Log4j Vulnerability Response Center. Get Informed Now

DevOps and Security Glossary Terms

Application Program Interface (API)

What is an API?

The term API is an acronym that stands for "Application Programming Interface". An API is a specified communication protocol that allows two applications to interface with each other, or for a client application to access services or information contained within another application or database. APIs streamline the process of client-side software development by establishing a framework of communication with a central application or database. They allow users to initiate complex chains of tasks according to their requests without fully understanding what is happening behind the scenes.

How Does an API Work?

APIs are bits of code that match requests in one application with the desired outcome in a different application. These bits of code together establish a communication protocol that software developers can use to write functions that interface with the server. APIs act as an agreement between the client and the server, such that if the client sends a valid request in the specified format, the server will return a response in a specified format or initiate the desired action.

APIs can be used to interact with a variety of systems, including web-based applications, databases, operating systems, software libraries, and even computer hardware. If you are the administrator of a database, you could write a set of APIs that would allow other developers to build functions into their applications that call information from your database directly. This might help to drive additional business to your company or encourage more software developers to write applications on your platform.

What Are Some Common Examples of an API?

APIs have used and discussed in literature since the late 1960s, but they have never been more important than they are today. A growing number of web-based applications and SaaS products have emerged that depend on APIs for external communications that deliver key functions. Platform providers like Google, Facebook, Salesforce, and others have released APIs to the public that makes it easier to develop new tools and functions on their platforms and may actually lead to developer dependency.

Take Facebook's API for example:

The platform is used for building applications that can be offered and marketed to users on Facebook. The Facebook API offers a number of features that are attractive to software developers. They get access to Facebook's platform with over a billion users, they can capture valuable data from app users, including profile information and social connections and they can even harness Facebook's social sharing functions to have users advertise their releases for free using news feed and profile pages. Developers can even integrate social context into the application experience.

Together, these benefits make it more likely that software developers will release new applications on Facebook, which means more free games for users, better access to users for software developers and better user engagement for Facebook - so everybody wins.

The Facebook API is an example of a web-based application API, but what about an example of a database API?

Have you ever booked a flight or hotel online? If the answer is yes, chances are that an API was used to contact a database of available reservations and to help facilitate the booking.

Online travel agencies use Global Distribution System (GDS) service providers as their primary point of contact for sourcing data and making reservations for services that include flights, hotels, cars, rail travel, cruises and even travel insurance.

Amadeus, a world-leading GDS service provider, maintains current data on available reservations from 770 airlines, 650,000 hotel properties, 43 car rental agencies, 53 cruise lines, and 90 different rail carriers. Instead of interfacing with all of these contacts individually, travel agencies use the Amadeus API to access their database and facilitate bookings through the GDS instead.

Three Approaches to API Release Policy

Any developer can program an API that allows other software developers or applications to communicate with their program, but it is ultimately the release policy that governs who will use a given API and how that API will be used. There are three general models for releasing an API:

Private APIs

Some APIs are for internal use only. They may be programmed internally by an organization to achieve better integration between its internally operated software and services, but they won't be accessed by anyone from outside the company. A warehousing company might program a private API to facilitate communications between warehouse inventory applications and accounting, ensuring that financial projections are accurate to what is happening with the business.

Partner APIs

A technology company may program a set of APIs that can only be used by its authorized business partners. In the case of online travel agencies, GDS service providers charge a monthly or pay-per-use fee for access to their booking system. Online event ticket brokers also create their own partner APIs so that select business partners can create bookings in their systems using third-party applications. There are also banks and financial service companies that use partner APIs to make their services available through select partners.

Partner APIs allow organizations to access additional revenue streams and broaden their customer base while maintaining control over who can access their internal systems.

Public APIs

Public APIs are released to the public so that anyone can use them. Microsoft, Facebook, Google Maps, Uber, OpenTable, Airbnb, and eHarmony have all granted users of external applications access to their internal assets and data using public APIs. Public APIs are great for companies that want to broaden access to their platform, extend the reach of their branding, encourage software developers to build new products that use their platform and build new industry partnerships. Public APIs can also be leveraged as a data source, revealing information about the audiences and users that access an application or service.

Parse Logs from External Apps with Sumo Logic's RESTful API

Sumo Logic's web application includes a search interface where IT security analysts can parse through log files to investigate or review security and operational data. Using Sumo Logic's RESTful API, software developers can now integrate Sumo Logic's search functionality into external applications like Slack, PagerDuty, DataDog and more. Sumo Logic's RESTful API for search makes it easy to access and parse network event logs from the security or communication application of your choice.

Complete visibility for DevSecOps

Reduce downtime and move from reactive to proactive monitoring.