What’s a API?

An API is an application programming interface. It is a set of rules that allow programs to talk to each other. The developer creates the API on the server and allows the client to talk to it.

The Anatomy Of A Request

  1. Endpoint
  2. Method
  3. Headers
  4. Body (Data)

Endpoint Consensus

Consider the following endpoints:

  • /user/id/user1
  • /user/?id=user1

API Versioning

API changes are inevitable, but endpoint URLs should never be invalidated when they’re being used internally and/or by third-party applications.


The Joke API shown above is open: any system can fetch a joke without authorization. This is not viable for APIs which access private data or permit update and delete requests.

  1. API keys. A third-party application is granted permission to use an API by issuing a key which may have specific rights or be restricted to a particular domain. The key is passed in every request in the HTTP header or on the querystring.
  2. OAuth. A token is obtained before any request can be made by sending a client ID and possibly a client secret to an OAuth server. The OAuth token is then sent with each API request until it expires.
  3. JSON Web Tokens (JWT). Digitally-signed authentication tokens are securely transmitted in both the request and response header.

Chamod Shehanka a FullStack Developer at Platformer and Writer at Noteworthy, Platformer and The Java Report