What is an API?
Your business network and/or personal devices have different applications. Most of them need to communicate with one other in order to exchange data and function normally. This is made possible by an API.
What is an API used for?
An application programming interface (API) enables several applications and services to exchange data.
It has features that enable users to request access to services from one application to another, via a programming language. This technology greatly simplifies application development. By exchanging data, the applications will have the hardware they need to function properly. Their use has become essential in the last decade. Without them, many websites and web applications would not exist.
Why use an API?
The main advantage of an API is that it saves time. A developer does not need to know how the API is deployed or implemented — they simply use the interface as a communication channel between several applications or software programs.
APIs offer the following advantages:
- They simplify processes. You can access application data from a single interface.
- Increased application accuracy and additional application features. For example, you can connect a geolocation service to your electric bike rental application, to find the closest one to you.
- Enhanced in-transit data security, including tokens, electronic signatures, and Transport Layer Security (TLS) encryption.
What are the different API types?
APIs are defined differently depending on their accessibility, usage, and how a developer uses them. However, there are four main API families.
- An internal or private API is the preferred form in a company’s internal networks. For example, it can be used to connect warehouse management software to an ERP. Since it is not exposed to the public, generally it is not highly secure. However, the situation is changing: in-house protection for IT tools extends to all the software used.
- External or public APIs are open to everyone. They can be used by any third-party developer. Warning: Even if its name is ‘Open API’, it is not always linked to an open-source technology. Its main advantage is that it offers access to a wide range of programming languages, so your services are easy to connect to one another. The security measures of a public API are, by definition, restricted. This implies that a company must think about the exposure of its data if it wants to use it.
- A partner API is similar to an internal API, which enables access rights to be granted to selected developers or external providers. For example, if a company uses a web agency for their website, they can provide the agency with specific credentials and permissions.
- A composite API is more complex. It usually has several programming interfaces for specific uses. It is often used as a solution for managing other connected APIs.
How does an API work?
An API has a structure and rules that enable applications and software to communicate effectively. It works between the application and the web server, and acts as an intermediate data transfer channel between systems.
The action taken is usually as follows:
- An application or software program makes a request. This will then be sent to the web server via the Uniform Resource Identifier (URI).
- After validating this request, the API transfers it to the web server (or to the external program if applicable).
- The web server then sends its response to the API.
- The API finally returns the received information to the application that requested it.
Please note that the type of data transferred may depend on the web service used. However, requests and responses are always sent by the API. Its design also enables it to be used by a human being or a computer, which makes it flexible.
You can add security steps in this process. Given the API’s role as an intermediate channel, this is the perfect step to define authentication. For example, you can add passwords, HTTPS header checks, cookies, and more. This measure should be used when handling sensitive data such as banking, administrative or private data.
What is an API gateway?
It is a tool you can use to manage various APIs. Most internal or private APIs use it for security and performance reasons. As explained above, an API receives a request and sends a response — but this use case involves something much more complex.
For an organisation, it is important to include security, monitoring, and/or restriction settings where appropriate. If it has several microservices, there can be a very high number of requests to manage simultaneously — and this is where an API gateway can be a strong asset. It will give you better control over the flow of data between your APIs, and also between APIs and services.
The history of API protocols
Since APIs have become more widely used over the past 10 years, they have been adapted to suit the latest applications. Different protocols have been created to respond to these developments.
- SOAP (Simple Object Access Protocol) is an XML-based protocol. Its purpose is to facilitate the transfer of information between applications and software operating in different programming languages and environments. This is made possible via SMTP and HTTP protocols. It is also the oldest API protocol.
- XML-RPC is a protocol that relies on a specific type of XML format. It was developed after SOAP, but is known for being simpler and more bandwidth efficient.
- JSON-RPC is similar to XML-RPC in terms of how it works. However, it is based on JSON text format rather than XML. It is known for being basic, and allows only one response to complex requests.
- REST can be better described as a set of rules on an API’s architecture, rather than a real protocol. For an API to be RESTful, it must meet a set of pre-defined criteria. The purpose of this “API specification” is to facilitate the creation and integration of applications.
The majority of APIs currently online are REST APIs. These rules have made APIs lighter and easier to use. They are particularly well-adapted to IoT (Internet of Things) and mobile applications.
L’utilisation de l’API s’est démocratisée au cours des 10 dernières années. Son fonctionnement s’est, de ce fait, adapté aux applications les plus récentes. Différents protocoles ont été créés pour répondre à ces évolutions.
- SOAP (Simple Object Access Protocol) est un protocole qui repose sur du XML. Son but est de faciliter le transfert d’informations entre applications et logiciels fonctionnant dans des langages et des environnements différents. Cela est notamment rendu possible via des protocoles SMTP et HTTP. Il s’agit du protocole d’API le plus ancien.
- XML-RPC est un protocole qui repose sur un type précis de format XML. Il a été développé après SOAP, mais est reconnu comme plus simple et plus économe en bande passante.
- JSON-RPC est similaire au protocole XML-RPC dans son fonctionnement. Il repose toutefois sur le format de texte JSON plutôt que sur du XML. Il est réputé simple et permet de ne transmettre qu’une réponse à des requêtes complexes.
- REST constitue davantage un ensemble de règles sur l’architecture d’une API qu’un réel protocole. Pour qu’une API soit REST — on parle alors de RESTful API — elle doit respecter un ensemble de critères prédéfinis. Le but de ce « cahier des charges d’une API » est de faciliter la création et l’intégration d’applications.
La majorité des API présentes en ligne à l’heure actuelle sont des API REST. Ces règles ont permis de créer des API plus légères et plus simples d’utilisation. Elles sont particulièrement adaptées à l’IoT (Internet des objets ou Internet of Things en anglais) et les applications mobiles.
SOAP API and REST API
It is important to remember that these are two different elements. First, SOAP is a protocol, while REST is an architecture — and although they are both designed to make APIs easier to create, they are not subject to the same rules.
By developing creation standards, they allowed developers to simplify the exchange and use of APIs. When APIs became more commonly used, SOAP aimed to create a standard for requests and message formats, to facilitate data exchange. This allowed for better communication between applications across a range of different programming languages and environments.
REST is based on 6 main principles for API creation. These are easier to follow than a restrictive protocol — and this is, in part, why most APIs are now essentially RESTful.
APIs at OVHcloud
To give you as much flexibility as possible, all of our services are compatible with an API — so you can easily connect them to one another.
You can use the OVHcloud API to create your web projects. Like all of our solutions, this tool is fully secure and respects the privacy of your personal data.
With our API, you can:
- Manage your OVHcloud solutions (administration, updates, monitoring).
- Create and perfect your own applications.
- Automate certain tasks, and optimise your features.
Need help? Please refer to our guide on getting started with our API.