Application Programming Interfaces (APIs) are widely adopted in software applications and online platforms, but what are they? APIs enable communication between software applications and how they share data. They support many aspects of our mobile tech, allowing seamless functionality and integration. For example, when you view the weather on your Google Pixel 9 Pro, it’s delivered through an API. Imagine if every company that wanted weather data in their app had to build a weather data collection system or maintain a network of sensors. They simplify communication between systems, allowing developers to leverage existing tools and data rather than reinventing the wheel.
Connecting software through APIs
An API sets the rules and protocols for third-party software, such as a mobile app, to programmatically interact with another software’s data or features. APIs specify the types of requests client-side applications can make, the programming languages in which the requests can be made, and what data the server-side system will send back in response. It’s a way for one system to share its data or features with another, whether paid or free, while maintaining control over what’s shared.
The term predates the internet and was first introduced to the academic field of databases in 1974. Most of what we hear now relates to web APIs, which have enabled client/server interaction over the internet from the beginning. If we imagine a physical server room in a secure facility, we wouldn’t just walk into the server room to retrieve what we’re looking for. We might need to submit a request with several forms listing what data is available to us, hand it off to someone outside the server room, and then only receive what we requested.
From a programmatic view, web APIs typically use HTTP or HTTPS protocols and standards like JSON or XML format. That means programmers don’t need to learn anything about the server-side system and can use a familiar coding language to interact with it. It also means the server can more securely keep sensitive data out of view and only share what is available on those submission forms.
How APIs provide data to an app
Let’s look at an example of how APIs work in practice. Imagine an app developer who is creating a new application and wants to include a news feed focused only on Android articles. They choose to work with the News API to have an article feed that updates automatically. They find they can get the data they want by looking at the News API documentation.
The developer wants to test the feed in their app by fetching only Android-related articles from the previous day, sorted by popularity. The process starts with the developer signing up to obtain an API Key. The key is a unique identifier (UID), letting News API know which developer is making requests and ensuring only authorized users can access the data. They use a request with the parameters provided in the documentation to fetch the Android-related news:
https://newsapi.org/v2/everything?q=Android&from=2024-12-23&sortBy=popularity&apiKey=[USER_API_KEY]
Since this web API uses HTTPS protocols, a URL is used to request the data. The URL specifies the topic q=Android, the date range from=2024-12-23, the sorting method sortBy=popularity, and their API Key apikey=[USER_API_KEY]. The API key is often a long alphanumeric string of letters and numbers. The developer incorporates the URL into their app’s code, typically using programming languages like JavaScript or Python.
When the app sends this request to the News API server, the server processes it by checking the API key for validity, retrieving the requested data, and formatting it as a JSON response. The developer writes code to parse the JSON response from the News API, extract the relevant fields, and format it how the developer wants it to appear in their app. By leveraging another platform’s API, the developer avoids the need to build and maintain their news aggregation system.
Diverse uses of popular APIs
APIs enable a range of interactions with different platforms. Online payment services like Stripe have an API that allows businesses to accept payments. When you see the weather in an app or on a website, an API likely feeds it up-to-date information. Spotify has an API to access artists’ names, songs, and other info. Here are other interesting ways that APIs can be used:
- Unsplash has an API that allows you to fetch free stock images.
- Clearbit has an API that allows you to fetch company logos.
- Discord has an API that allows you to build and use custom bots.
- ILovePDF has an API that allows you to extract text, edit, and perform other PDF-related actions.
- CloudConvert has an API that allows you to convert numerous file formats.
- Ollama has an API that allows you to run Large Language Models (LLM) on your local machine.
- Notion has an API that allows you to create and manage content and sync data.
- NASA has an API that gives developers access to a wealth of space and science-related data.
Ethics and the misuse of API data
Source: Pexels
That doesn’t mean there aren’t security vulnerabilities and other problems with API data access, though. Our own Chris Thomas reminded us of the Cambridge Analytica scandal, where it was found that a data analytics and consulting company deceived consumers and harvested Facebook data from 50 million profiles using Facebook’s API.
Cambridge Analytica used data illegally harvested through Facebook’s API to build “psychographic” profiles on users (running targeted political marketing campaigns with over 1.5 billion impressions) to persuade them to vote for Trump in the 2016 election.
Cambridge Analytica used data illegally harvested through Facebook’s API to build “psychographic” profiles on users (running targeted political marketing campaigns with over 1.5 billion impressions) to persuade them to vote for Trump in the 2016 election. The Federal Trade Commission agreed that Cambridge Analytica violated the FTC Act through deceptive conduct in a unanimous 5-0 vote. Mark Zuckerberg apologized to users for the “breach of trust,” pledging to restrict API access and the data available through it.
Related
Facebook Marketplace’s dirty dozen: The 15 most common scams and how to avoid them
Be careful before hitting the buy button on Facebook Marketplace
Facebook isn’t alone when it comes to API issues. While it implemented its new API restrictions in 2018, TechCrunch reported a bug in Twitter’s API that matched 17 million phone numbers to their users’ accounts. In the same year, that was overshadowed when the Google+ API exposed the private data of over 500,000 users to third-party developers. A TikTok API endpoint vulnerability in 2020 allowed bug bounty hunter Muhammed Taskiran to take over an account with one click.
The future of APIs in modern technology
Source: Pexels
APIs will continue to be an integral part of app development, but as Chris Thomas noted in his article, the golden age of APIs may be coming to an end. Seemingly constant data breaches have shown us that not even our medical data is safe, with large corporations like Google and health insurance companies handing it over to them. Other big names like Reddit, Twitter (X), and LinkedIn are restricting their API access or, in some cases, cutting it off entirely. This could make app and firmware development more difficult in the near future.
