API

API is an Application Programming Interface, a defined set of rules and endpoints that lets two software programs exchange data and trigger actions without knowing each other's internal code. It acts as a contract between systems, exposing specific functions while hiding implementation details behind a stable, documented interface.

What an API does and why it matters

An API defines how one piece of software requests information or operations from another. The calling program (the client) sends a structured request to a defined endpoint, and the receiving program (the server) returns a structured response, typically in JSON or XML. Neither side needs access to the other's source code.

In a custom software, ERP or CRM project, APIs are the connective tissue between systems. They make it possible to integrate a payment provider, sync an accounting tool, expose a mobile app to a back-office database, or let third parties build on top of a platform.

Concrete examples include:

  • Payment APIs (Stripe, PayPal) to process transactions without storing card data.
  • Mapping APIs (Google Maps, Mapbox) to display locations and compute routes.
  • Authentication APIs (OAuth providers) to let users sign in with an existing account.
  • Internal APIs exposing a company's own ERP or CRM data to its web and mobile front-ends.

Most modern APIs communicate over HTTP and rely on standard methods such as GET (read), POST (create), PUT or PATCH (update) and DELETE (remove), paired with HTTP status codes to signal success or failure.

Main API types compared

Several architectural styles exist. The right choice depends on the data model, performance needs, and the consumers of the interface. REST and GraphQL dominate modern web and mobile development, while SOAP remains common in legacy enterprise and banking systems.

TypeStyleData formatBest suited for
RESTResource-oriented, multiple endpoints, uses HTTP methodsUsually JSONGeneral-purpose web and mobile APIs, public integrations
GraphQLSingle endpoint, client specifies exactly which fields it needsJSONComplex data models, mobile apps minimising over-fetching
SOAPProtocol with strict contract (WSDL), envelope-based messagingXMLLegacy enterprise, banking, systems needing formal contracts
gRPCContract-first (Protocol Buffers), binary over HTTP/2Protobuf (binary)High-performance internal microservice communication

REST is widely adopted for its simplicity and use of standard HTTP conventions. GraphQL helps when clients need flexible queries and want to avoid retrieving unused data across multiple round trips. SOAP and gRPC address stricter contract or performance requirements respectively.

Designing a reliable API

A well-built API is treated as a long-lived product, not an afterthought. Several practices make it dependable for both internal teams and external partners:

  • Versioning so changes do not break existing consumers (for example a /v1/ prefix).
  • Authentication and authorisation via API keys, OAuth tokens or JWT to control who can access what.
  • Rate limiting to protect the service from abuse and overload.
  • Clear documentation, often generated from an OpenAPI (Swagger) specification, so developers can integrate without reverse-engineering.
  • Consistent error handling with meaningful HTTP status codes and structured error messages.

These principles keep integrations stable as the underlying software evolves, which is essential when an API connects business-critical systems such as an ERP, a CRM and customer-facing applications.

Questions fréquentes

A web service is a type of API that is specifically accessed over a network using web protocols such as HTTP. Every web service is an API, but not every API is a web service. APIs also include local interfaces, such as libraries called directly within the same application without any network involved.

Neither is universally better; it depends on your needs. REST is simple, well understood and ideal for straightforward, resource-based access. GraphQL is preferable when clients need flexible queries, want to fetch many related entities in one request, or must minimise data transfer, which is common in mobile applications.

APIs are typically secured with authentication mechanisms such as API keys, OAuth tokens or JWT, combined with HTTPS to encrypt traffic. Additional safeguards include rate limiting to prevent abuse, input validation to block malicious data, and authorisation rules that restrict each client to the resources it is permitted to access.

If your application has a back-office, a mobile companion app, or needs to connect to external services like payment or mapping providers, an API is almost always required. It acts as the central layer through which front-ends and third-party systems read and write data consistently, even as the underlying software changes.

Building a custom software project? We design bespoke software aligned with your roadmap.

See our custom software expertise

Définitions liées

← Retour au glossaire