Last Updated:

What is an API and how does it work?

You've probably come across the acronym API. Updates to operating systems, web browsers, and other applications often announce new APIs for developers. But what are APIs and how do developers use them?


What is an API?


An API (short for "Application Programming Interface") is an application programming interface that provides the developer with a set of functions along with a description of what these functions do. A developer does not need to know how, for example, the operating system creates and displays the Save As dialog box. It is enough that such functionality exists and is available for use in the developer's application.

The API is somewhat reminiscent of the menu in a restaurant: there is a list of dishes that you can order, as well as a description of each dish. When you specify which menu items you want to choose, the restaurant kitchen does all the cooking work and gives you a few ready meals. You don't know exactly how the restaurant prepares the selected food, and you don't need to know.

APIs allow developers to save time, thanks to the ability to use the advantages of the functionality implemented by the platform to perform various tasks. This helps reduce the amount of code a developer has to write, and also provides greater consistency across applications on the same platform. APIs can control access to device hardware and software resources.

How do the APIs work?

Let's say you want to create an iPhone app. To make this task easier for you, Apple's iOS operating system, like any other operating system, provides a large set of APIs. For example, if you want to have a means of displaying one or more web pages in your application, you won't need to program your own web browser from scratch. Just access the WKWebView API to embed the WebKit engine (Safari) into your application.

If you want to take photos or take videos from an iPhone's camera, then, again, there's no need to write your own camera interface when you already have the API ready. With it, you can easily add the capabilities of the built-in iPhone camera to your app. If there were no API, application developers would have to implement their own software and properly process the data coming from the camera. But the creators of Apple's operating systems have already done all this hard work for them, so developers can simply use ready-made APIs to embed the camera and start creating their application. And when Apple improves the camera API, all apps that use it will automatically receive these improvements.

It is worth noting that this applies to any other platform. For example, do you want to create a dialog box in Windows? There is an API for this. Want to support fingerprint authentication on Android? There is also an API for this.

When you log in to Facebook from your smartphone, you tell the Facebook app that you'd like to access your account. The mobile app makes an API call to get your Facebook account information. Facebook then accesses this information from one of its servers and returns the data back to the mobile app.


APIs of this type are the most common and belong to the so-called Web API. For almost every service that expects interaction with other services, there are APIs that allow developers not to reinvent the wheel every time.

Where are the APIs used?

Consider the most popular applications:

APIs are used in desktop applications.

APIs are at the heart of most web applications.

APIs make it possible for mobile applications to exist.

APIs are an integration for so-called no-code solutions.

APIs allow different devices to connect to the Internet.

APIs define rules for transferring information between applications, systems, and devices.

APIs are even present in everyday things like cars, doorbells, dishwashers, and wearables.


API and resource access control

APIs are also used to control access to resources (both software and hardware) that your app might not have permissions to use. That's why APIs often play a big role in security.

For example, when you visit a website and see a message in your browser that the website is asking for permission to determine your exact location, it means that the website is trying to use the Geolocation API in your web browser. Web browsers provide such APIs to make it easy for web developers to access your location: they can simply ask about your location, and then the browser itself will do all the hard work of accessing GPS or nearby Wi-Fi networks to determine your geolocation.

At the same time, browsers provide this information through the API, because in this case it is possible to control access to the requested functions. When a website wants to access your exact location, the only way to do so is through a specialized location API. And when a website tries to use it, you, as a user, can allow or reject the request. The only way to access hardware resources (such as a GPS sensor) is through an API. Therefore, the browser can control access to hardware and limit the capabilities of applications.

The same principle is used in modern mobile operating systems such as iOS and Android. On these systems, mobile apps have permissions that you can use to control their access to the API. For example, if a developer tries to access a camera through the camera API, you can reject the request and the app won't be able to access your device's camera.

File systems that have built-in permission support use them to control access to file system APIs. A typical application does not have direct access to the data on the hard disk. Instead, it should access the files through the API.

APIs and service-to-service communication


The use of the API occurs for many other reasons. For example, if you've ever seen a website's built-in Google Maps service, then it means that the website uses the Google Maps API. Google provides similar APIs to web developers, who can then use them to host complex objects right on their website. If such APIs didn't exist, developers might have to create their own maps and provide their own map data just to put a small interactive map on the website.

And, because it's an API, Google can control access to its maps on third-party websites, ensuring they use it in a consistent way, rather than trying to randomly embed a frame that shows, for example, a Google Maps website.

This also applies to many different online services. There are APIs for requesting a translation of text from Google Translate or for posting Facebook comments, etc.

The OAuth standard also defines a number of APIs that allow you to log in to a website using other services, such as using your Facebook, Google, or Twitter accounts without creating a new user account on the current website. APIs are "contracts" that define how developers interact with services and the kind of output that these developers need to get back.


APIs have been around for a long time and will continue to exist as long as businesses use them in their operations. They are very versatile and fast. Hopefully now you have a little better understanding of what APIs are and how they work.