Skip to main content

API

An Application Programming Interface (API) enables different software systems to communicate and share data with each other. APIs are essential when your business data needs to be accessible from multiple applications - whether that's a mobile app, third-party integrations, or internal tools.

When Do You Need an API?

  • Mobile applications that need to sync with your backend
  • Third-party integrations with partners, vendors, or platforms
  • Microservices architecture where services communicate internally
  • Public developer platforms allowing others to build on your data
  • Single Page Applications (SPAs) that fetch data dynamically

API Architectural Styles

REST

REST (Representational State Transfer) is the most common API style. It uses standard HTTP methods (GET, POST, PUT, DELETE) and is:

  • Simple to understand and implement
  • Well-supported by all programming languages
  • Stateless and cacheable
  • Ideal for most CRUD operations

GraphQL

GraphQL is a query language that gives clients more control over what data they receive. Consider GraphQL when you need:

  • Complex data relationships with nested queries
  • Fine-grained access control at the field level
  • Reduced network requests by fetching multiple resources in one call
  • Flexibility for diverse client needs (mobile vs. web)

GraphQL adds complexity around security since clients can craft arbitrary queries, requiring careful rate limiting and query depth restrictions.

Data Formats

APIs typically return data in one of these formats:

FormatBest For
JSONWeb/mobile apps, modern APIs (most common)
XMLLegacy systems, SOAP services, enterprise integrations
CSVData exports, spreadsheet compatibility

Security

Production APIs should always implement:

  • Authentication - Verify who is making the request (API keys, OAuth, JWT)
  • Authorisation - Control what resources they can access
  • SSL/TLS - Encrypt data in transit
  • Rate limiting - Prevent abuse and ensure availability
tip

A website is technically just an API that returns HTML - but unlike most APIs, public web pages don't require authentication. Your API security requirements depend on the sensitivity of your data.

  • REST - RESTful API design principles
  • GraphQL - Query language for APIs
  • Authentication - Securing API access
  • Node.js - Popular runtime for building APIs
  • Python - Another common choice for API development