An Application Programming Interface, also known as API, allows external developers to remotely interact with your local data. Providing an API platform to your system, allows third-party applications to interact in a controlled and secured environment. An API contains methods that can be public for everyone or restricted and only accessible through authentication for specific roles. These methods allow developers to not only request and view the available data in your system but also modify it according to the defined rules. This eliminates the need to access directly to the local database or other internal systems, which could be the source of many security breaches.
An API allows complete control of the data that should be viewed, modified or deleted. The main advantage on having an external API is that by allowing other third party applications to access your data, your system is now providing new channels that can lead to new business opportunities, even in different platforms, which in consequence, will directly have an impact on the growth of your application.
A brief history of the Client/Server Architecture protocol
Before REST, the most popular API being used was SOAP, Simple Object Access Protocol. SOAP was a standard communication XML-Based protocol that allowed sending and receiving data through Web Services. From the developer’s point of view, this was not simple to work with. Both developing and consuming the Web Services were complex and non-intuitive tasks. There were other alternatives to SOAP, like CORBA, but they didn’t solve the main disadvantage at the time - the complexity.
REST, Representational State Transfer, created in 2000, solved a lot of this complexity issues but also bought a new set of features, one of the most notable being the standardisation, which allowed any server to communicate with any other server, independently of the technology being used. This allowed communication between applications created in different platforms and programming languages.
REST is the most commonly API being used today. APIs such as Vimeo or Google are examples of Web APIs that adopted this standard. We can also see REST implemented in other areas such as e-commerce, where most payment providers like Worldpay, Sagepay and even Paypal are using it, an area where security is one of the most important requirements.
A practical example of how to consume a REST Service
REST is based on a set of already available HTTP Verbs, the most common being GET, POST, PUT, DELETE, PATCH, DELETE. One of the most used verbs, when browsing a website is the GET method, which is used to retrieve most of the site resources. Another very common method that is used when the user submits data in a form is the POST Method, which basically posts the data to the server.
The Vimeo API is a good example of a REST API implementation. It allows the Developer to interact with multiple Endpoints that manage all the relevant entities of the Vimeo system, for example, it allows them to interact with entities like Videos, Albums, Categories, Channels, Video Comments and many others.
As a practical example, let’s say we want to show a list of videos of a specific channel on our website. Assuming that the authentication to the API has already been done, we would need to call the GET Method to the following endpoint:
Method: GET
Endpoint: https://api.vimeo.com/channels/{channel_id}/videos
Description: This endpoint is called using the GET Method and it requires the ID of the channel that we wish to retrieve the videos.
Another very simple example would be to delete a specific video that was no longer wanted. To do this, we would need to call the DELETE Method of the following Endpoint:
Method: DELETE
Endpoint: https://api.vimeo.com/videos/{video_id}
Description: This endpoint is called using a DELETE Method and it requires the ID of the video that we wish to delete.
In my opinion, the main advantages of REST are the simplicity and the intuitive way that allows the Developer to interact with all the methods and entities on a remote system which he/she does not have much information about it. Even with this lack of information on how the system works from the inside, REST still allows the Developer to do everything he/she needs, eliminating most of the complexity that existed in previous protocols like SOAP. It also eliminates some of the difficulty that could exist if the Developer had to work locally and directly in the system. The mainstream acceptance of REST indicates that the future of the APIs will tend to favour simplicity from both the client and server perspective. However, simplicity limits the potential for growth. It will be interesting to learn how this growth will be achieved in the following years without compromising it.
- Cristiano, @wearegecko!