API is technically short for “Application Programming Interface”, and the term is tossed around in the programming industry so much, the overall complexity of what they are and how they can make your life easier - or a living hell gets overlooked. It’s amusing that there are so many street-talk definitions for what an API is too.
One definition I found is “a set of programming instructions and standards for accessing a web-based software application or web tool”, and yet another says “to provide a way to connect computer software components together”. But regardless of how APIs are defined, most know what they do and how to use them, right?
You will often see the word REST, or RESTFUL placed in from of the term API. This simply indicates the standard way we access APIs today and that there is a client-server communication that occurs. It stands for Representational State Transfer, but because it’s the most common way to access an API it’s usually dropped off when we talk about APIs in general. REST can be simply explained as the methods you use to view, edit, add, and delete data to and from an API.
So why are APIs important?
Without APIs in our tool belt, most software couldn’t exist. It’s not just access to the data we need, but it’s also the mechanics of many other APIs that we depend on to make software go. For maps, there is the Google Maps API. Amazon has an API that lets you tap into their inventory of products. There is Twilio for sending MMS campaigns, and Yelp for finding places to eat. So there is an API for just about anything you can think of, around 20,000 that we know of as reported by ProgrammableWeb.
Even with so many options, many times you have to write your own API for specific access into your own data.
Making your own API involves creating a front door to your data - which can thrilling and terrifying all at once - because on one hand, you can access your data warehouse from your software, while on the other hand, so can anyone else with the right keys. So putting your best foot forward when creating APIs comes from having the right tools. Bad design at the start can kill an API project before it really gets off the ground because most importantly, APIs have to be updated as much as the software itself. So if the design is bad, updating can be a pain, and you end up with frank’n code that’s a nightmare to maintain. Besides, you don’t want to have to admit your API is really just an iframe or UIWebView window, or worse, accessing a rogue Access database with clear text columns, no password, no key, and no encryption.
It’s tempting to want to start your API creation at the code level, but there’s actually an easier and more polished way, by using the only complete API dev environment around - it’s called Postman, and it’s used by over 5M developers already. Before we dive in - you should know that Postman is free. There are some purchase options available, but even Postman Pro only costs 8 bucks a month. Plus what Postman makes available to you is pretty incredible, especially if you are coming from the command-line only API creation world, so you’ll end up wondering why you haven’t started using it before.
I’m not going to tell you how to create an API using Postman here because there’s actually extensive documentation and videos provided that can do that for you. But, be sure to try Postman's API testing tools, built right into the software, that you can use to test your current APIs right now.
After you download the Postman app and sign in - you’ll see a screen suggesting actions to get started. If you’re beginning, you should start by creating a new request. Once there, you’ll see an input field with the common expressions of (GET, POST, PUT, PATCH, DELETE, COPY, HEAD) and many others. To test out your API, just place the entire URL into the field, and use the default GET to see if your request is successful.
Sounds like something you can do in a browser right? Not quite, because along with the data returned in your test GET, you also get returned to you much more than just the data response itself. Postman gives you the time it took to get the data, any cookie values returned, server header information (which can reveal to you any leaks hackers might use), and more.
I could stop right there and end this story by just giving you one tool you can test your own APIs with and call it good. But you can also use this same tool to test out 3rd party API libraries you use - to check their security levels and make sure they aren’t circumventing security layers you have built into your app. But there is more you can use Postman for, so I’ll talk about one more part of Postman I love, and that’s monitoring.
You can set up monitoring on any API you already have by going to the menu and selecting new, then selecting “monitor”. Type in your API URL into request URL input field, leave the rest default, and click continue. Now name your monitor and tell Postman how often to check your API. You can set it as fast as every 5 minutes, but to keep a healthy bank of remaining free API calls in your bank, and still monitor the API, set it to every 6 hours or so. If you need extensive API monitoring, just upgrade your Postman account to the paid version. Now you’ll know if your API (or someone else’s you are using), is having a problem.
When you first start programming you are taught the 4 basic rules of data access (READ, EDIT, ADD, DELETE), each having their own level of severity and risk. All of those reside within APIs for access to remote data, so with the growing enforcement of privacy and security, knowing as much about not just the APIs you create, but the 3rd party ones you use should be the most important factor in your app software design.
ConclusionTake it from a guy who has developed his share of APIs, free-handing it can be difficult and time consuming. But creating a powerful API doesn't have to be hard. By utilizing online tools like Postman, API development no longer has to be an endless cycle of trail and error for every little detail. It reduces the size of the task and automates trivial mundanities to something that any developer could take on. Not to mention that these platforms will also monitor your API to make sure that nothing is looking amiss, which is a headache in and of itself!
Are you paying more taxes than you have to as a developer or freelancer? The IRS is certainly not going to tell you about a deduction you failed to take, and your accountant is not likely to take the time to ask you about every deduction you’re entitled to. As former IRS Commissioner Mark Everson admitted, “If you don’t claim it, you don’t get it.
Get hands-on experience in performing simple to complex mobile forensics techniques Retrieve and analyze data stored not only on mobile devices but also through the cloud and other connected mediums A practical guide to leveraging the power of mobile forensics on popular mobile platforms with lots of tips, tricks, and caveats.
Write and run code every step of the way, using Android Studio to create apps that integrate with other apps, download and display pictures from the web, play sounds, and more. Each chapter and app has been designed and tested to provide the knowledge and experience you need to get started in Android development.