APIs (application programming interfaces) have a couple of different forms. API designers can decide which one to use from a range of protocols and standards when creating a new API, depending on the type of API they are creating, and its purpose. This article takes a look at a few important API types and protocols, including REST API protocols.
Now Let’s talk about what are the different types of API:
Web APIs
Web APIs are APIs that can be accessed using the HTTP protocol. The API defines endpoints, and valid request and response formats. Web APIs include the APIs used to communicate with the browser. There may be services such as web notifications and web storage. Different web APIs feature varying levels of security and privacy, including open, internal, and partner APIs. Multiple web APIs can be combined into a composite API – a collection of data or service APIs such as quotes API, holidays API, and many more.
Open APIs
Open APIs, also known as external or public APIs, are available to everyone, with minimal restrictions, in case there are any. They may require registration, and the use of an API key, or maybe completely open. They are intended for external users (developers at other companies, for example) to access data or services. As an example, take a look at the provided by the UK government. Any developer can access it, without even registering, allowing app builders to include governmental data on restaurant standards in their apps.
Internal APIs
In contrast, internal APIs are designated to be hidden and inaccessible from external users open APIs. They are used within a company in order to share resources. They allow different teams or sections of a business to consume each other’s tools, data, and programs. Using internal APIs has several advantages over conventional integration techniques, including security and access control, an audit trail of system access, and a standard interface for connecting multiple services.
Partner APIs
Partner APIs are technically similar to open APIs, but they feature restricted access, which means they are meant to be open but only to a selected party, often controlled through a third-party API gateway. They are usually intended for a specific purpose, such as providing access to a paid-for service. This is a very common pattern in software as a service ecosystem.
Composite APIs
Composite APIs allow developers to access several endpoints at the same call. These could be different endpoints of a single API, or they could be multiple services or data sources. Composite APIs are especially useful in microservice architectures, where a user may need information from several services to perform a single task. Using composite APIs can reduce server load and improve application performance, as one call can return all the data a user needs.
API architectures
Rest
REST (representational state transfer) is a very popular web API architecture. To be a REST API, an API must adhere to certain architectural constraints, or principles, including:
-
- Client-server architecture: the interface is separated from the backend and data storage. This allows for flexibility, and for different components to evolve independent of each other.
- Statelessness: no client context is stored on the server between requests.
- Cacheability: clients can cache responses, so a REST API response must explicitly state whether it can be cached or not.
- Layered system: the API will work whether it is communicating directly with a server, or through an intermediary such as a load balancer.
RPC
The RPC (Remote Procedural Call) protocol is the most straightforward of the three architectures. Unlike REST and SOAP which facilitate the transfer of data, RPC APIs invoke processes. In other words, they execute scripts on a server.
Things like SaaS microcopy are a perfect example of an RPC protocol.
RPC APIs may employ either JSON (a JSON-RPC protocol) or XML (an XML-RPC protocol) in their calls. XML is more secure and more accommodating than JSON, but these two protocols are otherwise similar. Though the RPC protocol is strict, it’s a relatively simple and easy way to execute code on remote networks.
RPC APIs are limited in their security and capabilities, so you likely won’t see them as often as REST or SOAP APIs on the web. However, it can be used for internal systems for making basic process requests, especially many at once.
SOAP
SOAP (simple object access protocol) is an established web API protocol. It is intended to be extensible, neutral (able to operate over a range of communication protocols, including HTTP, SMTP, TCP and more), and independent (it allows for any programming style) The SOAP specification includes:
-
- The processing model: how to process a SOAP message.
- Extensibility model: SOAP features and modules.
- Protocol binding rules: how to use SOAP with an underlying protocol, such as HTTP.
- Message construct: how to structure a SOAP message.