DEV Community

Gaurav Sharma
Gaurav Sharma

Posted on

1.2 | API Exercises

#apibasics

🏋️‍♂️ Exercise Time: Learning APIs by Doing

Now it's time for you to start doing instead of just listening to me talk all the time. Alright?

By you doing, that's how you're really gonna learn about APIs.

In this case, you're gonna be thinking—you're gonna be thinking about what the answer is.

I'm going to give you four API examples, and in each example you're going to tell me what the A is, what the P is, and what the I is.

🔁 Quick Recap: What Does API Mean?

Before we get started with these four examples of APIs, let's go over what API means again.

API just means telling a program to run a task in a piece of software or an application.

  • I (Interface) is the point at which you're telling the program to run—the boundary where you're telling the program to run.
  • P (Program) is the task being done—the program completes the task that you want it to do.
  • A (Application) is the piece of software that contains the program, maintains the program, and writes the program.

🧪 Four API Examples

1️⃣ Viber Messaging (Simple Example)

Just sending messages using the Viber cell phone app.

What is the I, P, and A in this situation?

Before I give you the answers, I suggest that you pause and think about what the answer is before you see it. I'll take about a second before providing the answers.

  • Interface (I): From my cell phone. Or more specifically, from the Viber cell phone app. Either answer is correct.
  • Program (P): Messaging. That's the task being done.
  • Application (A): Viber. Viber writes the program and maintains it.

Real-World Analogy: Like using WhatsApp to send a "Hi" to a friend. You tap the app (interface), type the message (trigger the program), and WhatsApp (application) delivers it.

2️⃣ Google Search Using a Computer

From where are we doing the Google search?

What is the I, P, and A in this situation?

  • Interface (I): Computer. Or more specifically, from a browser. Or even more specifically, from the Google search engine. All those answers are correct. Interface just means the point at which we're asking the program to be run.
  • Program (P): Search. The program does internet searches for us.
  • Application (A): Google. Google maintains the program.

Real-World Analogy: Like asking a librarian for a book. The librarian (program) searches the catalog (application) when you ask at the front desk (interface).

3️⃣ Creating Orders in eBay Without a Browser (Moderate/Complex Example)

Everybody knows how to create an order in eBay using a browser. But in this case, we want to create an order without using a browser.

How are we going to do that?

Well, eBay provides not only a way for you to create orders in eBay using a browser, but they also publish APIs that you can access by going to eBay.

It's a key concept for you to understand:

  • You go to eBay.
  • You don't use your cell phone or your computer or whatever it is.
  • You go over the network to eBay to access their API because their API is located at eBay.

So what is the I, P, and A?

  • Interface (I): eBay. The point at which we're asking the program to be run.
  • Program (P): The program creates orders.
  • Application (A): eBay. eBay maintains the program.

Real-World Analogy: Like calling a restaurant to place an order instead of walking in. You’re still interacting with the same system, just through a different method.

4️⃣ Creating Orders in SAP Without a Browser (Moderate/Complex Example)

I'm not even sure you can create an order in SAP using a browser. I don't think you can.

So how are you going to create an order in SAP without using a browser?

Well, SAP provides an interface where you can ask SAP to create an order for you.

You don't get to get into SAP, but it provides an interface—a boundary point, a meeting place—where you can ask SAP to create an order.

Pretty cool, right?

So what is the I, P, and A?

  • Interface (I): Located at the SAP software. You have to go to the SAP software.
  • Program (P): The program that creates an order.
  • Application (A): SAP. The program is located and maintained in SAP.

Real-World Analogy: Like a warehouse system automatically reordering stock from a supplier without human intervention. The system talks directly to SAP.

🤔 Why Use Moderate or Complex APIs Instead of Simple Ones?

That's a great question. There are two main reasons:

1. 💰 Cost and Complexity

It's not difficult or expensive to create APIs where the program is located.

  • You just create an interface.
  • Tell people to access the interface at the program where the program is located.
  • You don't have to worry about creating a search engine, maintaining a search engine, or creating an app.
  • You just tell people, “Hey, come to me and tell me to run the program.”

Businesses don't want to pay for expensive, difficult things unless they have a good reason to.

Example: A weather service publishes an API. You don’t need their app—you can just call their API from your own app or script.

2. 🧘 Flexibility

By publishing and broadcasting an API, they don’t care about what method you use.

  • You can use any method:
    • A Python script
    • A browser
    • Whatever method you need to get to them

It provides you with flexibility. You can use anything you want—just access their API and tell it to run.

Pretty cool, right?

Example: You can use Postman, curl, or a mobile app to access Spotify’s API and fetch your playlists.

🧠 What People Usually Mean by “API”

When accessing an API at the application itself—that is what people mean by APIs in general.

They're not talking about simple APIs like a Google search or Viber messaging.

When they're talking about moderate or complex APIs—that's what they mean by APIs.

Yes, simple APIs are also APIs, but that's not what people really consider to be APIs.

APIs is where they publish an API—in other words, they tell you what they need to make their API run.

Example: Stripe’s payment API lets developers process payments from any app or website—without building a payment system from scratch.

🎓 What You’ll Learn in This Course

To do that, you're going to learn all about how to do that in this course.

Otherwise, it's a waste of time, right?

Learning simple APIs is a waste of time.

You need to learn how to access APIs at their site.

That's what this class is about, and that's what people generally mean by APIs.

You’re going to learn:

  • XML
  • JSON
  • REST
  • POST
  • Python
  • How to create APIs using Postman and other tools

It’s very exciting, very fun, and very interesting—and I’m looking forward to it.

🙋 Final Notes

Alright, so it's going to be a lot of fun.

If you have any questions, any concerns or comments, please let me know.

If you want additional material, let me know.

My job is to explain this stuff to you, and I want to explain it to you so that you know everything about APIs—not just pieces of it.

Because there are plenty of courses where you just know one piece or two pieces—you just learn JSON, or just XML, or just REST.

You have to know the whole picture.

That's what this class is about.

And not only just listening to me—but you're going to be doing all this stuff.

Pretty exciting.

🧠 Time for some counter questions

🧠 Interface (I) – Counter Questions & Technical Answers

🔸 Can an interface exist without a visible UI?

Answer: Yes. Interfaces in APIs are often headless and exposed via endpoints (e.g., REST, GraphQL, gRPC). These are consumed by clients like mobile apps, scripts, or other services.

Example:

GET /weather?city=London
Enter fullscreen mode Exit fullscreen mode

This endpoint returns weather data in JSON—no UI involved.

Tech Insight:

  • Interfaces are defined by OpenAPI specs or GraphQL schemas.
  • They are consumed via HTTP clients (e.g., Axios, fetch, curl, Postman).

🔸 If two apps use the same interface, how do they avoid conflict?

Answer: API consumers are isolated via:

  • API keys or OAuth tokens: identify the client.
  • Rate limiting: prevents abuse.
  • Tenant isolation: via headers or subdomains.

Example:

GET /user/profile Authorization: Bearer <token>
Enter fullscreen mode Exit fullscreen mode

Tech Insight:

  • API Gateways (e.g., Kong, Apigee) enforce quotas and authentication.
  • Multi-tenant systems use X-Tenant-ID headers or JWT claims.

🔸 Is a chatbot considered an interface?

Answer: Yes. Chatbots are conversational interfaces that abstract API calls.

Example:

User: “What’s my account balance?”

Bot → Calls:

GET /accounts/{id}/balance
Enter fullscreen mode Exit fullscreen mode

Tech Insight:

  • NLP engines (Dialogflow, Rasa) map intents to API calls.
  • Middleware handles context and session management.

🔸 How does an interface differ from UX?

Answer:

  • Interface (I): The technical contract (e.g., endpoint, method, payload).
  • UX: The design and flow that wraps the interface.

Tech Insight:

  • A well-designed API may still have poor UX if the frontend misuses it.
  • UX tools (Figma, Adobe XD) don’t define interfaces; Swagger does.

🔸 Can a voice command be an interface?

Answer: Yes. Voice interfaces trigger APIs via voice-to-intent mapping.

Example:

“Play Coldplay” →

POST /music/play { "artist": "Coldplay" }
Enter fullscreen mode Exit fullscreen mode

Tech Insight:

  • Voice SDKs (Alexa Skills, Google Assistant) map utterances to API calls.
  • Security is enforced via OAuth scopes and device tokens.

🧠 Program (P) – Counter Questions & Technical Answers

🔸 What happens if the program fails?

Answer: APIs return structured error responses.

Example:

{ "error": "InsufficientStock", "message": "Only 3 items left in inventory", "status": 409 }
Enter fullscreen mode Exit fullscreen mode

Tech Insight:

  • Use standardized error formats (RFC 7807).
  • Implement retries, circuit breakers (Resilience4j, Hystrix).

🔸 Can one interface trigger multiple programs?

Answer: Yes. This is called orchestration.

Example:

POST /checkout may:

  • Validate cart
  • Process payment
  • Create order
  • Send confirmation email

Tech Insight:

  • Use orchestration engines (Camunda, Temporal).
  • Microservices communicate via events (Kafka, RabbitMQ).

🔸 How do APIs ensure secure program execution?

Answer:

  • Authentication: OAuth2, JWT
  • Authorization: RBAC, ABAC
  • Input validation: OWASP guidelines
  • Transport security: HTTPS, TLS

Tech Insight:

  • Use libraries like Spring Security, Passport.js.
  • Sanitize inputs to prevent injection attacks.

🔸 What’s the difference between a program and a service?

Answer:

  • Program: A unit of logic (e.g., function, method).
  • Service: A deployable unit exposing one or more programs via APIs.

Tech Insight:

  • Programs live inside services.
  • Services are containerized (Docker) and deployed (Kubernetes).

🔸 How do programs scale under load?

Answer:

  • Stateless design
  • Horizontal scaling
  • Load balancers (NGINX, HAProxy)
  • Caching (Redis, CDN)

Tech Insight:

  • Use autoscaling groups in cloud (AWS ASG, GCP Instance Groups).
  • Monitor with Prometheus, scale via HPA (Horizontal Pod Autoscaler).

🧠 Application (A) – Counter Questions & Technical Answers

🔸 Can an application expose multiple APIs?

Answer: Yes. Applications often expose modular APIs.

Example:

  • /auth/login
  • /orders/create
  • /products/search

Tech Insight:

  • Use API versioning (/v1, /v2)
  • Document with Swagger/OpenAPI

🔸 What’s the difference between an application and a platform?

Answer:

  • Application: Solves a specific problem.
  • Platform: Hosts multiple applications and APIs.

Tech Insight:

  • Platforms offer SDKs, webhooks, and extensibility.
  • Examples: Salesforce, AWS, Stripe

🔸 How do legacy apps adapt to APIs?

Answer:

  • Use API gateways or wrappers.
  • Expose SOAP or REST via adapters.

Tech Insight:

  • Tools: MuleSoft, WSO2, SAP Gateway
  • Legacy systems may use ESBs (Enterprise Service Bus)

🔸 Can an application be backend-only?

Answer: Yes. Backend apps expose APIs consumed by frontends.

Example:

A Node.js service that handles payments but has no UI.

Tech Insight:

  • Use Express.js, Flask, Spring Boot
  • Deploy as microservices or serverless functions

🔸 How do apps decide what to expose via API?

Answer:

  • Based on business logic, security, and developer needs.
  • Use API design-first approach.

Tech Insight:

  • Tools: Stoplight, SwaggerHub
  • Use API analytics to track usage and refine exposure

🧠 Higher-Level Thinking – Counter Questions & Technical Answers

🔸 How do APIs change business collaboration?

Answer:

  • Enable B2B integrations
  • Allow third-party developers to build on your platform

Tech Insight:

  • Use API portals (e.g., developer.twitter.com)
  • Monetize via API subscriptions (RapidAPI, Apigee)

🔸 What ethical concerns exist around public APIs?

Answer:

  • Data privacy (GDPR, CCPA)
  • Rate abuse
  • Unintended data exposure

Tech Insight:

  • Use scopes, consent screens
  • Audit logs and anomaly detection

🔸 How do APIs accelerate innovation?

Answer:

  • Reduce time-to-market
  • Enable modular development

Tech Insight:

  • Use CI/CD pipelines
  • Reuse APIs across teams and products

🔸 Can APIs create new business models?

Answer:

Yes. APIs can be monetized directly or indirectly.

Examples:

  • Twilio: charges per SMS/voice call
  • Stripe: charges per transaction

Tech Insight:

  • Use metering, billing APIs
  • Track usage with analytics platforms

🔸 What happens when an API becomes a dependency?

Answer:

  • Breaking changes can cause outages
  • Use versioning and deprecation policies

Tech Insight:

  • Semantic versioning (v1.2.3)
  • Feature flags and backward compatibility

Top comments (0)