APIs and Protocols

Every time you check the weather on your phone, book a ride through a transportation app, or see your social media feed update in real-time, you're witnessing Application Programming Interfaces (APIs) at work. APIs are the invisible contracts that allow software systems—built by different teams, in different programming languages, running on different continents—to communicate seamlessly.

In the age of microservices, cloud computing, and mobile applications, APIs have become the fundamental building blocks of modern software architecture. Understanding APIs isn't optional for software engineers—it's essential. APIs define how systems speak to each other, what they can request, what they can expect in return, and how errors are handled when things go wrong.

An Application Programming Interface (API) is a precisely defined contract that specifies how one software component can interact with another. At its core, an API answers three fundamental questions:

1. What operations are available? — What can a component do?
2. How do you invoke those operations? — What inputs are required, and in what format?
3. What will you receive in return? — What outputs or side effects should you expect?

The beauty of an API lies in its abstraction. When you use an API, you don't need to know how the underlying system implements its functionality. You only need to know the interface—the agreement between caller and callee about inputs, outputs, and behavior.

Formal Definition:

Computer scientist David Parnas, who pioneered modular programming, described interfaces as specifications that:

"Define the externally visible behavior of a module without revealing internal mechanisms."

This principle applies whether we're discussing a function's signature in a programming language, a class interface in object-oriented design, or a network API exposed by a web service. The API is the boundary—the point where two systems meet and agree on how to cooperate.

Key Characteristics of APIs:

• Contract-based: Both parties (provider and consumer) agree on the API's behavior
• Versioned: APIs evolve over time, with version numbers signaling compatibility
• Documented: Clear documentation describes expected usage patterns
• Stable: Good APIs minimize breaking changes that disrupt consumers
• Discoverable: APIs should be easy to find and explore

The concept of APIs has evolved dramatically over computing history, expanding from local function calls to globe-spanning network interfaces. Understanding this evolution illuminates why modern APIs work the way they do.

Phase 1: Library APIs (1960s-1970s)

The earliest APIs were library interfaces—collections of functions you could call within the same program. When you include a math library and call sqrt(16), you're using an API. The library defines the function signature, and you call it with the correct arguments.

These local APIs had key properties:

• Same process, same memory space
• Direct function invocation—no serialization needed
• Errors appeared as exceptions or return codes
• Essentially instantaneous execution

Phase 2: Operating System APIs (1970s-1980s)

As operating systems matured, they exposed APIs for applications to request system services—file operations, memory allocation, network access. These system call interfaces crossed the boundary between user space and kernel space.

Notable examples:

• POSIX APIs for Unix-like systems
• Win32 APIs for Windows applications
• System calls like read(), write(), fork()

OS APIs introduced privilege boundaries. The caller (user application) and callee (kernel) ran in different protection domains, requiring careful interface design.

Phase 3: Remote APIs and RPC (1980s-1990s)

With networking, APIs crossed machine boundaries. Remote Procedure Call (RPC) emerged, allowing programs to call functions on remote systems as if they were local. Sun RPC, DCE RPC, and later CORBA enabled distributed computing.

This introduced fundamental challenges:

• Network latency: Remote calls take milliseconds, not microseconds
• Partial failure: The network or remote server can fail independently
• Serialization: Data must be converted to/from network formats
• Heterogeneity: Different machines may use different encodings

These challenges persist in all network APIs today.

Phase 4: Web APIs and REST (2000s-Present)

The explosion of the World Wide Web transformed API design. Web APIs use HTTP as the transport, leverage URLs for resource identification, and typically exchange data in JSON or XML format.

Roy Fielding's REST (Representational State Transfer) architectural style, published in 2000, became the dominant paradigm. REST embraces HTTP's verbs (GET, POST, PUT, DELETE) and stateless communication.

Modern characteristics:

• HTTP-based: Uses the ubiquitous web infrastructure
• Resource-oriented: URLs identify resources, not operations
• Stateless: Each request contains all necessary context
• Human-readable: JSON payloads are easy to debug
• Cross-platform: Any language with HTTP support can participate

The most important mental model for APIs is the contract metaphor. Just as a legal contract specifies obligations between parties, an API contract specifies obligations between software components.

The Provider's Obligations:

• Accept requests conforming to the documented format
• Perform the advertised operation correctly
• Return responses in the documented format
• Handle errors gracefully and report them meaningfully
• Maintain backward compatibility within a version

The Consumer's Obligations:

• Send valid requests according to the documentation
• Handle all documented response types, including errors
• Respect rate limits and usage policies
• Prepare for eventual API deprecation and migration

Contract Components:

A complete API contract includes:

1. Endpoints/Operations: The named actions or resources available
2. Request Schema: The structure and types of input data
3. Response Schema: The structure and types of output data
4. Authentication: How callers prove their identity
5. Authorization: What permissions are required for each operation
6. Error Codes: What failures can occur and their meanings
7. Rate Limits: How frequently the API can be called
8. SLAs: Performance guarantees (latency, availability)

Breaking vs. Non-Breaking Changes:

Maintaining contracts requires understanding what changes are backward-compatible:

Breaking changes require careful versioning and migration strategies.

APIs come in many forms, each suited to different use cases. Understanding these types helps you choose the right approach for your requirements.

Architectural Styles:

Beyond access levels, APIs differ in their architectural approach:

1. REST (Representational State Transfer)

• Resource-oriented: Every entity is a resource with a URL
• Stateless: No session state on the server
• Uses HTTP verbs (GET, POST, PUT, DELETE)
• Returns JSON or XML representations
• Most common for web services

2. GraphQL

• Query-oriented: Clients specify exactly what data they need
• Single endpoint for all queries
• Strong typing with introspection
• Solves over-fetching and under-fetching problems
• Popular for complex, interconnected data

3. gRPC

• RPC-style with Protocol Buffers for serialization
• Binary format for efficiency
• Built-in streaming support
• Generated client/server code
• Ideal for internal microservices, low-latency requirements

4. WebSocket APIs

• Persistent, bidirectional connection
• Real-time data streaming
• Server can push updates to clients
• Used for chat, gaming, live feeds

Within the context of computer networks, APIs are the application layer's primary mechanism for enabling distributed computing. They sit at the top of the protocol stack and give developers the power to build networked applications without worrying about lower-layer details.

The Layered Architecture Connection:

Recall the network protocol stack:

┌─────────────────────────────┐
│   Application Layer (APIs)  │  ← You are here
├─────────────────────────────┤
│   Transport Layer (TCP/UDP) │
├─────────────────────────────┤
│   Network Layer (IP)        │
├─────────────────────────────┤
│   Data Link Layer           │
├─────────────────────────────┤
│   Physical Layer            │
└─────────────────────────────┘

APIs abstract away everything below the application layer. When you call GET /api/users/123, you don't think about:

• TCP connection management and reliability
• IP routing and fragmentation
• Ethernet framing and MAC addresses
• Physical signal encoding

This abstraction is essential for productivity. Developers focus on business logic while the network stack handles delivery.

Network-Specific API Considerations:

Unlike local APIs, network APIs must address distributed systems challenges:

1. Latency

• Network calls are 10,000-1,000,000× slower than local calls
• APIs should support batching to reduce round-trips
• Caching becomes critical for performance

2. Partial Failure

• The network can fail between request and response
• The server can crash mid-operation
• Clients need retry logic with idempotency guarantees

3. Bandwidth Constraints

• Large payloads are expensive on mobile networks
• APIs should minimize data transfer (sparse fieldsets, compression)

4. Security

• Data crosses untrusted networks
• APIs need authentication, authorization, and encryption (TLS)
• Rate limiting prevents abuse

5. Versioning

• Unlike libraries, you can't force all clients to upgrade simultaneously
• APIs need explicit versioning strategies

To truly understand APIs, let's trace a complete API call from client to server and back. This walkthrough reveals the many layers of abstraction at work.

Example Scenario: Fetching a User Profile

A mobile app wants to display user #42's profile. Here's what happens:

Step 1: Client Constructs the Request

GET /api/v2/users/42 HTTP/1.1
Host: api.example.com
Authorization: Bearer eyJhbGciOiJIUzI1NiIs...
Accept: application/json

The client:

• Uses the correct HTTP verb (GET for reading)
• Constructs the URL with the user ID
• Includes authentication credentials
• Specifies the desired response format

Step 2: DNS Resolution

• The client resolves api.example.com to an IP address
• This involves queries to DNS hierarchies (root → TLD → authoritative)
• Result: 203.0.113.50

Step 3: TCP Connection

• Client initiates a TCP handshake (SYN → SYN-ACK → ACK)
• For HTTPS, a TLS handshake follows (certificate exchange, key negotiation)
• A secure, reliable connection is established

Step 4: HTTP Request Transmission

• The HTTP request is sent as a stream of bytes
• TCP handles segmentation, flow control, and retransmission
• IP handles routing across the internet

Step 5: Server Processing

• The load balancer receives the request and forwards to an available server
• The server's HTTP framework parses the request
• Middleware verifies the JWT token (authentication)
• Authorization checks: Can this user access user #42's data?
• Business logic queries the database for user #42
• Response is serialized to JSON

Step 6: Response Transmission

• The HTTP response travels back through the same TCP connection
• The client receives and parses the JSON

Step 7: Client Handling

• The client deserializes the JSON into a native object
• The UI updates to display Alice's profile
• The response might be cached for future requests

Total Time Breakdown (Typical):

• DNS lookup: 0-50ms (often cached)
• TCP + TLS handshake: 50-100ms
• Request transmission: 5-20ms
• Server processing: 10-100ms
• Response transmission: 5-50ms
• Total: 70-320ms

This entire process is abstracted behind a simple API call like fetch('/api/v2/users/42').

Real-world applications often employ multiple layers of API abstraction, each serving a different purpose. Understanding these layers helps architects design clean, maintainable systems.

We've established the foundational understanding of APIs—what they are, why they exist, and how they enable modern distributed computing. Let's consolidate the key concepts:

What's Next:

Now that we understand what APIs are conceptually, the next page explores Protocol Standardization—how industry-wide standards like HTTP, JSON, and OpenAPI enable interoperability, and why standardization is critical for the global ecosystem of interconnected services.