This post is part of the series A Complete Beginner’s Guide To Hacking.
What Is An API?
API stands for Application Program Interface and is a way of one application interacting with another application, database or component.
If for example you want to interact with a database of users and get information about it or update some information then an API can be made for your code to use to do that, or if you want to find all the tweets currently tweeting with the word “duck” in to appear in your new website about ducks then you can use the Twitter API that Twitter has made for you to do this.
Because different applications can be written in different languages with different settings and other variations it can be difficult for them to exchange information. Even if they are both connected to each other and therefore can “hear” each other saying something they will not necessarily be able to understand what that something actually is. An API is an agreed standard or format for the information to be exchanged – if everyone is always sending it in the same form then everyone can be prepared to translate it out of that form into something they can understand and work with.
If I wanted to exchange directions with someone then describing them in English to a Mandarin Chinese speaker would be useless, even if we could hear each other. Even if I drew them on a map they’d never seen before it would be confusing and require them to align the new map with one they were familiar with before it could be useful. If however we both used an identical map then we could easily exchange directions by drawing them on the maps we both understood.
An API is code that defines what the map to be shared between both should look like, sometimes even changes your instructions into the correct format or map for you, so that both parties can exchange their info in a way both can understand.
How To Use Them
There are different types of APIs that have been developed over the years each with different pros and cons and uses.
For example libraries are software package APIs – these are most commonly used for niche applications, hardware and operating systems to talk to each other. You will often find the documentation (the instructions to use them) very specific to the particular API you want to use.
Most people using APIs though are using web APIs i.e. to exchange information online. There are two main types of web APIs: client-side and server-side.
Client-side APIs are made to develop and extend how a web browser (or other software package that uses HTTP) works. The most common form of this is with plug-ins – pieces of software you add on to your browser that will let your browser translate the information into the right format for you. For example, the Pinterest plug-in adds a button in the corner of your browser so when you want to “pin” websites to your Pinterest profile you can press the button on the browser and it will convert the instructions of “add that website to your profile” into a form that the Pinterest website can understand and process.
Server-side APIs are the most common for programmers to use. They work through you connecting your program to the same port as the other application your want to talk to, generally a HTTP port and exchanging the information in one of two main formats – SOAP or REST.
SOAP (Simple Object Access Protocol) means sharing the information written in XML or EXtensible Markup Language. XML creates an “envelope”, header, footer and often a “fault” (the error messages). It is becoming a bit of an outdated format so it is unlikely you will have to learn how to use this for most modern web applications.
REST (Representational State Transfer) lets you use HTTP verbs such as GET, POST, PUT, DELETE, etc, to share information. For example instructions saying GET could let you take information from a database but POST could let you add to it. This is the most common and an increasingly larger range of languages have pre-written code to translate information into this format and so making it even easier to use.
“thing1” : “value of thing1”,
“thing2_part1”: “value of this”,
“thing2_part2″:”value of that”
Hints and Tips
- Generally when you want to use an API you will find that it is accompanied by official documentation or instructions to use it. However sometimes these can be very unfriendly to use, like a single text document included in the GitHub page with the API code, but sometimes they can be great, like whole developed tutorials and webpages dedicated to teaching you how to use it. There are whole communities out there dedicated to developing documentation for popular public APIs (like getting information about Tweets from Twitter) so don’t despair if the official one is terrible.
- For a more general introduction to APIs, perhaps to get familiar with them before using a specific one, then I can recommend either completing the short courses for a few on something like Codecademy or if you want more technical detail then Zapier’s course on APIs.
- Often APIs that affect anything with private data, like social networks APIs, use “OAuth“. This is an open standard for authentication – basically rather than letting you have direct access to something like everyone’s login details, it keeps it secure and only allows you access to the particular information you’ve requested from the API and only if your code uses “token” or passwords provided by the company. It can be quite difficult to learn to use and if you know that you want to use an API with it then I recommend practising it beforehand. You will find that there are some general OAuth guides but most tutorials are based around using it in specific APIs.
- Programmable Web, Mashape and other websites provide lists of APIs to do all sorts of things. So if you are working on a project and want to do something in particular like generate random cat images from an online database, or send texts from your website, then those are good places to start your search – someone has probably made an API for that somewhere.
- Scrapers are sorts of APIs whose function is to go through something like Wikipedia or a database or webpage and allow you to access the information as if it was in an API format. However, they are virtually never 100% perfect and often mistakenly “scrape” unnecessary or incorrect information, or miss important information because they have been made so generally. However sometimes they’re good as a starting point to provide a proof of concept of a project, and if you become very familiar with them can be very useful tools at hackathons.
3 thoughts on “A Complete Beginner’s Guide To Hacking: APIs”
Thanks a lot for great article, I found it very interesting and useful for me.
Aw, this was an extremely good post. Taking the time and actual effort to make a really good article… but what can I say…
I hesitate a lot and never manage to get nearly anything done.
Hello, Thank you very much for the article it is very useful, I am interested in this API security/hacking for my job.