When you hang around programmers, you might have heard about APIs and how they can be used to perform certain tasks or retrieve some data. But what are these exactly, and why were they created? Let me explain the problem with a simple, non-IT related example. When you go to a restaurant and order some food, you interact with the waiter. You can order food and drinks, ask questions about the menu, request and pay the bill, and much more. In this example, the waiter is shielding you from all the complicated stuff that happens behind the scenes.
You don’t have to worry about stoves, ovens, dishes, managing stock, or pouring drinks. He is the interface between you and all of the services that a restaurant offers. Giving you a way to interact with the restaurant while still shielding you from all the complexity behind the scenes. In a way, the waiter can be seen as the API of the restaurant, and through this example, you intuitively understand why they are useful. The term API stands for Application Programmable Interface, and it’s a way for different programs to work together in various ways.
There are many types of API’s and reasons why they are used. I’ll highlight 4 of them here: For starters, API’s can be used to get access to data from third parties. In the restaurant example, the waiter can provide you information on the status of your order, without you having to go to the kitchen yourself. Another example would be the weather app on your phone. Google or Apple have not gone out and put temperature sensors all over the world. No, instead these apps use the API of a third-party to retrieve weather predictions.
Apple for instance is using the API of The Weather Channel. API’s allow different apps and services to exchange information. These days, it’s hard to find a service that doesn’t have an API. There are API’s to lookup recipes, lyrics, information on barcodes, zip codes, available parking spaces, public holidays, and so on and so on. Aside from just accessing data, API’s can also be used to hide complexity and perform tasks. In the restaurant example, you don’t need to know how to prepare a perfect roll of Sushi, you just order one.
Another example would be the operating systems on our computers and phones. App developers don’t have to worry about setting up a WiFi connection, drawing shapes onto the screen to make a beautiful user interface or how to talk to the various sensors like the accelerometer or GPS. No, instead the operating system gives developers a bunch of API’s that simplify all of this. If an app wants to show a button on the screen, it just asks the system to render one.
The app doesn’t have to worry about what device it is running on, what hardware it has, screen resolution, or anything like that. It makes developers more efficient because they can focus on what matters to them. But aside from accessing data and abstracting complexity, API’s can also be used to extend functionality. For instance, on iOS, applications can show a widget in Notification Center. And to do that, the app notifies the system through an API that it has a widget available. And if the user adds it to their Notification Center, the system will contact the app to ask how it should display the widget. Another example is Siri, Google Assistant or Alexa.
These personal assistants are quite clever but external developers can use the assistant’s API to extend the functionalities even further. My Google Home for instance didn’t know how to turn my smart plugs on and off. But that changed, when the vendor integrated with the Google Assistant through its API. Suddenly, Google became aware of the new hardware, its capabilities and how to interact with them. Nice! You might not realize it, but API’s are all around us.
You’ve probably seen messages like these, your phone asking for permission to use your location or microphone. That brings us to the final use case: API’s can be used as gatekeepers. For instance, on mobile platforms, the system only has a handful of API’s that can be used to get your location. And because it’s centralized in the system, it’s really easy for iOS or Android to notify you when an app is using your location. So it’s not the app that is being nice, and asks permission first. No, it’s the system that does it for them. There’s no way around it.
What’s more, the system also gives the ability to revoke this permission at a later time, should you change your mind. So every time your phone asks you for permission, you know that an app is using an API of the system. And one that is privacy sensitive. And while that is great, there is an issue with this: usually permission is only asked once. You might have used your Google or Facebook account to login to another website or app. It’s easy, fast and convenient.
But by doing that, we also give the website or app the permission to access some of our data. Like our name or email address. This is great, because it puts us in control of our personal data. If you don’t want to share it, you just deny it. However, the problem here is that sometimes these permissions are long lasting and after a while we forget what apps or websites we gave permission to access our data. This is what allowed Cambridge Analytica to collect massive amounts of data through the Facebook API. They created a “personality quiz” that asked for permission to get some of your personal data.
However, if you gave it permission, the app could silently access your data for months, even if you didn’t use it anymore. Instead, you had to revoke the permission through the Facebook website. So, in short: API’s can act as gatekeepers, protecting our personal data and only giving it out to the apps we choose. But we should be aware about how long those permissions last, and revoke them when we no longer use an app. So time for a conclusion.
API’s are all around us. They are used to get access to data so that multiple apps or services can work together. They can also hide complexity for developers, allowing them to not waste time on figuring out how GPS works for instance. API’s can also be used to extend functionality of existing systems and finally, they can act as gatekeepers to protect our personal data.