If you're a developer, you're all too familiar about APIs and how they function, but communicating what an API is, and how it functions to your project manager can often be challenging at the best of times.
APIs are used everywhere they're used to display the latest weather forecast, to make a hotel booking or to sign up to popular services such as YouTube.
Without APIs, the web simply wouldn't function.
In this blog post, I'm going to give you the API monitoring basics and why (as a project manager) you need to see the difference between a website as a service, and an API.
An API (Application Programming Interface) is simply a layer that sits between the web service (which is the website) and the back-end functionality that connects to your database.
APIs are used in many places on the internet, including our domain monitor website.
Here's a video, sourced from the MuleSoft Videos YouTube channel explaining in less than 5 minutes what an API is.
Now, let's take a look at how APIs work in detail.
Let's take a web application, such as a web page where you need to sign up for an account to book a hotel room.
When you load up the account creation page and input your details and click on a button such as "Create My Account", your data is sent to the server via an API call, to a specific URL in a format commonly known as JSON (although there are others such as XML)
The JSON format will contain key/value pairs, where the key of (for instance) the email input would be called: "email" and the value would be the value you parsed, such as: "[email protected]"
"name": "John Doe",
"email": "[email protected]",
After this data has been sent to the server via the API, the server will try and process the data and typically send back a JSON response to your browser, and the response might look something like…
"message": "Your account has been created successfully"
This data is then going to be visually displayed to you as the user in some pretty format, for instance in a green message box with the text displayed.
Typically, if there's an error with the account creation, rather than there being some kind of "success" message, there would be an error message.
This would then be displayed to the user in the form of a box that might be coloured red, with the text displayed.
If there's an error with the API, the person who's developed the API has likely built in some kind of error handling so that the API still technically displays that something has gone wrong.
But more often than not, from what I've read online, project managers typically believe that there's an error with the front-end, that's the web page the user has been shown.
This simply isn't the case, the website itself has handled the error correctly and is simply receiving the data that the API gives it, if there's an error with the front-end, this is probably also handled correctly by the developer, but would likely cause some kind of error with the page not loading for instance.
APIs are used all over the internet, from hotel booking systems, to the government website. Without an API, data wouldn't be able to easily transferred between a website and a server.
You'll be able to find APIs in use in places like shops, supermarkets, online on sites like YouTube and many other digital areas like this.
When it comes to API security and API performance, they need to be treated like keys to your house, kept safe and secure.
Although, some APIs are designed to be public, meaning fewer or more basic security measures are needed to reduce the risk of hackers attacking your API.
Here's a few ways in which you can keep an API secure whilst it's in use:
Rate limiting in simple terms is where your API is deactivated for a period of time if the number of requests that hit the API from a particular user or computer goes above a certain threshold.
For example, you might have 60 requests per minute enforced for a single user, or if there is no user as part of your application - their IP instead.
This means that if this person tries to make more than 60 requests within the space of a minute, we'll prevent them from accessing the APIs endpoint for a certain period of time, usually a few minutes.
Because an API transmits data to a server over a network, it's vital that when transmitting sensitive data such as passwords and/or bank details that your API has HTTPS (SSL) set up to protect the data being transferred.
Although HTTPS can be seen as the number one security measure to set up across websites and systems, it can often be overlooked by many companies.
If your API is developed to access private information, it might be worth getting some kind of authentication set up for the API endpoint to prevent people accessing data they're not supposed to.
There are usually two types of authentication that can be set up:
If we take a look at HTTP Basic Auth to start with, HTTP Basic Auth consists of sending what's known as a request header as part of the API request with a header containing the auth details.
In the case of basic auth, it'll be a username and password combined and then encoded into a Base64 string (we'll cover this in another topic)
In the case of JWT tokens, this is essentially a long string that's been encrypted with a secret key, and your password. Without knowing both of these pieces of information, you can't authenticate yourself as a particular user.
When it comes to figuring out whether to use an API or not, there's really only one answer…
And that's because APIs provide data in a timely fashion. An API allows you to make requests back and forth and at a relatively fast speed depending on what data you're trying to access, and mean that you can free up the front-end and allow a user to continue clicking buttons and so forth.
If you didn't use an API, then when trying to load a web page, you might find that it takes forever to load the page, you're waiting, waiting and eventually can't tell if there's something wrong with your internet connection or the server.
This is why APIs offer the ability for you to create a user experience for the user in a more streamlined process unlike no other.
APIs despite seeming quite complex are, in fact, at a top level quite easy to understand. However, they can often get quite complex when dealing with authentication and handling many API endpoints.
If you get stuck understanding what a particular API in your business does, it's probably worth sitting down and going through how it works, and how it communicates with other systems, in the long run, it'll all make sense.
As an e-commerce store owner, you understand the importance of having a reliable and efficient online presence. Let's look at why website uptime monitoring is so important for e-commerce. Read more today.Read more
As a business owner, ensuring customer satisfaction should be a top priority. One key aspect of customer satisfaction is having a reliable and efficient online presence, which is where website uptime monitoring comes in.Read more
As a website owner, uptime monitoring is crucial to ensure that your website is always available and functioning properly. In this article, we'll discuss how to maximize the efficiency of your website uptime monitoring strategy, including the use of tools, setting up alerts, and optimizing your website's performance.Read more