A web API is an

application programming interface An application programming interface (API) is a connection between computers or between computer programs. It is a type of software Interface (computing), interface, offering a service to other pieces of software. A document or standard that des ...

(API) for either a web server or a web browser. As a web development concept, it can be related to a web application's client side (including any web frameworks being used). A server-side web API consists of one or more publicly exposed endpoints to a defined request–response message system, typically expressed in JSON or XML by means of an HTTP-based web server. A server API (SAPI) is not considered a server-side web API, unless it is publicly accessible by a remote web application.

Client side

A client-side web API is a programmatic interface to extend functionality within a

web browser A web browser, often shortened to browser, is an application for accessing websites. When a user requests a web page from a particular website, the browser retrieves its files from a web server and then displays the page on the user's scr ...

or other HTTP client. Originally these were most commonly in the form of native

plug-in Plug-in, plug in or plugin may refer to: * Plug-in (computing), a software component that adds a specific feature to an existing computer program ** Audio plug-in, adds audio signal processing features ** Photoshop plugin, a piece of software that ...

browser extension A browser extension is a software module for customizing a web browser. Browsers typically allow users to install a variety of extensions, including user interface modifications, cookie management, ad blocking, and the custom scripting and st ...

s however most newer ones target standardized

JavaScript JavaScript (), often abbreviated as JS, is a programming language and core technology of the World Wide Web, alongside HTML and CSS. Ninety-nine percent of websites use JavaScript on the client side for webpage behavior. Web browsers have ...

bindings. The

Mozilla Foundation The Mozilla Foundation is an American non-profit organization that exists to support and collectively lead the Open-source software, open source Mozilla project. Founded in July 2003, the organization sets the policies that govern development, ...

created their WebAPI specification which is designed to help replace native mobile applications with

HTML5 HTML5 (Hypertext Markup Language 5) is a markup language used for structuring and presenting hypertext documents on the World Wide Web. It was the fifth and final major HTML version that is now a retired World Wide Web Consortium (W3C) recommend ...

applications.

Google Google LLC (, ) is an American multinational corporation and technology company focusing on online advertising, search engine technology, cloud computing, computer software, quantum computing, e-commerce, consumer electronics, and artificial ...

created their

Native Client Google Native Client (NaCl) is a discontinued sandboxing technology for running either a subset of Intel x86, ARM, or MIPS native code, or a portable executable, in a sandbox. It allows safely running native code from a web browser, indepen ...

architecture which is designed to help replace insecure native plug-ins with secure native

sandbox A sandbox is a sandpit, a wide, shallow playground construction to hold sand, often made of wood or plastic. Sandbox or sand box may also refer to: Arts, entertainment, and media * Sandbox (band), a Canadian rock music group * Sandbox (Gu ...

ed extensions and applications. They have also made this portable by employing a modified

LLVM LLVM, also called LLVM Core, is a target-independent optimizer and code generator. It can be used to develop a Compiler#Front end, frontend for any programming language and a Compiler#Back end, backend for any instruction set architecture. LLVM i ...

AOT compiler In computer science, ahead-of-time compilation (AOT compilation) is the act of compiling an (often) higher-level programming language into an (often) lower-level language before execution of a program, usually at build-time, to reduce the amount ...

Server side

A server-side web API consists of one or more publicly exposed ''endpoints'' to a defined

request–response In computer science, request–response or request–reply is one of the basic methods computers use to communicate with each other in a network, in which the first computer sends a ''request'' for some data and the second ''responds'' to the req ...

message system, typically expressed in

JSON JSON (JavaScript Object Notation, pronounced or ) is an open standard file format and electronic data interchange, data interchange format that uses Human-readable medium and data, human-readable text to store and transmit data objects consi ...

XML Extensible Markup Language (XML) is a markup language and file format for storing, transmitting, and reconstructing data. It defines a set of rules for encoding electronic document, documents in a format that is both human-readable and Machine-r ...

. The web API is exposed most commonly by means of an

HTTP HTTP (Hypertext Transfer Protocol) is an application layer protocol in the Internet protocol suite model for distributed, collaborative, hypermedia information systems. HTTP is the foundation of data communication for the World Wide Web, wher ...

-based

web server A web server is computer software and underlying Computer hardware, hardware that accepts requests via Hypertext Transfer Protocol, HTTP (the network protocol created to distribute web content) or its secure variant HTTPS. A user agent, co ...

. ''

Mashup Mashup may refer to: * Mashup (culture), the rearrangement of spliced parts of musical pieces as part of a subculture * Mashup (education), combining various forms of data and media by a teacher or student in an instructional setting * Mashup (mus ...

s'' are

web application A web application (or web app) is application software that is created with web technologies and runs via a web browser. Web applications emerged during the late 1990s and allowed for the server to dynamically build a response to the request, ...

s which combine the use of multiple server-side web APIs. ''

Webhook In web development, a webhook is a method of augmenting or altering the behavior of a web page or web application with custom callbacks. These callbacks may be maintained, modified, and managed by third-party users who need not be affiliated with ...

s'' are server-side web APIs that take input as a

Uniform Resource Identifier A Uniform Resource Identifier (URI), formerly Universal Resource Identifier, is a unique sequence of characters that identifies an abstract or physical resource, such as resources on a webpage, mail address, phone number, books, real-world obje ...

(URI) that is designed to be used like a remote named pipe or a type of

callback Callback may refer to: * Callback (comedy), a joke which refers to one previously told * Callback (computer programming), callable (i.e. function) that is passed as data and expected to be called by another callable. * Callback (telecommunication ...

such that the server acts as a client to dereference the provided URI and trigger an event on another server which handles this event thus providing a type of peer-to-peer

IPC IPC may refer to: Businesses and organizations Arts and media * Intellectual Property Committee, a coalition of US corporations with intellectual property interests * International Panorama Council, an international network of specialists in ...

Endpoints

Endpoints are important aspects of interacting with server-side web APIs, as they specify where resources lie that can be accessed by third party software. Usually the access is via a URI to which HTTP requests are posted, and from which the response is thus expected. Web APIs may be public or private, the latter of which requires an ''

access token In computer systems, an access token contains the security credentials for a login session and identifies the user, the user's groups, the user's privileges, and, in some cases, a particular application. In some instances, one may be asked to ente ...

''. Endpoints need to be static, otherwise the correct functioning of software that interacts with them cannot be guaranteed. If the location of a resource changes (and with it the endpoint) then previously written software will break, as the required resource can no longer be found at the same place. As API providers still want to update their web APIs, many have introduced a versioning system in the URI that points to an endpoint.

Resources versus services

Web 2.0 Web 2.0 (also known as participative (or participatory) web and social web) refers to websites that emphasize user-generated content, ease of use, participatory culture, and interoperability (i.e., compatibility with other products, systems, a ...

Web APIs often use machine-based interactions such as

REST REST (Representational State Transfer) is a software architectural style that was created to describe the design and guide the development of the architecture for the World Wide Web. REST defines a set of constraints for how the architecture of ...

and

SOAP Soap is a salt (chemistry), salt of a fatty acid (sometimes other carboxylic acids) used for cleaning and lubricating products as well as other applications. In a domestic setting, soaps, specifically "toilet soaps", are surfactants usually u ...

. RESTful web APIs use

methods to access resources via URL-encoded parameters, and use

to transmit data. By contrast,

protocols are standardized by the

W3C The World Wide Web Consortium (W3C) is the main international standards organization for the World Wide Web. Founded in 1994 by Tim Berners-Lee, the consortium is made up of member organizations that maintain full-time staff working together in ...

and mandate the use of

as the payload format, typically over

. Furthermore,

-based Web APIs use

XML validation XML validation is the process of checking a document written in XML (eXtensible Markup Language) to confirm that it is both well-formed and also "valid" in that it follows a defined structure. A well-formed document follows the basic syntactic rul ...

to ensure structural message integrity, by leveraging the

XML schema An XML schema is a description of a type of XML document, typically expressed in terms of constraints on the structure and content of documents of that type, above and beyond the basic syntactical constraints imposed by XML itself. These constrai ...

s provisioned with

WSDL The Web Services Description Language (WSDL ) is an XML-based interface description language that is used for describing the functionality offered by a web service. The acronym is also used for any specific WSDL description of a web service (also ...

documents. A

document accurately defines the XML messages and transport bindings of a

Web service A web service (WS) is either: * a service offered by an electronic device to another electronic device, communicating with each other via the Internet, or * a server running on a computer device, listening for requests at a particular port over a n ...

Documentation

Server-side web APIs are interfaces for the outside world to interact with the business logic. For many companies this internal business logic and the intellectual property associated with it are what distinguishes them from other companies, and potentially what gives them a competitive edge. They do not want this information to be exposed. However, in order to provide a web API of high quality, there ''needs'' to be a sufficient level of documentation. One API provider that not only provides documentation, but also links to it in its error messages is

Twilio Twilio Inc. is an American cloud communications company based in San Francisco, California, which provides programmable communication tools for making and receiving phone calls, sending and receiving text messages, and performing other communic ...

. However, there are now directories of popular documented server-side web APIs.

Growth and impact

The number of available web APIs has grown consistently over the past years, as businesses realize the growth opportunities associated with running an open platform, that any developer can interact with.

ProgrammableWeb ProgrammableWeb was an information and news source about the Web as a programmable platform. It is a subsidiary of MuleSoft and has offices in San Francisco, CA. The website publishes a repository of web APIs, mashups, and applications, and has d ...

tracks over 24000 Web APIs that were available in 2022, up from 105 in 2005. Web APIs have become ubiquitous. There are few major software applications/services that do not offer some form of web API. One of the most common forms of interacting with these web APIs is via embedding external resources, such as tweets, Facebook comments, YouTube videos, etc. In fact there are very successful companies, such as

Disqus Disqus () is an American blog comment hosting service for websites and online communities that use a networked platform. The company's platform includes various features, such as social integration, social networking, user profiles, spam and ...

, whose main service is to provide embeddable tools, such as a feature-rich comment system. Any website of the TOP 100

Alexa Internet Alexa Internet, Inc. was a web traffic analysis company based in San Francisco, California. It was founded as an independent company by Brewster Kahle and Bruce Gilliat in 1996. Alexa provided web traffic data, global rankings, and other info ...

ranked websites uses APIs and/or provides its own APIs, which is a very distinct indicator for the prodigious scale and impact of web APIs as a whole. As the number of available web APIs has grown, open source tools have been developed to provide more sophisticated search and discovery. APIs.json provides a machine-readable description of an API and its operations, and the related project APIs.io offers a searchable public listing of APIs based on the APIs.json metadata format.

Business

Commercial

Many companies and organizations rely heavily on their Web API infrastructure to serve their core business clients. In 2014

Netflix Netflix is an American subscription video on-demand over-the-top streaming service. The service primarily distributes original and acquired films and television shows from various genres, and it is available internationally in multiple lang ...

received around 5 billion API requests, most of them within their private API.

Governmental

Many governments collect a lot of data, and some governments are now opening up access to this data. The interfaces through which this data is typically made accessible are web APIs. Web APIs allow for data, such as "budget, public works, crime, legal, and other agency data" to be accessed by any developer in a convenient manner.

Example

An example of a popular web API is the

Astronomy Picture of the Day Astronomy is a natural science that studies celestial objects and the phenomena that occur in the cosmos. It uses mathematics, physics, and chemistry in order to explain their origin and their overall evolution. Objects of interest include ...

API operated by the American space agency

NASA The National Aeronautics and Space Administration (NASA ) is an independent agencies of the United States government, independent agency of the federal government of the United States, US federal government responsible for the United States ...

. It is a server-side API used to retrieve photographs of space or other images of interest to

astronomer An astronomer is a scientist in the field of astronomy who focuses on a specific question or field outside the scope of Earth. Astronomers observe astronomical objects, such as stars, planets, natural satellite, moons, comets and galaxy, galax ...

s, and

metadata Metadata (or metainformation) is "data that provides information about other data", but not the content of the data itself, such as the text of a message or the image itself. There are many distinct types of metadata, including: * Descriptive ...

about the images. According to the API documentation, the API has one endpoint: https://api.nasa.gov/planetary/apod The documentation states that this endpoint accepts

GET request HTTP (Hypertext Transfer Protocol) is an application layer protocol in the Internet protocol suite model for distributed, collaborative, hypermedia information systems. HTTP is the foundation of data communication for the World Wide Web, wher ...

s. It requires one piece of information from the user, an

API key An application programming interface (API) key is a secret unique identifier used to authenticate and authorize a user, developer, or calling program to an API. Cloud computing providers such as Google Cloud Platform and Amazon Web Services reco ...

, and accepts several other optional pieces of information. Such pieces of information are known as ''parameters''. The parameters for this API are written in a format known as a

query string A query string is a part of a uniform resource locator ( URL) that assigns values to specified parameters. A query string commonly includes fields added to a base URL by a Web browser or other client application, for example as part of an HTML doc ...

, which is separated by a

question mark The question mark (also known as interrogation point, query, or eroteme in journalism) is a punctuation, punctuation mark that indicates a question or interrogative clause or phrase in many languages. History The history of the question mark is ...

character (?) from the endpoint. An

ampersand The ampersand, also known as the and sign, is the logogram , representing the grammatical conjunction, conjunction "and". It originated as a typographic ligature, ligature of the letters of the word (Latin for "and"). Etymology Tradi ...

(&) separates the parameters in the query string from each other. Together, the endpoint and the query string form a

URL A uniform resource locator (URL), colloquially known as an address on the Web, is a reference to a resource that specifies its location on a computer network and a mechanism for retrieving it. A URL is a specific type of Uniform Resource Identi ...

that determines how the API will respond. This URL is also known as a ''query'' or an ''API call''. In the below example, two parameters are transmitted (or ''passed'') to the API via the query string. The first is the required API key and the second is an optional parameter — the date of the photograph requested. https://api.nasa.gov/planetary/apod?api_key=DEMO_KEY&date=1996-12-03 Visiting the above URL in a web browser will initiate a GET request, calling the API and showing the user a result, known as a ''

return value In computer programming, a return statement causes execution to leave the current subroutine and resume at the point in the code immediately after the instruction which called the subroutine, known as its return address. The return address is sav ...

'' or as a ''return''. This API returns

, a type of data format intended to be understood by computers, but which is somewhat easy for a human to read as well. In this case, the JSON contains information about a photograph of a

white dwarf star A white dwarf is a stellar core remnant composed mostly of electron-degenerate matter. A white dwarf is very dense: in an Earth sized volume, it packs a mass that is comparable to the Sun. No nuclear fusion takes place in a white dwarf; wh ...

: The above API return has been reformatted so that names of JSON data items, known as ''keys'', appear at the start of each line. The last of these keys, named url, indicates a URL which points to a photograph: https://apod.nasa.gov/apod/image/9612/ngc2440_hst2.jpg Following the above URL, a web browser user would see this photo: Ngc2440 hst2

Although this API can be called by an

end user In product development, an end user (sometimes end-user) is a person who ultimately uses or is intended to ultimately use a product. The end user stands in contrast to users who support or maintain the product, such as sysops, system administrato ...

with a web browser (as in this example) it is intended to be called automatically by software or by computer programmers while writing software. JSON is intended to be

parsed Parsing, syntax analysis, or syntactic analysis is a process of analyzing a string of symbols, either in natural language, computer languages or data structures, conforming to the rules of a formal grammar by breaking it into parts. The term ''pa ...

by a computer program, which would extract the URL of the photograph and the other metadata. The resulting photo could be embedded in a website, automatically sent via text message, or used for any other purpose envisioned by a software developer.