As my inaugural “Breaking the Tech Barrier” post, I’m excited to tackle the question – “What is an API?”. This is one of my favorite questions to answer, for the following reasons…
- People (especially those in the tech industry) talk about APIs a lot.
- The concept of an API is one that is surprisingly difficult to grasp – at least initially.1
- Understanding the potential applications of APIs reveals an incredible new way of thinking about the services we use every day.
- I think I’ve got a pretty good analogy for illustrating what APIs are and how they work.
First off, we’ll start with the acronym.
API stands for “Application Program Interface”.
What that term exactly implies isn’t super important right now, but you may be pleased to hear that it should make sense by the time you finish reading this.
Let’s Play a Game
Non sequitor – have you seen the Saw films?
If not, you should really see-saw.2 Alternatively, perhaps you’ve seen Pinocchio, my favorite flick involving a lying piece of anthropomorphic wood.
Though a psychological horror film and a children’s movie may appear particularly dissimilar in nature, they do share one thing in common, which I’d like to dwell on today – dolls.
A World of Dolls
Imagine, if you will, a world in which all of the services you and I use every day were simply dolls.
When you want directions to your dinner reservations, you ask a little doll named “Google Maps” to look it up and tell you how to get there. When you want to know what your friends are up to, maybe you consult the dolls called “Facebook” or “Twitter” or “Snapchat”, and they tell you what’s going on. Hailing a cab? The “Uber” doll will find you a driver. Sometimes you’ll be bothered by a horrible little doll called “Candy Crush”, who your friends have sent to request more candy.3
Furthermore, imagine that tech companies are just like Geppetto (Pinocchio’s maker). They build these dolls that are designed to accomplish a specific task, and they sell them to consumers like you and I to make use of.
In other words, think of the App Store like a doll market.
Upgrading an app? It’s just like trading in your old doll for a newer model with more features. And this concept doesn’t just apply to applications you install on a phone or computer – you could be giving commands to a faraway doll via your web browser, too.
OK – so now we’ve firmly established the way things work in our weird, dolled up future.4
Now let’s say you’re hanging out one day with all of your favorite little dolls. To pass the time, you decide to grab your “Google Maps” doll and consider all the stuff it has to know how to do, all in the name of feeding you good directions. Your list might look something like the following:
- Manage and visualize an up-to-date map of streets and land features for the entire world.
- Identify the shortest routes to get from point A to point B, while following traffic rules.
- Access and report on traffic conditions, mass transit schedules, and more.
- Manage a repository of every business and its location – not to mention hours of operation, reviews, contact information, and more.
- Display and speak multiple different languages.
After generating the list above, you might exclaim, “Why, a puppet with that kind of power could do a whole lot more than just give me directions!”
Elmo’s feelings be damned, maybe you keep thinking and come up with a couple other functions that the “Google Maps” doll could serve. Here are a few examples:
- An app for runners, which plots their favorite running routes on a visual map.
- An app for late night munchies, which lists nearby food options that are open late.
- An app for socializing, which lists public events and venues that folks can attend.
If you can believe it, all of the above ideas can all be built using the API for Google Maps.
Pulling the Strings
So how exactly does an API change the way we interact with our favorite “Google Maps” doll?
Well, imagine that instead of a doll, “Google Maps” is actually a marionette with strings that you can pull to make it do what you want.
One string might access the part of the “Google Maps” doll which renders the street maps. Another string can add markers and other icons to those maps. Still another might look up nearby businesses and their details.
An Application Program Interface (API) is like a set of strings for a marionette. It serves as an interface for accessing the functionality of an existing application.5
In order to manage access to the strings, every API must manage the following two things:
- Authentication – This means ascertaining the identity of a consumer6 who has requested access to the strings.
- Authorization – This means determining which strings (if any) the authenticated consumer can access. This may also involve thresholds for how frequently or how many times a string can be pulled.7
Both of these terms are often confused or used interchangeably, which makes sense – they both start with the same four letters (“auth”). One way that I keep them straight is to think of them like so:
- If I want to get past the lobby of a corporate building, I’ll have to furnish an authentic form of identification, like a driver’s license. (that’s “authentication”)
- If I want access to a specific business’s suite for a meeting, I’ll need to follow someone with authorized card access into the space. (that’s “authorization”)
You can also think of them in alphabetic order – “authentication” comes before “authorization” in the dictionary, the same way it does in practice.
The Art of Puppetry
So why would a company choose to expose an API to third-parties?
Think about it this way.
If you’re a doll maker, then what are the best ways for you to grow your doll-making business? First off, you’d want to make a doll that was useful and that consumers would want to buy. But at a certain point, you can only make so many dolls and only solve for so many use cases yourself.
If, however, you’ve built features which would be useful for other dolls to make use of, you could expose your strings to other doll makers. Doing so benefits others because they don’t have to spend time rebuilding something you’ve already created, and it benefits you because either your brand is shown off in their dolls (e.g., “powered by Geppetto“), or you’ll charge a licensing fee. In either case, their success equals your success.
As an example, Uber uses both the Google Maps and Stripe APIs for map rendering and card payments, respectively. Their app might look a little bit like this in doll form:
You ask Uber to get you a driver and it complies, making use of other services to help it out. It’s all transparent to you, but Uber is consuming the Google Maps and Stripe APIs under the hood.
When it comes to designing an API for public consumption, you’d probably want think about it the same way one might think about designing marionettes, too. You’d want to make the puppet easy enough for an amateur to pick up, but full-featured enough that sophisticated puppeteers would still find it useful. You might even write a book (i.e., documentation) on how to get the most expression out of your puppets. Before long, everyone will be using your puppets in their projects, and you’ll have developed for yourself a pretty successful business.
Thus far we’ve primarily considered APIs as granting access to specific features of existing, consumer-facing apps. In reality, though, companies will often build a service that is only ever made to be strings for other doll makers. An example of this would be Twilio, which handles automated text messaging and phone calls for other apps, or Stripe, which does the same for credit card payments. Almost anything can be exposed via an API.
Now, this isn’t to say that every product or app has to have an API, or that those who build an API have to expose every piece of its functionality. It’s entirely up to the company that owns the doll which pieces of it are accessible to what parties. Indeed, many companies (like Amazon, famously) employ a “Service-Oriented Architecture” (SOA), which basically involves defining a set of APIs that are used strictly for internal, infrastructure-related purposes.8 As much as we might like to, outsiders don’t have access to those strings. (frownyface)
Anyway, hopefully this post has given you a better understanding of what APIs are, how they work, and why they are so important in this world of connected technology! That’s all I’ve got for now. What did I miss? What still leaves you with questions? Leave me a comment below to let me know!
And – if you think you’ve got the basics of APIs down, why not give the following a try:
- Pick your two favorite mobile apps.
- Make a quick list of the things each must be able to accomplish in order to function.
- Mix and match one or two “powers” from each app and come up with a new service that you might find useful.
- Congrats – you’ve just invented your first mash-up!
- In all honesty, I was two years into my CS degree when it finally clicked.
- Not apologizing for the dad joke.
- Or some shit like that; I don’t know what the hell’s going on there.
- I, for one, welcome our new doll overlords
- This is precisely why the verb “expose” is often used to describe access to an API. A company will expose an API, which allows access to the strings behind their puppets.
- Incidentally, the word commonly used to describe using an API is “consume”, as in “This app consumes the Google Maps API”.
- This practice is called “rate limiting” and is important to prevent abuse.
- Not to worry, I’ll cover this concept in greater detail within another post!