cacheable on the client or server side.
Server responses also need to contain information about whether caching is allowed for
the delivered resource. The goal is to improve performance on the client side, while
increasing scalability on the server side.
5. Layered system architecture: In REST APIs, the calls and responses go through different
layers. As a rule of thumb, don’t assume that the client and server applications connect
directly to each other.
6. Code on demand (optional): This constraint allows clients to download and execute code
from servers.

REST API methods and request structure

Any REST request includes four essential parts: an HTTP method, an endpoint, headers, and a
body.
An HTTP method describes what is to be done with a resource. There are four basic methods also
named CRUD operations:
• POST to Create a resource,
• GET to Retrieve a resource,
• PUT to Update a resource, and
• DELETE to Delete a resource.
An endpoint contains a Uniform Resource Identifier (URI) indicating where and how to find the
resource on the Internet. The most common type of URI is a Unique Resource Location (URL),
serving as a complete web address.
Headers store information relevant to both the client and server. Mainly, headers provide
authentication data — such as an API key, the name or IP address of the computer where the
server is installed, and the information about the response format.
A body is used to convey additional information to the server. For instance, it may be a piece of
data you want to add or replace.

REST response structure

In response, the server sends not the sought-for resource itself, but its representation — a
machine-readable description of its current state. The same resource can be represented in
different formats, but the most popular ones are XML and JSON.
Whenever relevant, a server includes in the response hyperlinks or hypermedia that links to
other related resources. This way, the server gives instructions on what the client can do next
and what further requests it can make.

Key differences between API and REST API:

1. Stateless vs Stateful: RESTful APIs are stateless, while traditional APIs can be stateful.
2. Methods/Protocol: RESTful APIs use HTTP and provide an interface for clients to interact
with the service, while traditional APIs can use a variety of protocols.
3. Operations type: RESTful APIs use CRUD (Create, Read, Update, Delete) operations, while
traditional APIs can use PUT, POST, DELETE methods.
4. Integrations: RESTful APIs can be integrated with any kind of server over HTTP, while
traditional APIs are limited to client-server based applications.