In the field of software development, the term API is often heard, but most beginner programmers are not very familiar with the nature of this term, in this regard, in this post, we intend to learn in detail about the nature and operation of API, but first of all, we need a We have an introduction.
Before the pervasiveness of computer systems in various industries, humans were considered to be the ones who were supposed to have the most interaction with computer software, so that regardless of what the software was doing, from editing images to sending emails, etc. Man was the center of attention as the entity that was supposed to work with the said software, so that he interacted with the software through the User Interface or UI for short (just as, for example, today, through the user interface of the desktop environment of the operating system, various tasks are performed we give.)
With the passage of time and the advancement of technology, this need was felt so that instead of human interaction with software, the software itself could interact with each other without human intervention, and this was despite the fact that a computer system, unlike humans, did not have eyes and ears to see. The user interface can, for example, click on a certain button to get the desired data, in addition to the fact that a software, like humans, did not need to have a beautiful and user-friendly user interface (UI) to communicate with another software, and this is where the concept of API came into being. Formed.
What is Application Programming Interface?
API stands for Application Programming Interface, which can literally be translated as “software programming interface”. In short, an API is like a UI, except that instead of humans, a computer system is supposed to interact with it. In fact, since the word Interface can be translated as “interface” in Farsi, it can be said that API is an interface between two software or applications (it is necessary to explain that in this discussion words such as software, application, system, etc. .. can be used interchangeably and do not have a specific semantic difference.)
A real world example to better understand the API concept
To better understand this issue, let’s consider something like electricity in such a way that electricity can be considered as a service that is provided to us through an electrical outlet rather than powering a laptop, a fan, a vacuum cleaner and anything that is needed for work. need to provide electricity.
If we want to make an analogy in this regard, a service like Elektriste is like the same service that a software company like Google provides us; For example, it allows us to access Google Maps data. Now, the mobile application that we have designed has the same role as a laptop, fan or vacuum cleaner, which in the previous example needed electricity to work, but in this area, this application needs Google Map data to work.
In fact, considering a series of standards in electrical outlets makes the consumer (who is not a human being here, but devices such as laptops, fans and vacuum cleaners) provide his own electricity without any worries. In general, among the advantages of this standard, the following can be mentioned:
– Manufacturers of household appliances only focus on the design of the products themselves and have nothing to do with the issues related to power supply.
– The electrical device can be easily connected to different electrical sockets.
– If we take an electrical device from Iran to England, simply by using a conversion, we can use the 110 volt power source of that country and there is no need to change the electrical device.
– The electric device does not know at all whether the electric power is produced by oil or solar energy, it is only a consumer.
– An electrical device does not need to know in what form the electrical energy has reached it.
Also, the power outlet does not make any difference to him whether a laptop or a fan is connected, but it only has the task of providing electricity.
Now, as in order to turn on the laptop, we need to insert the plug of the adapter into the outlet, and there is no need to explain that the dimensions of the outlet and the plug follow a specific standard in order to be able to pair with each other (for example, the power outlet has two inputs and the plug has It has two rods, it also provides a 220V power outlet and the device expects 220V power to enter it, not 110V), we also need to connect our mobile application with Google service so that, for example, we can use Googlemap inside our app. We have such a port called API, which, like a plug and socket, our mobile application and the Google Map service must follow a series of standards to communicate with each other, otherwise such a connection will never be formed.
Just as the electricity of our home electrical appliances is supplied by the electricity distribution network, various applications also need the Internet to access the data they need.
What is meant by Layer of Abstraction?
To clarify this modification, we will first give an example of the API of the Windows operating system. Suppose we are a developer who plans to write a desktop software for the Windows operating system, which does not need to be explained. One of the parts of the software is its user interface (UI) which is exposed to the user through different windows.
Let’s assume that the Microsoft company did not offer a dedicated Windows API for developers interested in developing software for this operating system, in such an environment, every developer would be forced to
and to design windows according to his own taste, and this issue would lead to the loss of the apparent integrity between different software, but this is while Windows has something called Windowing API, which is an SDK that has the task to It handles all the issues related to the appearance of a window, such as the close button, resizing the window, etc., and developers only need to specify things such as the initial size, title, and contents inside the window, and leave the rest of the settings to the API (in You will get to know the concept of SDK further.)
Such an event is called the Layer of Abstraction, so that the Windowing API of the Windows operating system is an abstraction layer that is placed between the developer and the operating system so that the developer does not get involved in technical issues, thousands of lines of code that are needed to create a simple window, etc. and implement your needs with just a few lines of simple code (in the example of electricity supply, there is exactly this abstract layer in such a way that we, as humans, only deal with the electrical outlet and what happens inside the outlet, the phase wires and What color the zeros are, how the energy comes from the electrical post to the meter head, and… has nothing to do with us.)
Now that we are familiar with the concept of Layer of Abstraction, there is no need to explain that if the Ministry of Energy changes the infrastructure, instead of the electricity coming from the dam, it will introduce the electricity from the combined cycle power plants into the electricity transmission network or the equipment placed inside the substations. Renovate electricity transmission and such works, as long as the energy needed by homes is provided, all these changes will not make any difference to the consumer.
In the field of software development, let’s say that the service that we, as a developer, used to use the related API with Java language was on Amazon’s AWS servers, but the said company decides to rewrite it with Node.js and offer it on Microsoft’s Azure servers. In such a situation, as long as the so-called Endpoint related to that API does not change, it will not make any difference for developers.
In the same way, API provider services such as Google or Facebook can easily upgrade their servers as long as they do not change their standards and do not disrupt the work of developers who previously used their services. physically change their data centers, switch between different cloud services, etc.
For example, suppose there is an application named “A” whose developer has made it possible for other developers to use its API. Now let’s assume that we have written an application under the title “B” while the application “A” in a certain framework allows the application “B” to use the facilities it has (by visiting the ProgrammableWeb site, you can see a comprehensive list of APIs). Get various services offered by prominent companies such as Google, Facebook, Twitter, etc.) At the same time, while using API, a series of standards must be considered, some of the most important of which are:
– The data exchanged through the API is structured: in other words, the request from software “B” is made in the framework of a standard format that is already defined by the developers of software “A”.
– The result of interacting with the API is predictable: in fact, the requests that are sent to the “A” software must be in a specific framework, and therefore the response to such requests will always be clear and predictable.
Familiarity with API types
Considering that API is a mechanism through which the system interacts with the system instead of the user interacting with the system, different categories for APIs can be considered, which are:
– Hardware API: when, for example, we put a lot of pressure on our system by running a professional game, we see that the system fan starts spinning fast, and this is because the CPU is under more pressure than usual and has become hot. And it should be cool that this mechanism is done through communication between hardware APIs.
Operating System API: Previously, we explained how the API related to an operating system such as Windows works in the form of a desktop software development example.
– API of programming languages: a language like Java has a main core that includes the syntax of this language, how to create variables, data types, etc., but in addition to them, hundreds of different classes have been provided by the developers of this language, which are known as Java API. Additional features make this language available to developers.
– Software Development Kits: Software Development Kit or SDK for short is a type of APIs that are offered by various companies such as Google, Facebook, etc., so that developers can develop software using these kits, including Android SDK can be mentioned.
– Web API (web service): This type of API is one of the most common and practical types of API, and we will continue to focus on this category. Web API is any protocol that enables interaction between different applications through the Internet and the Web, and is therefore also called a Web Service (a web application that provides its content through several different APIs slow is called mashup.) when pie APIs under When it comes to the web, we must be familiar with the mechanism of the HTTP and HTTPS protocols, for which we recommend the free course How does the web work? refer to
Income on all kinds of web services
In general, web services can be categorized into GraphQL, SOAP, PRC, and one of the most famous ones currently, REST, which we will examine below.
– PRC: This term stands for Programmable Remote Client. This type of web service is offered in two types, XML-RPC and JSON-RPC, and as it is clear from their names, the first model supports XML format and the second model supports JSON (it is necessary to explain that this web service is used today Not much.)
– SOAP: This term stands for Simple Object Access Protocol, which is a protocol that determines the communication method, how to send requests, receive responses, and the format of responses. In other words, this type of API is a way through which systems can communicate with each other through a format that is understandable for both sides of the connection (usually banking portals support this format.)
– REST: This term, which stands for Representational State Transfer, is not a protocol, unlike the previous ones, but it is a type of architecture that is easier to use than others, and that is the reason why it has become widespread today. For more information, you can Refer to the RESTful API concept training and the article on how to use RESTful API in Python.
– GraphQL: It is a standard for API design and development that was developed as an open source by Facebook, which was actually designed in response to the criticisms of REST so that it can be used as a comprehensive and effective solution in API development. .
Remember that data can be exchanged in various forms through different web services, among the most important of which we can mention XML, JSON or HTML.
Division of APIs in terms of access level
In addition to the above divisions, Web API can be divided into different categories from the point of view of access level (permission), which are:
– Open APIs: These types of APIs, which are also called Public APIs, are provided to developers without any restrictions on the level of access for B2C use. To see a list of them, you can refer to the Public APIs link on GitHub.
– Partner APIs: This group of APIs is only available to so-called B2B and B2C businesses, and like the previous case (Open APIs), not every developer has access to them, and they are usually paid.
– Internal APIs: This group of APIs, also known as Private APIs, are designed only for internal use of a system. For example, the list of articles that is exposed to users on the left sidebar of Sekan Academy is created through a Private API that was developed only for use by the Sekan Academy site itself.
What is API Economy?
Making money by offering APIs is what is known as the API Economy. We said before that there are some APIs that are so-called public and therefore the supplying company cannot earn money from them directly, but on the other hand, there are some companies that earn money through the API supply of their own services. For example, up to 10,000 requests per month is free, but if, for example, we have designed an application that has a large number of users and consequently loads more on the servers of the company, we must purchase a premium service for this purpose.
API design
It should always be kept in mind that API design is a relatively difficult task that has complex and highly specialized steps. In order to have a general picture of the API design process, it should be said that APIs are generally made according to some patterns and standards so that all developers from around the world can use them without confusion, which is beyond the scope of this discussion.
API security
If everything is done correctly and carefully, providing an API is not a security risk for you, but there is no need to explain that the more ways you communicate with your servers, the more ways to break into it, and since some APIs are more vulnerable to others. They provide access to the service facilities, for example, interaction with the data stored on the database is also a part of them, and it is certainly highly sensitive, it can cause a lot of damage in case of unprincipled implementation, and there are several solutions to solve such problems.
Try to set up your API on a separate and different server from the database to which it is connected. Also, if you allow your users to add or edit information, prepare yourself to deal with any kind of Injection.
Another dangerous cyber attack is Distributed Denial of Service, or DDOS, which you need to observe the protection strategies to deal with these attacks.