Application programming interface

Last updated

An application programming interface (API) is a computing interface which defines interactions between multiple software intermediaries. It defines the kinds of calls or requests that can be made, how to make them, the data formats that should be used, the conventions to follow, etc. It can also provide extension mechanisms so that users can extend existing functionality in various ways and to varying degrees. [1] An API can be entirely custom, specific to a component, or it can be designed based on an industry standard to ensure interoperability. Some APIs have to be documented, others are designed so that they can be "interrogated" to determine supported functionality. Since other components/systems rely only on the API, the system that provides the API can (ideally) change its internal details "behind" that API without affecting its users.[ citation needed ]

Contents

Today, with the rise of REST and SOAP over HTTP, the term is often assumed to refer to APIs of such services when given no other context (see the Web APIs section).

Sometimes the term API is, by extension, misused to refer to the subset of software entities (code, subcomponents, modules, etc.) that serve to actually implement the API of some encompassing component or system.

Purpose

In building applications, an API (application programming interface) simplifies programming by abstracting the underlying implementation and only exposing objects or actions the developer needs. While a graphical interface for an email client might provide a user with a button that performs all the steps for fetching and highlighting new emails, an API for file input/output might give the developer a function that copies a file from one location to another without requiring that the developer understand the file system operations occurring behind the scenes. [2]

Usage

Libraries and frameworks

An API usually is related to a software library. The API describes and prescribes the "expected behavior" (a specification) while the library is an "actual implementation" of this set of rules.

A single API can have multiple implementations (or none, being abstract) in the form of different libraries that share the same programming interface.

The separation of the API from its implementation can allow programs written in one language to use a library written in another. For example, because Scala and Java compile to compatible bytecode, Scala developers can take advantage of any Java API. [3]

API use can vary depending on the type of programming language involved. An API for a procedural language such as Lua could consist primarily of basic routines to execute code, manipulate data or handle errors while an API for an object-oriented language, such as Java, would provide a specification of classes and its class methods. [4] [5]

Language bindings are also APIs. By mapping the features and capabilities of one language to an interface implemented in another language, a language binding allows a library or service written in one language to be used when developing in another language. [6] Tools such as SWIG and F2PY, a Fortran-to-Python interface generator, facilitate the creation of such interfaces. [7]

An API can also be related to a software framework: a framework can be based on several libraries implementing several APIs, but unlike the normal use of an API, the access to the behavior built into the framework is mediated by extending its content with new classes plugged into the framework itself.

Moreover, the overall program flow of control can be out of the control of the caller and in the hands of the framework by inversion of control or a similar mechanism. [8] [9]

Operating systems

An API can specify the interface between an application and the operating system. [10] POSIX, for example, specifies a set of common APIs that aim to enable an application written for a POSIX conformant operating system to be compiled for another POSIX conformant operating system.

Linux and Berkeley Software Distribution are examples of operating systems that implement the POSIX APIs. [11]

Microsoft has shown a strong commitment to a backward-compatible API, particularly within its Windows API (Win32) library, so older applications may run on newer versions of Windows using an executable-specific setting called "Compatibility Mode". [12]

An API differs from an application binary interface (ABI) in that an API is source code based while an ABI is binary based. For instance, POSIX provides APIs while the Linux Standard Base provides an ABI. [13] [14]

Remote APIs

Remote APIs allow developers to manipulate remote resources through protocols, specific standards for communication that allow different technologies to work together, regardless of language or platform. For example, the Java Database Connectivity API allows developers to query many different types of databases with the same set of functions, while the Java remote method invocation API uses the Java Remote Method Protocol to allow invocation of functions that operate remotely, but appear local to the developer. [15] [16]

Therefore, remote APIs are useful in maintaining the object abstraction in object-oriented programming; a method call, executed locally on a proxy object, invokes the corresponding method on the remote object, using the remoting protocol, and acquires the result to be used locally as a return value.

A modification on the proxy object also will result in a corresponding modification on the remote object. [17]

Web APIs

Web APIs are the defined interfaces through which interactions happen between an enterprise and applications that use its assets, which also is a Service Level Agreement (SLA) to specify the functional provider and expose the service path or URL for its API users. An API approach is an architectural approach that revolves around providing a program interface to a set of services to different applications serving different types of consumers. [18]

When used in the context of web development, an API is typically defined as a set of specifications, such as Hypertext Transfer Protocol (HTTP) request messages, along with a definition of the structure of response messages, usually in an Extensible Markup Language (XML) or JavaScript Object Notation (JSON) format. An example might be a shipping company API that can be added to an eCommerce-focused website to facilitate ordering shipping services and automatically include current shipping rates, without the site developer having to enter the shipper's rate table into a web database. While "web API" historically has been virtually synonymous with web service, the recent trend (so-called Web 2.0) has been moving away from Simple Object Access Protocol (SOAP) based web services and service-oriented architecture (SOA) towards more direct representational state transfer (REST) style web resources and resource-oriented architecture (ROA). [19] Part of this trend is related to the Semantic Web movement toward Resource Description Framework (RDF), a concept to promote web-based ontology engineering technologies. Web APIs allow the combination of multiple APIs into new applications known as mashups. [20] In the social media space, web APIs have allowed web communities to facilitate sharing content and data between communities and applications. In this way, content that is created in one place dynamically can be posted and updated to multiple locations on the web. [21] For example, Twitter's REST API allows developers to access core Twitter data and the Search API provides methods for developers to interact with Twitter Search and trends data. [22]

Design

The design of an API has significant impact on its usage. [2] The principle of information hiding describes the role of programming interfaces as enabling modular programming by hiding the implementation details of the modules so that users of modules need not understand the complexities inside the modules. [23] Thus, the design of an API attempts to provide only the tools a user would expect. [2] The design of programming interfaces represents an important part of software architecture, the organization of a complex piece of software. [24]

Several authors have created recommendations for how to design APIs, such as Joshua Bloch, [25] Kin Lane, [26] and Michi Henning. [27] Patterns for the design and evolution of remote APIs are covered in a series of EuroPLoP papers. [28] [29]

Release policies

APIs are one of the more common ways technology companies integrate with each other. Those that provide and use APIs are considered as being members of a business ecosystem. [30]

The main policies for releasing an API are: [31]

Public API implications

An important factor when an API becomes public is its "interface stability". Changes to the API —for example adding new parameters to a function call—could break compatibility with the clients that depend on that API. [35]

When parts of a publicly presented API are subject to change and thus not stable, such parts of a particular API should be documented explicitly as "unstable". For example, in the Google Guava library, the parts that are considered unstable, and that might change in the near future, are marked with the Java annotation @Beta. [36]

A public API can sometimes declare parts of itself as deprecated or rescinded. This usually means that part of the API should be considered a candidate for being removed, or modified in a backward incompatible way. Therefore, these changes allows developers to transition away from parts of the API that will be removed or not supported in the future. [37]

Client code may contain innovative or opportunistic usages that were not intended by the API designers. In other words, for a library with a significant user base, when an element becomes part of the public API, it may be used in diverse ways. [38] On February 19, 2020, Akamai published their annual “State of the Internet” report, showcasing the growing trend of cybercriminals targeting public API platforms at financial services worldwide. From December 2017 through November 2019, Akamai witnessed 85.42 billion credential violation attacks. About 20%, or 16.55 billion, were against hostnames defined as API endpoints. Of these, 473.5 million have targeted financial services sector organizations. [39]

Documentation

API documentation describes what services an API offers and how to use those services, aiming to cover everything a client would need to know for practical purposes.

Documentation is crucial for the development and maintenance of applications using the API. [40] API documentation is traditionally found in documentation files but can also be found in social media such as blogs, forums, and Q&A websites. [41]

Traditional documentation files are often presented via a documentation system, such as Javadoc or Pydoc, that has a consistent appearance and structure. However, the types of content included in the documentation differs from API to API. [42]

In the interest of clarity, API documentation may include a description of classes and methods in the API as well as "typical usage scenarios, code snippets, design rationales, performance discussions, and contracts", but implementation details of the API services themselves are usually omitted.

Restrictions and limitations on how the API can be used are also covered by the documentation. For instance, documentation for an API function could note that its parameters cannot be null, that the function itself is not thread safe, [43] or that a decrement and cancel protocol averts self-trading.[ clarification needed ] Because API documentation tends to be comprehensive, it is a challenge for writers to keep the documentation updated and for users to read it carefully, potentially yielding bugs. [35]

API documentation can be enriched with metadata information like Java annotations. This metadata can be used by the compiler, tools, and by the run-time environment to implement custom behaviors or custom handling. [44]

It is possible to generate API documentation in a data-driven manner. By observing many programs that use a given API, it is possible to infer the typical usages, as well the required contracts and directives. [45] Then, templates can be used to generate natural language from the mined data.

In 2010, Oracle Corporation sued Google for having distributed a new implementation of Java embedded in the Android operating system. [46] Google had not acquired any permission to reproduce the Java API, although permission had been given to the similar OpenJDK project. Judge William Alsup ruled in the Oracle v. Google case that APIs cannot be copyrighted in the U.S, and that a victory for Oracle would have widely expanded copyright protection and allowed the copyrighting of simple software commands:

To accept Oracle's claim would be to allow anyone to copyright one version of code to carry out a system of commands and thereby bar all others from writing its own different versions to carry out all or part of the same commands. [47] [48]

In 2014, however, Alsup's ruling was overturned on appeal to the Court of Appeals for the Federal Circuit, though the question of whether such use of APIs constitutes fair use was left unresolved. [49]

In 2016, following a two-week trial, a jury determined that Google's reimplementation of the Java API constituted fair use, but Oracle vowed to appeal the decision. [50] Oracle won on its appeal, with the Court of Appeals for the Federal Circuit ruling that Google's use of the APIs did not qualify for fair use. [51] In 2019, Google appealed to the Supreme Court of the United States over both the copyrightability and fair use rulings, and the Supreme Court granted review. [52]

Examples

See also

Related Research Articles

Java (programming language) Object-oriented programming language

Java is a general-purpose programming language that is class-based and object-oriented, and designed to have as few implementation dependencies as possible. It is intended to let application developers write once, run anywhere (WORA), meaning that compiled Java code can run on all platforms that support Java without the need of recompilation. Java applications are typically compiled to bytecode that can run on any Java virtual machine (JVM) regardless of the underlying computer architecture. The syntax of Java is similar to C and C++, but it has fewer low-level facilities than either of them. As of 2019, Java was one of the most popular programming languages in use according to GitHub, particularly for client-server web applications, with a reported 9 million developers.

In distributed computing, a remote procedure call (RPC) is when a computer program causes a procedure (subroutine) to execute in a different address space, which is coded as if it were a normal (local) procedure call, without the programmer explicitly coding the details for the remote interaction. That is, the programmer writes essentially the same code whether the subroutine is local to the executing program, or remote. This is a form of client–server interaction, typically implemented via a request–response message-passing system. In the object-oriented programming paradigm, RPCs are represented by remote method invocation (RMI). The RPC model implies a level of location transparency, namely that calling procedures are largely the same whether they are local or remote, but usually they are not identical, so local calls can be distinguished from remote calls. Remote calls are usually orders of magnitude slower and less reliable than local calls, so distinguishing them is important.

Enterprise JavaBeans (EJB) is one of several Java APIs for modular construction of enterprise software. EJB is a server-side software component that encapsulates business logic of an application. An EJB web container provides a runtime environment for web related software components, including computer security, Java servlet lifecycle management, transaction processing, and other web services. The EJB specification is a subset of the Java EE specification.

The Java Message Service (JMS) API is a Java message-oriented middleware API for sending messages between two or more clients. It is an implementation to handle the producer–consumer problem. JMS is a part of the Java Platform, Enterprise Edition, and was defined by a specification developed at Sun Microsystems, but which has since been guided by the Java Community Process. It is a messaging standard that allows application components based on Java EE to create, send, receive, and read messages. It allows the communication between different components of a distributed application to be loosely coupled, reliable, and asynchronous.

Java Platform, Standard Edition is a computing platform for development and deployment of portable code for desktop and server environments. Java SE was formerly known as Java 2 Platform, Standard Edition (J2SE).

The term Web service (WS) is either:

ActiveX Software framework by Microsoft introduced in 1996

ActiveX is a software framework created by Microsoft that adapts its earlier Component Object Model (COM) and Object Linking and Embedding (OLE) technologies for content downloaded from a network, particularly from the World Wide Web. Microsoft introduced ActiveX in 1996. In principle, ActiveX is not dependent on Microsoft Windows operating systems, but in practice, most ActiveX controls only run on Windows. Most also require the client to be running on an x86-based computer because ActiveX controls contain compiled code.

An interface description language or interface definition language (IDL), is a specification language used to describe a software component's application programming interface (API). IDLs describe an interface in a language-independent way, enabling communication between software components that do not share one language, for example, between those written in C++ and those written in Java.

In computer science, message queues and mailboxes are software-engineering components used for inter-process communication (IPC), or for inter-thread communication within the same process. They use a queue for messaging – the passing of control or of content. Group communication systems provide similar kinds of functionality.

Service-oriented architecture (SOA) is a style of software design where services are provided to the other components by application components, through a communication protocol over a network. A SOA service is a discrete unit of functionality that can be accessed remotely and acted upon and updated independently, such as retrieving a credit card statement online. SOA is also intended to be independent of vendors, products and technologies.

The Web Services Invocation Framework (WSIF) supports a simple Java API for invoking Web services, no matter how or where the services are provided. The framework allows maximum flexibility for the invocation of any Web Services Description Language (WSDL)-described service.

Netscape Plugin Application Programming Interface (NPAPI) is an application programming interface (API) that allows browser plugins to be developed. It was first developed for Netscape browsers, starting in 1995 with Netscape Navigator 2.0, but was subsequently adopted by other browsers. With the advent of HTML5, all major web browsers have removed support for this API for security reasons.

Service Provider Interface (SPI) is an API intended to be implemented or extended by a third party. It can be used to enable framework extension and replaceable components.

A web framework (WF) or web application framework (WAF) is a software framework that is designed to support the development of web applications including web services, web resources, and web APIs. Web frameworks provide a standard way to build and deploy web applications on the World Wide Web. Web frameworks aim to automate the overhead associated with common activities performed in web development. For example, many web frameworks provide libraries for database access, templating frameworks, and session management, and they often promote code reuse. Although they often target development of dynamic web sites, they are also applicable to static websites.

A Web API is an application programming interface for either a web server or a web browser. It is a web development concept, usually limited to a web application's client-side, and thus usually does not include web server or browser implementation details such as SAPIs or APIs unless publicly accessible by a remote web application.

The Spring Framework is an application framework and inversion of control container for the Java platform. The framework's core features can be used by any Java application, but there are extensions for building web applications on top of the Java EE platform. Although the framework does not impose any specific programming model, it has become popular in the Java community as an addition to the Enterprise JavaBeans (EJB) model. The Spring Framework is open source.

Google Developers is Google's site for software development tools and platforms, application programming interfaces (APIs), and technical resources. The site contains documentation on using Google developer tools and APIs—including discussion groups and blogs for developers using Google's developer products.

The Netscape Server Application Programming Interface (NSAPI) is an application programming interface for extending server software, typically web server software.

Google v. Oracle America is a current legal case within the United States related to the nature of computer code and copyright law. The dispute centers on the use of parts of the Java programming language's application programming interfaces (APIs), which are owned by Oracle, within early versions of the Android operating system by Google. Google has admitted to using the APIs, and has since transitioned Android to a copyright-unburdened engine, but argues their original use of the APIs was within fair use.

References

  1. Fisher, Sharon (1989). "OS/2 EE to Get 3270 Interface Early". Google Books.
  2. 1 2 3 3333Clarke, Steven (2004). "Measuring API Usability". Dr. Dobb's. Retrieved 29 July 2016.
  3. Odersky, Martin; Spoon, Lex; Venners, Bill (10 December 2008). "Combining Scala and Java". www.artima.com. Retrieved 29 July 2016.
  4. de Figueiredo, Luiz Henrique; Ierusalimschy, Roberto; Filho, Waldemar Celes. "The design and implementation of a language for extending applications". TeCGraf Grupo de Tecnologia Em Computacao Grafica. Retrieved 29 July 2016.
  5. Sintes, Tony (2001-07-13). "Just what is the Java API anyway?". JavaWorld. Retrieved 29 July 2016.
  6. Emery, David. "Standards, APIs, Interfaces and Bindings". Acm.org. Archived from the original on 2015-01-16. Retrieved 2016-08-08.
  7. "F2PY.org". F2PY.org. Retrieved 2011-12-18.
  8. Fowler, Martin. "Inversion Of Control".
  9. Fayad, Mohamed. "Object-Oriented Application Frameworks".
  10. Lewine, Donald A. (1991). POSIX Programmer's Guide. O'Reilly & Associates, Inc. p. 1. ISBN   9780937175736 . Retrieved 2 August 2016.
  11. West, Joel; Dedrick, Jason (2001). "Open source standardization: the rise of Linux in the network era" (PDF). Knowledge, Technology & Policy. 14 (2): 88–112. Retrieved 2 August 2016.
  12. Microsogt (October 2001). "Support for Windows XP". Microsoft. p. 4. Archived from the original on 2009-09-26.
  13. "LSB Introduction". Linux Foundation. 21 June 2012. Retrieved 2015-03-27.
  14. Stoughton, Nick (April 2005). "Update on Standards" (PDF). USENIX . Retrieved 2009-06-04.
  15. Bierhoff, Kevin (23 April 2009). "API Protocol Compliance in Object-Oriented Software" (PDF). CMU Institute for Software Research. Retrieved 29 July 2016.
  16. Wilson, M. Jeff (2000-11-10). "Get smart with proxies and RMI". JavaWorld. Retrieved 29 July 2016.
  17. Henning, Michi; Vinoski, Steve (1999). Advanced CORBA Programming with C++ . Addison-Wesley. ISBN   978-0201379273 . Retrieved 16 June 2015.
  18. "API-fication" (PDF download). www.hcltech.com. August 2014.
  19. Benslimane, Djamal; Schahram Dustdar; Amit Sheth (2008). "Services Mashups: The New Generation of Web Applications". IEEE Internet Computing, vol. 12, no. 5. Institute of Electrical and Electronics Engineers. pp. 13–15. Archived from the original on 2011-09-28. Retrieved 2019-10-01.
  20. Niccolai, James (2008-04-23), "So What Is an Enterprise Mashup, Anyway?", PC World
  21. Parr, Ben. "The Evolution of the Social Media API". Mashable. Retrieved 26 July 2016.
  22. "GET trends/place". developer.twitter.com. Retrieved 2020-04-30.
  23. Parnas, D.L. (1972). "On the Criteria To Be Used in Decomposing Systems into Modules" (PDF). Communications of the ACM. 15 (12): 1053–1058. doi:10.1145/361598.361623.
  24. Garlan, David; Shaw, Mary (January 1994). "An Introduction to Software Architecture" (PDF). Advances in Software Engineering and Knowledge Engineering. 1. Retrieved 8 August 2016.
  25. Bloch, Josh. "How to design a good API and why it matters" (PDF).
  26. Lane, Kin (2016-03-14). "The Industry Guide to API Design" (PDF). Kin Lane via 3scale. Archived from the original (PDF) on 2016-03-15. Retrieved 2016-03-14.
  27. Henning, Michi. "API: Design Matters".
  28. Zimmermann, Olaf. "Interface Representation Patterns: Crafting and Consuming Message-Based Remote APIs".
  29. Stocker, Mirko. "Interface Quality Patterns: Communicating and Improving the Quality of Microservices APIs".
  30. de Ternay, Guerric (Oct 10, 2015). "Business Ecosystem: Creating an Economic Moat". BoostCompanies. Retrieved 2016-02-01.
  31. Boyd, Mark (2014-02-21). "Private, Partner or Public: Which API Strategy Is Best for Business?". ProgrammableWeb. Retrieved 2 August 2016.
  32. Weissbrot, Alison (7 July 2016). "Car Service APIs Are Everywhere, But What's In It For Partner Apps? | AdExchanger". ad exchanger. Retrieved 2 August 2016.
  33. "Cloudflare API v4 Documentation". cloudflare. 25 February 2020. Retrieved 27 February 2020.
  34. Liew, Zell (17 January 2018). "Car Service APIs Are Everywhere, But What's In It For Partner Apps". Smashing Magazine. Retrieved 27 February 2020.
  35. 1 2 Shi, Lin; Zhong, Hao; Xie, Tao; Li, Mingshu (2011). An Empirical Study on Evolution of API Documentation. International Conference on Fundamental Approaches to Software Engineering. Lecture Notes in Computer Science. 6603. pp. 416–431. doi:10.1007/978-3-642-19811-3_29. ISBN   978-3-642-19810-6 . Retrieved 22 July 2016.
  36. "guava-libraries - Guava: Google Core Libraries for Java 1.6+ - Google Project Hosting". 2014-02-04. Retrieved 2014-02-11.
  37. Oracle. "How and When to Deprecate APIs". Java SE Documentation. Retrieved 2 August 2016.
  38. Mendez, Diego; Baudry, Benoit; Monperrus, Martin (2013). "Empirical evidence of large-scale diversity in API usage of object-oriented software". 2013 IEEE 13th International Working Conference on Source Code Analysis and Manipulation (SCAM). pp. 43–52. arXiv: 1307.4062 . doi:10.1109/SCAM.2013.6648183. ISBN   978-1-4673-5739-5.
  39. Takanashi, Dean (19 February 2020). "Akamai: Cybercriminals are attacking APIs at financial services firms". Venture Beat. Retrieved 27 February 2020.
  40. Dekel, Uri; Herbsleb, James D. (May 2009). "Improving API Documentation Usability with Knowledge Pushing". Institute for Software Research, School of Computer Science. CiteSeerX   10.1.1.446.4214 .
  41. Parnin, Chris; Treude, Cristoph (May 2011). "Measuring API Documentation on the Web". Web2SE: 25–30. doi:10.1145/1984701.1984706. ISBN   9781450305952 . Retrieved 22 July 2016.
  42. Maalej, Waleed; Robillard, Martin P. (April 2012). "Patterns of Knowledge in API Reference Documentation" (PDF). IEEE Transactions on Software Engineering. Retrieved 22 July 2016.
  43. Monperrus, Martin; Eichberg, Michael; Tekes, Elif; Mezini, Mira (3 December 2011). "What should developers be aware of? An empirical study on the directives of API documentation". Empirical Software Engineering. 17 (6): 703–737. arXiv: 1205.6363 . doi:10.1007/s10664-011-9186-4.
  44. "Annotations". Sun Microsystems. Archived from the original on 2011-09-25. Retrieved 2011-09-30..
  45. Bruch, Marcel; Mezini, Mira; Monperrus, Martin (2010). "Mining subclassing directives to improve framework reuse". 2010 7th IEEE Working Conference on Mining Software Repositories (MSR 2010). pp. 141–150. CiteSeerX   10.1.1.434.15 . doi:10.1109/msr.2010.5463347. ISBN   978-1-4244-6802-7.
  46. "Oracle and the End of Programming As We Know It". DrDobbs. 2012-05-01. Retrieved 2012-05-09.
  47. "APIs Can't be Copyrighted Says Judge in Oracle Case". TGDaily. 2012-06-01. Retrieved 2012-12-06.
  48. "Oracle America, Inc. vs. Google Inc" (PDF). Wired. 2012-05-31. Retrieved 2013-09-22.
  49. Rosenblatt, Seth (May 9, 2014). "Court sides with Oracle over Android in Java patent appeal". CNET. Retrieved 2014-05-10.
  50. "Google beats Oracle—Android makes "fair use" of Java APIs". Ars Technica. 2016-05-26. Retrieved 2016-07-28.
  51. Decker, Susan (March 27, 2018). "Oracle Wins Revival of Billion-Dollar Case Against Google". Bloomberg Businessweek . Retrieved March 27, 2018.
  52. Lee, Timothy (January 25, 2019). "Google asks Supreme Court to overrule disastrous ruling on API copyrights". Ars Technica . Retrieved February 8, 2019.

Further reading