What is an API?

CodeWithHarry

30 Nov 202012:36

Summary

TLDRThis video explains how APIs (Application Programming Interfaces) facilitate communication between different systems, such as e-commerce platforms and airline ticket booking systems. It highlights how APIs act as intermediaries, enabling secure data exchange without exposing critical system details like passwords. Through relatable analogies, such as a waiter taking orders at a restaurant, the video illustrates how APIs handle requests and responses, ensuring systems stay protected while sharing only necessary information. The video also touches on API keys, their role in authentication, and practical examples in news and weather apps.

Takeaways

🔗 APIs (Application Programming Interfaces) act as intermediaries that enable different systems to communicate with each other securely and efficiently.
💻 E-commerce platforms like Amazon use APIs to interact with third-party sellers, allowing secure access to specific functionalities without exposing sensitive data.
✈️ For airline booking, APIs allow third-party websites like Paytm or Ixigo to communicate with airlines such as Indigo or Vistara, handling seat availability, booking, and updates in real-time.
🔐 An API key is used to authenticate requests, ensuring that only trusted entities can access specific resources. This prevents malicious actors from misusing the system.
🚫 APIs can reject requests if the authentication fails or if the requester exceeds allowed limits, acting like a 'security guard' for the actual system.
🍽️ The video uses the analogy of a waiter in a restaurant to explain APIs: the waiter (API) takes the order, communicates it to the chef (system), and returns with the response.
🔍 APIs typically expose only relevant data and functionality needed by external users, protecting core systems and sensitive information from being accessed directly.
📊 API usage is monitored closely to track who is using the data, how much is accessed, and whether the usage adheres to predefined rules and limits.
🌐 APIs can sometimes be open and free (no API key required), while in most cases, access is controlled using unique API keys and proper documentation.
📚 API documentation is crucial, outlining how to use the API, what data can be accessed, and rules for interacting with the system, making it easier for developers to integrate.

Q & A

What is an API and how does it work?
-An API (Application Programming Interface) is a tool that allows different systems to communicate with each other by exposing specific data and functionalities. It acts as an intermediary, allowing one system to send requests and receive responses from another system securely. For example, a third-party website like Amazon can use an airline's API to check seat availability or book tickets without accessing the airline's internal system directly.
Why don't companies like Indigo give direct system access to third-party websites?
-Companies like Indigo don’t give direct system access to third-party websites for security reasons. Direct access could lead to security vulnerabilities, data breaches, or system misuse. Instead, they provide an API with specific permissions and an API key to authenticate users, ensuring that only authorized requests are made.
How does an API key help secure interactions between systems?
-An API key helps secure interactions by authenticating the user or system making the request. The API checks whether the API key provided matches its records before processing the request. If the key is invalid or missing, the request is denied, preventing unauthorized access to the system.
What happens if an API request is made with an incorrect API key?
-If an API request is made with an incorrect API key, the system will reject the request and return an 'invalid credentials' error. Repeated invalid attempts can also result in the requester being blocked from accessing the system.
Can APIs work without an API key?
-Yes, some APIs are public and do not require an API key. These are often used when the data being shared is not sensitive and the server can handle multiple requests. However, for most use cases, an API key is required to authenticate and track users.
How do third-party websites like Amazon or Flipkart book airline tickets using APIs?
-Third-party websites like Amazon or Flipkart use an airline’s API to book tickets. They send a request to the airline's API endpoint, providing details such as flight information and an API key. The airline’s system checks the request and API key, processes the booking if valid, and sends back the confirmation.
What role does an API play in airline ticket booking systems?
-In airline ticket booking systems, APIs allow third-party platforms to communicate with airline servers to access information such as seat availability, booking status, and ticket prices. The API acts as a secure gateway that handles these requests and returns the relevant information or completes a booking.
Why is it important to have different endpoints for different types of API data?
-Having different endpoints for different types of API data ensures that systems only expose specific data to the right parties. For example, an airline might have separate endpoints for booking seats, checking seat availability, or flight cancellations. This segmentation improves security and makes API management easier.
What is the advantage of using an API for third-party integration compared to giving direct access?
-The main advantage of using an API for third-party integration is security. APIs allow systems to interact without exposing sensitive information or giving full access to the internal system. This reduces the risk of misuse, unauthorized access, and security breaches.
Can an API limit how often a user can make requests?
-Yes, APIs can limit how often a user can make requests. This is often referred to as rate limiting. If a user exceeds the allowed number of requests, the API can deny further requests or impose a delay. This prevents overloading the server and ensures fair usage.