by Ryan Ozawa
Article filed in
What is an API?
by Ryan Ozawa
The term API is sprinkled liberally across the technology sector, an acronym that turns up in daily conversation among software developers. An API is undoubtedly an important tool for programmers, but what do APIs do for the rest of us?
What does API stand for?
As acronyms go, API is relatively straightforward. It stands for Application Programming Interface. An “interface” in this context is simply a point of interaction between two things, and those things relate to the programming, or coding, of applications (also known as apps).
Just as a dashboard, or even a steering wheel, is an interface between a driver and an automobile, an API is an interface between different pieces of software.
When browsing the web, people are used to web interfaces (a type of User Interface, or UI). Commonly described as web design, a good interface makes it easy for people to navigate and find the information they want quickly.
An API is a software-to-software interface, not a user interface. It is how programs and apps talk to each other, even when they’re built by different people or companies. A good API, like a good web interface, is similarly easy to understand and navigate. It makes translating and using information efficient and secure.
How does an API work?
An API is more than just a connecting point. An API typically involves a standard library of requests and responses, a kind of instruction manual that explains how it works.
One piece of software can send a request, or “call,” to another via an API. The other system will then fulfill that request with a “payload,” or the requested bundle of information organized in a specific format.
In order for the request to be fulfilled, however, the “call” needs to be formatted in a specific way. And ideally, the API will be both secure (through the use of encryption) and require authentication (with a password or key).
Take, for example, a map app on your smartphone. When you tell the app to use your location, the app uses an API to send your geolocation coordinates over your data connection to the map server. The server responds by sending back images of the area surrounding your location to display on your screen.
“Your phone’s data is never fully exposed to the server, and likewise the server is never fully exposed to your phone,” explains Red Hat. ” Instead, each communicates with small packets of data, sharing only that which is necessary.”
Why do companies provide an API?
If humans can get to information themselves using a web interface, why do we need APIs for computers to talk to each other?
The simple answer is scale. If you’re looking for the menu of your favorite restaurant down the street, the restaurant’s simple website will suffice. But if you want to provide detailed road maps to tens of millions of people who are using different computers and smartphones every minute of the day, it becomes impractical to provide everything to everybody.
An efficient API provides only very basic data ingredients to more robust applications installed on your computer or phone, where the full recipe can be prepared and served in an appealing package.
And APIs aren’t just for tech companies.
“API sharing applies to all businesses—not just those that are web-based, but rather anyone who has a web-based tool or component of their organization,” explains Hubspot. “Obviously, this concept could cause hurdles for some organizations, especially from the legal department. It’s up to you to find out which APIs are most valuable and how you can lawfully and sustainably use them.”
Are APIs secure?
Although APIs are not designed to be handled directly by humans and require the use of specific commands and code, they are not automatically secure nor more secure than other interfaces.
“Because they’re often available over public networks, APIs are typically well documented or easily reverse-engineered,” explains Ping Identity. “Also highly sensitive to denial of service (DDOS) type incidents, APIs are attractive targets for bad actors.”
The Paubox Email API
Paubox offers HIPAA compliant email that’s easy to implement and use. Covered entities with more sophisticated technology solutions can take advantage of the Paubox Email API as well. Our HITRUST certified solution allows software developers to quickly integrate a secure, seamless email product into their existing applications to work on any device. Patients receive encrypted emails directly to their inboxes—no passwords or portals required.
Easy to implement with clear documentation, a developer’s experience is as seamless as the email recipient’s.