API
What Is an API?
API stands for Application Programming Interface. It defines rules and formats that allow different software systems to communicate with each other.
Types of APIs
Open APIs
Also called public APIs. These APIs are publicly available and can be accessed with minimal restrictions.
Partner APIs
These APIs are shared with specific business partners and usually require authorization, contracts, or licensing.
Internal APIs
Also called private APIs. Organizations build these for internal systems and teams to improve reuse, integration, and productivity.
Composite APIs
Composite APIs combine multiple service or data calls into a single request to reduce round trips and improve performance.
Web Service API Styles
SOAP
Uses XML-based messaging with strict standards and contracts (commonly WSDL).
REST
Uses HTTP methods such as GET, POST, PUT, PATCH, and DELETE to work with resources.
JSON-RPC
A lightweight remote procedure call protocol that uses JSON for request and response payloads.
XML-RPC
A remote procedure call protocol that uses XML for payload formatting and is typically transported over HTTP.
Examples of Popular APIs
Razorpay API
Google Maps API
Spotify API
Twitter API (X API)
Weather API
PayPal API
Paytm API
HubSpot API
YouTube API
Amazon API
Travel Booking API
Stock Market API
API Testing Tools
Postman
Postman is one of the most widely used tools for manual and automated API testing. It supports request collections, environments, scripting, and API documentation.
Ping API
Ping API is an API testing platform that supports request validation and automated test scripts.
vREST
vREST is an online API testing and mocking tool for REST/HTTP APIs. It can be used for automated testing, recording, and specification workflows.
Key Features of APIs
Provide access to valuable data, services, or business functionality.
Support product and platform business models.
Are flexible and can be adopted quickly by developers.
Can be managed and measured with monitoring and analytics.
Offer strong developer support through docs, SDKs, and tooling.
API Design Best Practices
Resource-Based Endpoints
Prefer resources over action-oriented naming.
Bad:
1GET /getUsers
2POST /createUser
3GET /getUser/{id}
4PUT /updateUser/{id}
5DELETE /deleteUser/{id}
Good:
1GET /users
2POST /users
3GET /users/{id}
4PUT /users/{id}
5DELETE /users/{id}
Use Proper HTTP Methods
Method |
Purpose |
|---|---|
GET |
Retrieve data |
POST |
Create a new resource |
PUT |
Replace or update an existing resource |
PATCH |
Partially update an existing resource |
DELETE |
Remove a resource |
Use Correct Status Codes
Do not always return 200. Choose a status code that matches the outcome.
Status Code |
Meaning |
|---|---|
200 OK |
Request was successful |
201 Created |
Resource was created successfully |
204 No Content |
Request was successful, no response body |
400 Bad Request |
Request is invalid or cannot be processed |
401 Unauthorized |
Authentication is required |
403 Forbidden |
Authenticated, but not allowed |
404 Not Found |
Requested resource does not exist |
500 Internal Server Error |
Unexpected server-side failure |
Consistent Naming and URL Structure
Use predictable naming for endpoints, parameters, and payloads.
Good:
1/users
2/users/{id}
3/users/{id}/posts
4/users/{id}/comments
Bad:
1/getUserData
2/createNewUser
3/updateUserInfo
4/deleteUserAccount
5/fetchCommentsForPost
URL hierarchy should reflect resource relationships.
Versioning Strategy
Version APIs from the beginning.
Common example:
1/api/v1/products
2/api/v2/products
Pagination
Avoid returning very large result sets in one response.
Offset-based pagination:
1GET /products?page=1&limit=20
Cursor-based pagination (preferred for large datasets):
1GET /products?cursor=abc123&limit=20
Standard Response Format
Keep response structure consistent across success and error cases.
Success example:
1{
2 "status": "success",
3 "data": {
4 "id": 1,
5 "name": "Product Name",
6 "price": 19.99
7 },
8 "message": null
9}
Error example:
1{
2 "status": "error",
3 "data": null,
4 "message": "Product not found"
5}
Authentication and Security
Minimum baseline:
Use HTTPS to protect data in transit.
Use JWT for stateless authentication where appropriate.
Use OAuth 2.0 for third-party integrations.
Apply rate limiting to prevent abuse.
Validate and sanitize input to reduce injection and parsing risks.