APIs - A quick overview explaining the fundamentals of what an API is and what it means to the business landscape
Over the pas 20 years APIs have been behind power moves such as: payments and commerce, APIs enabled the social revolution that Facebook and Twitter , APIs help manage cloud computing and Telecommunications. Even the "new" shiny kid on the block Machine Learning uses APIs.
All of it uses APIs.
Everyone doesn't need to be an expert but it is helpful to have an understanding of what an API is as it may help when selecting new software or when looking at how your business process workflows.
So what is an API?
APIs enable communication between your product or service and other products and services without requiring you to understand how they are built. With documentation that serves as a representation of a contract between parties: This is how party 2's program will react if party 1 submits a structured remote request.
In much simpler terms, say I want to book a hotel. I've got credits with a booking provider so I login to their website and search for a hotel. I find a hotel I like and make a reservation. The booking provider will send a request to the hotels booking system which will respond either confirming the booking or advising of the lack of capacity. This is called a request and a response.
Why should you care about APIs?
With APIs, programmers can integrate a lot more data and services into their apps from other sources and write a lot less code from scratch.
They can concentrate more on creating creative, feature-rich programs because they don't have to worry about the specifics of how a capability is implemented.
To put it simply, say we are on our booking platform and we update our email address. In this scenario all the platform needs to do is send the new details and the ID which identifies your account. There is no need for any business logic to be translated as this is done at the application level.
Most enterprise applications have an API available, almost all SaaS options do. This means that if you as a business want to extract or input data form another system you can do this while retaining the logic where it has been configured. Simply put your developers don't need to re-engineer work which your enterprise applications are already setup to do, integrations can be as simple as pulling and pushing information. If on the other hand you want to expose your own API then there are steps you need to take to make sure your data and that or your clients stay safe.
It is good to have a basic understanding of the building blocks in your IT landscape to get the most out of your assets.
The drawback to these advantages is that APIs make data accessible to others.
Every API's "responder" is actually the web server or database of the service provider. Because of this, attackers are very drawn to an organization's APIs—not just for the data they offer, but also as possible access points to other back-end systems within the infrastructure of the company.
APIs can be a major security risk for enterprises if the right safeguards and security controls are not in place.
When you consume SaaS application APIs or other enterprise APIs these generally have keys and other security mechanisms in place to ensure only those authorised can access data.
In summary, APIs enable you to automatically integrate between systems while keeping business logic in the application where it has been configured.