Your badgesHelp

API concepts

What is an API? 

In the software world, API stands for Application Programming Interface. Think of an API as sending a message to someone. The API is the “messenger” that enables two systems to communicate with each other.

For example, Tines could request new orders from your e-commerce platform or send a Slack message when a ticket is created. APIs define the rules for this “conversation,” so systems know how to communicate safely and effectively.

REST API basics 

A REST API is a type of API that follows the architectural style guide for creating web services, known as REST (Representational State Transfer). REST APIs utilize standardized web protocols, such as HTTP.

Let's revisit our messenger example as sending a message to a friend. The flow of a REST API request looks like this:

  1. Client makes a request: You (client) send a message to your friend (server).

  2. Server processes the request: Your friend (server) receives and reads your message.

  3. Server sends a response back to the client: Your friend (server) sends you (client) back a reply.

This cycle repeats for every API call. Each time you call an endpoint with a specific HTTP method, the request flows to the server, gets processed, and the server sends back a response. We'll review the rest of the core elements of REST, as it will help you further understand how APIs work from a more holistic approach.

Rest API format 

When you execute an API request (also referred to as an API call), you generally work with three main pieces:

  • HTTP method: Describes the action you want to take (read, create, update, delete).

  • Request body or payload: Optional data you send when creating or updating an element.

  • URL endpoint: The address of the element you want to interact with.

Let's expand on our message with a friend example:

  • The method is how you want to interact with your friend. For example, send a text message, call them, or edit a previously sent message.

  • The request body is the actual message you send. For example, "Want to go get dinner tomorrow?"

  • The endpoint is your friend's contact information. For example, their phone number or email address.

Let's invite our friend to dinner! Here's what our text message to them might look like (aka the API request from us, the client):

POST example.com/message/phone_number
{
  "from": "Tino",
  "to": "Friend",
  "message": "Hey! Want to go get dinner tomorrow?",
  "timestamp": "2025-12-03T19:57:54.508+00:00"
}

The server (your friend) will respond with a status code and possibly some data in JSON format (i.e., their availability or preferred restaurant).

HTTP methods 

Think of HTTP methods as the “tasks” you want to execute when talking to an element in an API. They are sometimes called verbs because, like verbs in a sentence, they describe the action you want to take. Let's take a look at the five main methods using another real-life example, managing an online photo album:

  • GET: Retrieve data. "Show me all of my vacation photos."

  • POST: Create a new element. “Add this new selfie to my album.”

  • PUT: Replace an existing element entirely. “Replace the old photo with this new one.”

  • PATCH: Update part of an element. "Change the caption of this photo from ‘Fun day’ to ‘Fun day at the beach.’"

  • DELETE: Remove an element. “Delete that blurry photo from my album.”

🪄Tip

URL endpoints 

If HTTP methods are the verbs of an API, then URL endpoints are the nouns; they tell you what you’re acting on. An endpoint is just the address of the element you want to interact with.

Think of it like visiting a library:

  • The library building is the base URL of the API. (i.e., library.com/)

  • Each section has an endpoint. (i.e., library.com/fiction)

  • A specific book in the section has an endpoint. (i.e., library.com/fiction/the-hobbit)

By looking at the endpoint, you can usually tell: Which element is this API call about? Combine that with the HTTP method, and you know what action is being taken.

Authentication 

Authentication is how an API verifies who you are before allowing you to access its endpoints and ultimately, your data. It ensures that only authorized clients or users can make requests and protects sensitive data from unauthorized access.

Think of authentication as the API checking your identity. Before performing any actions, the server needs to know it’s communicating with a legitimate user or application.

Common authentication methods 

  • Basic Authentication: The client sends a username and password with each request.

  • API Key: A unique key that identifies the client or application.

  • Bearer Token: A temporary token issued after logging in, sent with each request to prove identity.

  • OAuth: Allows apps to act on a user’s behalf without sharing sensitive credentials.

Authentication is a critical step in API communication. It is always performed before the server processes the requested action. Once authentication is verified, the server can safely determine whether the client has permission to access or modify the requested resources. We dig more into authentication and credentials in our Novice Builder Learning Path.

API status codes 

When you make an API request, the server always responds with a status code. This is a numeric shorthand that tells you what happened with your request. You can think of it like traffic lights for your API call; they give you immediate feedback without needing to read a long explanation.

Categories 

🪄Tip

Was this lesson helpful?

Built by you,
powered by Tines

Book a demoSign up free

Already have an account? Log in.