What are APIs anyway?
Everyone’s heard of APIs these days. Facebook has them, Twitter has them, Hotmail has them, Microsoft Office has them, Windows has them, Mac OS has them, pretty much everything has them. I’m going to try and explain in simple terms, but also, almost by contradiction, in detail, what an API really is. I’ll try and explain why SOAP isn’t how you clean yourself, and how being restful isn’t the same as being lazy.
APIs aren’t new, in fact, APIs are really really old.
Let’s start with a really simple definition. API is an acronym and it stands for “Application Programming Interface”
To steal the current definition from Wikipedia “An application programming interface (API) is an interface implemented by a software program to enable interaction with other software, much in the same way that a user interface facilitates interaction between humans and computers. APIs are implemented by applications, libraries and operating systems to determine the vocabulary and calling conventions the programmer should employ to use their services. It may include specifications for routines, data structures, object classes and protocols used to communicate between the consumer and implementer of the API.”
That’s a mouthful. So to translate that into English, an API is a pre-defined set of “stuff” that allows one program to “talk” to another program. This “stuff” is normally a set of “functions” that another program can call which makes the program being called do something. Sometimes that other program is really just another part of the same program, and sometimes it’s a different system on a different machine in a different country. That something is normally described in some kind of documentation, written somewhere, by someone.
If this sounds really vague it’s because in the real world, it really is. Some of the first “APIs” involved dropped text files into directories on a computer that another program would watch for a read from, and subsequently do “something”. Arguably the most widely used API is the one that we use to write software for Windows (the Win32 API) and by contrast, that’s a C++ library of code that you can only call if you’re a programmer. In the real world, we’ve tried to solve some of this ambiguity by standardizing the way APIs work around a few common bits of technology; both for our own sanity and to hopefully help software all just kind of work together.
A lot of APIs are code libraries called by other code libraries to do a specific task. Microsoft released DirectX to deal with 3d graphics, OpenGL offered an open alternative. Microsoft released the Windows API for Windows development; Apple released Carbon and Cocoa to program Mac OS. That said when you hear about or discuss APIs casually, what you’re probably thinking about are actually “Web APIs”.
A Web API is an API like anything else, except it’s designed to work over the web. As a result of this, since about 1994, there have been a number of efforts by a number of people (yes, that vague again!) to standardize the way systems communicate over the internet.
At first, everyone kind of invented their own way of communicating over the internet, people would connect to a server on some port (a port is just a pre-defined “way in”) and send some random pre-defined data in there, and that would make the computer at the other end do something. Every API was different, and every time that you needed to talk to a different system, you had a really steep learning curve to work out how to talk to every application you wanted to integrate with. It was a bit rubbish really.
So in 1998 a bunch of really smart people (Dave Winer, Don Box, Bob Atkinson, and Mohsen Al-Ghosein) got together and came up with SOAP (“Simple Object Access Protocol”). SOAP is a big bunch of XML that was designed (and ratified) as a standard language that every different system could understand. SOAP is often also referred to as “web services”.
Basically it was designed to reduce the learning curve of learning the details of each system. So now, if Timmy wanted to talk to Peters shiny new web application, he could point his developer tools at a standard location (something called a WSDL (web service description) document) and he could just ask Peters web application what it did, and how he could use it.
SOAP was actually pretty good and solved a lot of problems and is still widely used today. It really made waves by helping Microsoft software work pretty well with Java software and everyone was happy.
See, because SOAP was solving a lot of big problems in freaking huge enterprise systems, it had a lot to be concerned about; lots of security, lots of encryption, lots of authentication. That meant that the SOAP “language” was pretty big. As an example, here (stolen from Wikipedia again!) is the SOAP message that would be sent across the internet to get the current stock price of IBM, from some cool stock price giving web service.
POST /InStock HTTP/1.1
Content-Type: application/soap+xml; charset=utf-8
People soon started thinking “Look at all that crap! What’s it all for! Why do I need it?! There’s lots of overhead here! It slows me down!” and everyone thought “oh actually, well said” and RESTful web services were born.
REST is yet another stupid acronym that actually doesn’t count as an acronym because it uses random letters but developers think is either cool clever or funny. What it claims to mean is “REpresentational State Transfer” and was largely both a reaction to the complexity and overheads of SOAP, but also being designed by Roy Fielding (one of the authors of the “Hypertext transfer protocol”, the silly http:// bit you type in a browser) it was conceived as an API model that was “closer to the nature of the web”.
What this means to us lay folk, is that while SOAP can technically be used over other protocols (it’s not bound to http), and as such has to bake in security and authentication models into its protocol, REST is designed specifically for the web, it doesn’t work without the web, and it wouldn’t make any sense without the web. Fielding basically decided that “the web does all of that stuff anyway”, we have security via https / SSL certificates, we have semantics that describe getting and pushing data in the HTTP headers (HTTP headers explain what you’re trying to do to the server you’re connecting to, for example, you use GET for getting stuff, POST and PUT for doing stuff), so let’s just use that and be done with it.
As a result of this way of thinking, REST is a simplified and less general Web API pattern, not concerned with infrastructure like SOAP is. I’ll convert the above stock price example into a REST example below.
GET /Stocks/Price/IBM HTTP/1.1
Content-Type: application/xml; charset=utf-8
Basically, REST takes out all the fluff, an decides that if you want to get a stock price for IBM, just make a GET request to the URL http://www.example.org/Stocks/Price/IBM and let the web server at the other end work out what to do from the URL.
The above example would probably return an XML document that looks like this.
<stocks><stock name=”IBM” price=”3.45”/></stocks>
People have started to gravitate towards REST due to its simplicity. There’s lots of other stuff a RESTful web service should do, it should provided you with all the information that a computer would need to go through a process, just like a user interface gives the user all the information they need to click through a process, but fundamentally it’s simple and leverages the existing semantics of the web to its advantage.
Ok, Give Me One Of Those!
So now we know what an API is there to do (let two systems talk to each other) and how they do it (as a general rule, either via SOAP or RESTful services) and we know that everyone else has one, let’s get one of our own.
There are plenty of tools available in pretty much any programming language to make making creating APIs pretty easy. There are plenty of design concerns to take into account when building an API but in my opinion, the way to approach the problem is to work out what your users really want to do with your application, website or platform, and let them do it.
A good API lets another programmer talk to your system using terms that he understands, so take the time building up a glossary of your business terms vs. what the public understands those concepts to be. Don’t build API methods that look like:
because it means nothing to anyone, instead, build a bunch of methods that make sense for people to use, the above example could look like this instead:
Watch your language, and build sensible interactions with your system. Don’t make APIs for stuff that isn’t going to be used, and where possible, just have the APIs call the same code that your website does.
Get this right, and you’re on a gradual but successful road to calling your “website” a “platform”.