What is an API? In brief
How does an API work?
An API follows a request–response pattern: the client (browser, app, another server) sends a request to a defined endpoint. The server processes the request and returns a response—usually JSON. The API defines which endpoints exist, which parameters are allowed, and what shape the response has. APIs run over HTTP(S) and use status codes for feedback (e.g. 200 OK, 201 Created, 400 Bad Request, 401 Unauthorized, 404 Not Found, 500 Server Error).
- Endpoints:Every API has URLs (endpoints), e.g.
/api/usersor/api/products. The client calls those URLs and receives data back. - Authentication:Many APIs require an API key, JWT, or OAuth to grant access. Public APIs may work without authentication.
- Versioning:APIs evolve—versioning (e.g.
/api/v1/users) enables backward compatibility. Older clients keep working; newer ones use extended endpoints. - Documentation:Good APIs are documented—endpoints, parameters, examples. Tools like OpenAPI (Swagger) or GraphQL Playground make development easier.
REST API
REST (Representational State Transfer) is an architectural style for web APIs. Each resource (e.g. user data, products, orders) has its own URL. The HTTP method defines the action: GET (read), POST (create), PUT/PATCH (update), DELETE (delete). REST is widely adopted, easy to understand, and works well with caching, proxies, and CDNs.
- Resource-oriented:URLs represent resources—
/users/123for a user,/ordersfor orders. Nested resources:/users/123/orders. - Stateless:Each request contains everything needed. The server does not store session state between requests—scaling and caching become simpler.
- JSON:REST APIs usually return JSON. XML is an alternative. Content-Type and Accept headers control the format.
GraphQL
GraphQL is a query language and specification for APIs. Unlike REST, there is typically a single endpoint. The client sends a query and requests exactly the fields it needs—avoiding overfetching (too much data) and underfetching (multiple round trips). GraphQL fits well for complex data structures and flexible client needs.
- Schema:GraphQL defines a type system—which objects, fields, and relationships exist. The client knows the structure and can query precisely.
- Queries, mutations, subscriptions:Queries read data, mutations change data, subscriptions enable real-time updates—all via one endpoint.
- Introspection:GraphQL APIs can describe themselves—tools like GraphQL Playground or Apollo Studio support exploratory testing.
REST vs. GraphQL—when to use what
Both approaches have strengths. REST is widespread, easy to learn, and supported by many tools. GraphQL offers more flexibility in data fetching and reduces round trips. The choice depends on the project.
- Choose REST when:Simple CRUD, established infrastructure (caching, CDN), many clients with similar needs. Many CMS and e-commerce systems expose REST APIs.
- Choose GraphQL when:Complex nested data, many clients with different data needs, real-time features (subscriptions). Headless CMS and modern mobile apps often use GraphQL.
- Hybrid:Some systems offer both—REST for simple cases, GraphQL for complex queries.
APIs in practice
APIs connect systems: websites fetch content from a backend; mobile apps use the same API as the web app. External services—payments, email, maps—offer APIs for integration. Modern architectures separate frontend and backend; the API is the bridge.
- Internal APIs:Communication between your own systems—e.g. frontend and backend of a web app. Often not public.
- External APIs:Public or partner-specific interfaces—e.g. Stripe for payments, Google Maps, weather services. Often require API keys and rate limits.
- Headless:A backend (e.g. headless CMS) only delivers data via API; the frontend (web, app, IoT) decides how to present it.
APIs—summary
APIs are the backbone of modern applications—they connect frontend and backend, enable integration with external services, and support cross-platform architectures. REST and GraphQL are the leading approaches; the choice depends on project, data model, and team experience.
IVIS MEDIA develops APIs for websites, web apps, and cross-platform applications—from REST and GraphQL to integration with existing systems. More about web development.
Frequently asked questions about APIs
What is an API?
An API (Application Programming Interface) is an interface through which software components communicate. Web APIs let frontends, apps, or external services fetch or send data from a backend. REST and GraphQL are common API styles for web applications.
What is the difference between REST and GraphQL?
REST uses HTTP methods and fixed endpoints—each URL returns a defined resource. GraphQL uses one endpoint—the client requests exactly the fields it needs. REST is established and simple; GraphQL is more flexible for complex data structures and reduces overfetching.
When REST, when GraphQL?
REST: simple CRUD, established infrastructure, many clients with similar needs. GraphQL: complex nested data, different client needs, real-time features. The choice depends on the project and data model.
Why do APIs usually return JSON?
JSON (JavaScript Object Notation) is lightweight, human-readable, and supported by all common programming languages. XML used to be common; JSON has become the default for web APIs. GraphQL also uses JSON for requests and responses.
How do you secure an API?
HTTPS, authentication (API key, JWT, OAuth), authorization (per-endpoint permissions), rate limiting to prevent abuse, input validation, CORS configuration. Never expose sensitive data without protection.
What is OpenAPI (Swagger)?
OpenAPI (formerly Swagger Specification) is a standard for describing REST APIs. From an OpenAPI spec you can generate documentation, client code, and tests. Swagger UI and related tools visualize and test APIs—many frameworks support OpenAPI natively.