Web APIs - A non-technical attempt at explanation

Source: http://www.gruenderszene.de/allgemein/web-apis-ein-nicht-technischer-erklarungsversuch


APIs as the cornerstone of software development

APIs are the cornerstone of software development and, at the latest since the advent of Web 2.0, have also become familiar to many non-technical people. But that is where it often stops. What is really behind the term? What exactly are APIs, and what is their meaning on the Web? This article is a practical attempt to explain and summarize for all uninitiated people, so that they can confidently participate in future discussions and decisions.

While most people still know that the abbreviation "API" stands for "Application Programming Interface", non-technical people are often in the dark. This fact, as well as the inflationary and incorrect use of the term over the last few years, may be the reason why it has grown into a real buzzword.

Web APIs have been praised as a panacea and secret weapon of every website, and at Web 2.0 weddings were even considered one of those points on the business plan that could increase the company's valuation by a few significant percentages.

Now that this initial euphoria has subsided somewhat, we will now clear up the rumors and legends, point out the real opportunities and risks and provide some insight into the thicket of APIs.

Sense and purpose of Web APIs

Although we will learn to differentiate between different types of APIs below, they all have one thing in common: they are used to exchange and process data and content between different websites, programs and providers, thus enabling third parties to access previously closed data pools and user groups. The shared use of this content can thus create completely new services (such as desktop clients), added value (such as mash-ups) or even entire ecosystems - such as application stores.


As the term already indicates, APIs are basically interfaces. An interface enables communication and interaction between two systems. Almost everything in our world consists of interfaces: Plug and socket serve as an interface to transfer power, keyboard and finger when using a computer to transfer thoughts into digital characters.

The computer world is also teeming with interfaces and APIs - they have always been the cornerstone of operating systems and programs. However, when people talk about APIs in Internet circles, they usually mean so-called web service APIs or web APIs, i.e. interfaces for and from websites and web applications. Although this article will focus on Web APIs, most of the general facts are also common to traditional APIs.

User Interface vs. Application Programming Interface

In websites and programs, the visual interface, the so-called (Graphical) User Interface or frontend, serves as an interface between the user and the underlying software logic, the backend. The user interface receives data from the user, forwards it to the software for processing, and then returns the result to the user. The term "user interface" is not only widely used and known among technicians - it is the general term for the face and the surface of a software. It is designed in detail, implemented on the web using technologies such as HTML, CSS or Flash and optimized for usability. Every website displayed in a browser is first of all a user interface through which the user interacts with the actual software.

The equivalent of the human-optimized (human-readable) user interface is now the (machine-readable) Application Programming Interfaces tailored for software, which basically enable a more clearly abstracted and structured access to the functions of the backend. In addition, data can be exchanged in a particularly easily processable and reduced form.

API-Design and Standards

All this also means: Just as we design and create the design of a website, an API must also be conceived and designed. And since the interface must ultimately be implemented and tested by a human (a programmer) first, we ideally also need to include documentation that is understandable to humans (or at least programmers).

Especially the three latter aspects are already defined and standardized by a handful of established standards, so-called protocols, from which API designers should choose.

To standardize the general structure, there are protocols such as SOAP, XML-RPC or REST, which specify the structure - from left to right - from strict to less strict, depending on your choice. So while SOAP is a very complex standard, the simpler REST offers more design freedom. For this reason SOAP is considered a standard in the enterprise environment, while REST dominates the market for public Web APIs.

Finally, for the data format, standards such as XML or JSON are usually used. To draw the comparison to websites again: They ultimately represent the API equivalent of HTML.

On the differentiation of Web APIs

After the basics are clarified, it is useful to distinguish between different forms of Web APIs to better understand the underlying aspects. In this article we distinguish between four different types of Web APIs:

  • Internal APIs
  • External APIs
  • Plattform APIs
  • Authentication and Authorization APIs

Internal APIs

Strictly speaking, almost everything in the world of software development is an internal API. The clearer the differentiation of code from other modules, the more likely it is to be called a real interface. Internal APIs are part of the good tone of professional software development and are used to differentiate components and modules of the software from each other on the one hand and to connect them again on the other hand. This increases modularity and thus reduces the overall complexity.

So-called Service-Orientated Architectures (SOA) go particularly far by breaking down the overall system into as many individual, independent sub-systems (services) as possible, which communicate with each other, for example, via web service APIs.

Good examples of pronounced modularization outside the software industry can be found in the automotive and PC industries, for example, which are rewarded with a wide range of work-sharing, outsourcing and combination options.

External APIs

When we talk about APIs in general, we usually mean external APIs. In the same way as certain functions are presented to the user via the user interface, these and other functions can also be executed via an external API. This is particularly interesting for processing content and developing mash-ups. A typical example is sending tweets via desktop applications like TweetDeck, where the external Twitter API is used.

Well-known examples of external Web APIs besides Twitter are also those of Flickr or YouTube. With these APIs, the content of websites can be read, added or changed automatically, which is reflected in the countless freely available tools today.

Plattform APIs – e.g. Facebook, OpenSocial

Platform APIs provide interfaces for integration with another website or platform. This allows third parties to develop applications or plug-ins and run them within the platform. In particular, a platform API offers functions with which the user interface of a developed application can be integrated into the user interface of the platform, but also certain functions for accessing user data (for example, the name of the logged-in user or that of his friends) or other central functions of the platform.

Well-known examples from the web world are the API of Facebook or the OpenSocial standard for platform APIs. Such websites are also called "platform enabled websites". But also iPhone, Android, Windows, Linux or Mac applications are only possible by opening platform APIs.

Authentication and authorization APIs 

There is also a special type of Web APIs that are becoming increasingly important: Interfaces for authentication (identification) and authorization (granting access rights) of users.

Well-known examples of authentication are Facebook Connect, Google FriendConnect or the OpenID standard, which save you the trouble of building up your own user pool by allowing users to log in via other platforms. This is then also called Single Sign-On.

In the area of authorization, the OAuth standard has established itself, which allows users to determine whether their data is accessible to third parties via APIs (for example, whether an external application may post tweets in their name).


APIs have become an integral part of today's web world. The increasing openness towards third party providers is one of the most exciting developments on the Web, and will weave platforms and content together to form an even denser web. The effective development and use of APIs is also creating its own ecosystem: For example, vendors like Apigee offer extensive analysis and control functions for their own Web APIs.