What Is a Modern API?
A Modern APIs (Application Programming Interface) is a software interface that allows two applications to communicate with each other. APIs have been around for quite a while. The term was born in the 1950s, became a concept in the 1960s and 70s, became common – then transformative – in the 80s and 90s, paved the way for business growth in the 2000s, became a backend standard in the 2010s, and is now ubiquitous in the 2020s.
An API already seems “modern.” What makes an API turn into a modern API? As an overview, a modern API is one that adheres to specific modern standards and has unique characteristics that are part of continued and rapid transformation in the technology space.
Before moving forward, let’s take a step back. What does an API do? What does it look like? How has it transformed my life?
It sounds like…
An API is like a library. A library has books that you can check out and read. An API has data that you can access and use. You probably use a host of APIs every day. Note that an API is not a UI (User Interface). When you log in to your bank’s website and get your information, you’re not necessarily using an API – you’re directly accessing the bank and your account; you’re using the User Interface (though the bank is probably using APIs behind the scenes). But if you use money platforms like Mint or PayPal, then they use Modern APIs to connect to your various financial accounts to centrally manage your money.
Here are several real-world examples of Modern APIs in action:
1. Weather Apps
Many weather apps use APIs to fetch real-time weather data from weather service providers. These APIs provide access to weather forecasts, current conditions, and historical data, allowing the apps to display accurate and up-to-date weather information.
2. Third-party Login/single Sign-on
APIs like OAuth and OpenID Connect enable users to log in to various websites and applications using their existing social media or email accounts. Instead of creating new accounts, users can simply authenticate themselves through these APIs, saving time and effort.
3. E-commerce
E-commerce platforms often provide APIs that allow businesses to integrate their online stores with other systems. For example, an API can be used to sync inventory data between an e-commerce website and a warehouse management system, ensuring accurate stock levels and seamless order fulfillment.
4. Mapping and Navigation
Modern APIs like Google Maps provide developers with access to mapping and geolocation services. These APIs allow applications to display maps, calculate routes, provide directions, and even integrate with GPS devices.
Social Media and Networking Examples
1. Facebook
Facebook provides an API that allows developers to integrate their applications with Facebook’s features, such as user authentication, posting content, retrieving user data, and accessing social graph information.
2. Instagram
Instagram provides an API that allows developers to access and interact with Instagram’s features, including retrieving user information, posting photos and videos, searching for media, and accessing user feeds.
3. LinkedIn
The LinkedIn API enables developers to integrate their applications with LinkedIn’s professional networking platform. It provides features such as user authentication, accessing user profiles and connections, posting content, and retrieving job and company information.
Imagine this
You’re at a restaurant and are given the menu. When you decide what you want to eat and place an order, the kitchen receives your request, prepares the dish, and sends it out to you.
The menu represents the API, which defines a list of available options or commands. Placing an order represents making a request to the API. The kitchen represents the program or system that processes the request and provides the desired outcome or data.
In the digital world, Modern APIs allow different programs or systems to interact and exchange information. They define a set of commands or functions (these standard sets are called protocols) that one program can use to request data or perform specific actions from another program or system.
APIs enable applications and services to work together seamlessly, just like how different components of a meal come together to create a pleasant dining experience. They facilitate communication and integration between different software systems, allowing them to share data, functionality, and services.
Modern APIs enable the development of interconnected systems, enhance productivity, and drive innovation. They allow different applications to work together to provide valuable services.
Back to Modern APIs
Some other key characteristics of a modern API are:
- Adherence to Standards: Modern APIs typically adhere to specific standards, such as HTTP (Hypertext Transfer Protocol) and REST (REpresentational State Transfer). These standards make APIs developer-friendly, self-described, easily accessible, and widely understood.
- Product-Oriented Approach: Modern APIs are treated more like products than just lines of code. They are designed for consumption by specific audiences, such as mobile developers, and are documented and versioned in a way that enables users to have clear expectations and manage changes effectively.
- Lifecycle Management: A modern API has its own software development lifecycle (SDL), which includes design, testing, building, management, and versioning. This ensures that the API is developed, maintained, and updated in a systematic and controlled manner (SDL and documentation – the future will thank you).
- Integration and Interoperability: Modern APIs allow developers to add features and functionality to their software by making use of other developers’ APIs.
Securing Modern APIs
While seeming to come out of nowhere, the topic of securing APIs is relevant, even in a non-technical guide. The three main aspects of securing any technology involves Confidentiality (only those who have the right may view it), Integrity (the data doesn’t get changed without permission), and Availability (you need to view your bank info 24/7/365). These factors (security is not just about making sure information isn’t stolen) make it necessary to secure the APIs that connect all our accounts.
In a recent survey, “31% had experienced a sensitive data exposure or privacy incident…”
In July 2023, a popular treadmill’s API was found to be at risk. “The treadmill operating system includes numerous standard APIs that can be exploited to execute Android code, allowing attackers to carry out nefarious actions…”
In January 2023, multiple car-related vulns were discovered by security researchers. One car manufacturer “had configured a number of backend APIs that could be communicated with by hitting specific paths. When hitting this API endpoint, it returned this list of API endpoints, hosts and authorization headers (in plain text). “
APIs make life easier and business more profitable, at the same time making life and business a bit riskier. Securing APIs is a business-wide initiative, not relegated only to technical personnel.
Ross Moore is the Cyber Security Support Analyst with Passageways. He has experience with ISO 27001 and SOC 2 Type 2 implementation and maintenance. Over the course of his 20+ years of IT and Security, Ross has served in a variety of operations and infosec roles for companies in the manufacturing, healthcare, real estate, business insurance, and technology sectors. He holds (ISC)2’s SSCP along with CompTIA’s Pentest+ and Security+ certifications, a B.S. in Cyber Security and Information Assurance from WGU, and a B.A. in Bible/Counseling from Johnson University. He is also a regular writer at Bora.