The functionality of application programming interfaces (APIs) is built upon several layers — one of which includes requests made to APIs to retrieve a service or data, or what’s otherwise known as an API call. To further explain what an API call is, let’s start with the basics of APIs.
The wave of API adoption
Application program interfaces, or APIs, are defined as a set of procedures and tools for building software applications. Designed to simplify software development, APIs enable developers to use other technologies and data as building blocks in their applications.
Rather than starting from scratch, developers can leverage resources already at their disposal to drive cost-effective and efficient product innovation. To put this into perspective, research showed that firms using APIs over a four-year period experienced 12.7% more market capital growth compared to those who did not use APIs.
With the benefits APIs bring to the table and digital transformation across all industries, it’s natural that the adoption of APIs has risen over the years. In a 2022 survey of 2,200 developers, 74% said they are using APIs for internal applications, 49% are working on third-party APIs, and 44% are working on partner-facing APIs. Alongside these results, the survey indicates that 68% of developers expect to increase API use in 2022.
Amid the growing conversation around APIs and their use, questions have naturally popped up about the parameters and protocols working behind the scenes of APIs. One of the most critical elements behind this exchange of data and functionality is API calls.
How do API calls work?
If you’ve ever downloaded an application — whether it’s to learn a new language or manage your bank accounts — you’ve likely been asked or prompted to fill in personal information like your email address and password after the download is complete. Once you click “Enter,” the information shared is sent to the API. This is an API call in action.
Like telephones, API calls enable APIs to talk to one another and exchange information. Once an API is set up and ready for use, a developer adds an endpoint to the URL that allows requests to be made to the API for more information. The request is assessed and forwarded to an external program, which then passes back data to give the user a response.
Examples of API calls
Circling back to the example above, the submission of a user’s log-in credentials via an app prompts an API call for the server to provide access. Once the server validates that the correct username and password have been provided, the user is granted access to the application.
Another context to think about API calls in is when you go to book a flight. As a user enters various details about their travel plans — the destinations, the travel dates, the seating arrangements, etc. — an API call is made to assess the request, gather data from the airline’s database, and return real-time availability and pricing information to the user.
These and other requests are configured so the same data is provided no matter the location from which the request is made or the type of device on which it is made.
The intricacies behind API calls
While API calls are designed to appear simple and seamless to the end user, each of these requests carry a lot of information to enable proper communications. Considering this volume of data, individual requests can span across multiple API calls to retrieve relevant information.
If just one of these calls experiences a delay, it can lead to significant latencies in response time and a less-than-ideal user experience that hurts the application’s speed and performance.
Wondering what constitutes a high-performance API in terms of response times? On average, response times should be between 0.1 and one second. Between one and two seconds, users are likely to notice some delay — a delay that becomes significant around the five-second mark.
The importance of API management
With each of these API calls, there’s also a conversation to be had around security. When an API call is made, it’s critical that the server is properly configured to defend against unknown or illegitimate sources, as well as to ensure users only have access to the data that should be available to them.
Otherwise, businesses are at greater risk of a data breach — the cost of which averages $4.35 billion as of 2022. That’s a 12.7% increase from $3.86 million in 2020.
Both of these variables lend themselves to the importance of proper API management. APIs, as well as all their endpoints, should be built for maximum efficiency while adhering to the highest standards of security, with the ability to quickly detect costly vulnerabilities before they rise to the surface.
This disciplined approach creates the foundation for an IT infrastructure that is scalable for the future and supports further digital transformation.
API security is an essential part of API design. Discover 10 ways to stay ahead of rapidly evolving cyberattacks security threats.