API

#

Application Programming Interface. A set of rules that allows different software applications to communicate with each other. Think of it as a waiter in a restaurant: you (the app) tell the waiter (the API) what you want, and they bring it from the kitchen (the server).

Example

When a weather app shows the current temperature, it's using a weather API to fetch that data from a weather service.

Endpoint

#

A specific URL where an API can be accessed. Each endpoint represents a different resource or action. Think of endpoints like different departments in a store.

Example

https://api.weather.com/v1/current — this endpoint returns current weather. https://api.weather.com/v1/forecast returns a forecast.

REST

#

Representational State Transfer. The most popular API design style. REST APIs use standard HTTP methods (GET, POST, PUT, DELETE) and return data — usually in JSON format. Almost every public API listed in this directory is a REST API.

Example

GET https://api.example.com/users — retrieves a list of users (GET = read data).

API Key

#

A unique string that identifies your application when making API requests. You get one by signing up on the API provider's website. It's like a hotel key card — it grants you access and tracks your usage.

Example

curl -H "X-Api-Key: your_key_here" https://api.example.com/data

Rate Limit

#

The maximum number of API requests you can make in a given time period. If you exceed it, you get a 429 error. Free tiers typically have lower limits than paid plans.

Example

100 requests/minute means you can call the API up to 100 times per minute. The 101st call in that minute will fail.

JSON

#

JavaScript Object Notation. The most common format for API responses. It stores data as key-value pairs, arrays, and nested objects. It's human-readable and easy to parse in any programming language.

Example

{"city": "Tokyo", "temp": 25, "unit": "celsius", "conditions": ["sunny", "clear"]}

Related Terms

HTTP Method

#

The type of action you want to perform on an API. GET retrieves data (safe, no side effects). POST creates new data. PUT/PATCH updates existing data. DELETE removes data. Most public APIs for reading data only use GET.

Example

GET /api/photos — gets photos. POST /api/photos — uploads a new photo.

Status Code

#

A three-digit number in every API response that tells you whether the request succeeded or why it failed. 200 = success. 400 = bad request (your mistake). 401 = unauthorized (wrong API key). 404 = not found. 429 = rate limited. 500 = server error.

Example

If you get 401, double-check your API key is correct and in the right header.

CORS

#

Cross-Origin Resource Sharing. A browser security policy that controls whether JavaScript on one website can call APIs on a different domain. If an API has CORS enabled, you can call it directly from browser JavaScript. If not, you'll need a backend server.

Example

If you're building a website and get a CORS error, you need to call the API from a Node.js server instead of directly from the browser.

OAuth

#

An authorization protocol that lets users grant your app access to their account on another service without sharing their password. More complex to implement than API keys, but required by social platforms like Twitter, Google, and GitHub.

Example

The 'Sign in with Google' button you see on websites uses OAuth to let you log in without sharing your Google password with the site.

Request Header

#

Extra information sent along with your API request, separate from the URL. Headers commonly carry your API key (Authorization), the data format you expect (Accept: application/json), or the content type you're sending.

Example

curl -H "Authorization: Bearer YOUR_KEY" -H "Accept: application/json" https://api.example.com

Query Parameter

#

Extra options added to the end of an API URL after a '?' to filter, sort, or customize the response. Multiple parameters are separated by '&'. They're the most beginner-friendly way to pass data to an API.

Example

GET /api/weather?city=Tokyo&units=metric&lang=en — the city, units, and lang are all query parameters.

Webhook

#

A way for an API to automatically send data TO your server when something happens, instead of you constantly asking for updates. You give the API your server's URL, and it calls it when an event occurs. Like a notification system.

Example

A payment API sends a webhook to your server URL when a customer completes a purchase, so you instantly know to fulfill the order.

SDK

#

Software Development Kit. A pre-built library for a specific programming language that makes using an API much easier. Instead of writing raw HTTP requests, you use simple function calls. Many popular APIs have official SDKs for JavaScript, Python, and more.

Example

Instead of writing fetch() calls, you use the SDK: const weather = await client.getWeather('Tokyo')

Pagination

#

When an API has too many results to return at once, it splits them into pages. You request one page at a time using parameters like page, limit, or offset. Always check if an API paginates when you expect more results than you're getting.

Example

GET /api/products?page=2&limit=20 — returns items 21-40 (page 2, 20 per page).

Authentication

#

The process of proving who you are to an API so it knows the request comes from a legitimate account. Common methods include API keys, bearer tokens, and OAuth. Authentication answers the question "who are you?" — as distinct from authorization, which decides what you're allowed to do.

Example

Sending an API key in the Authorization header authenticates your app: Authorization: Bearer YOUR_API_KEY.

Authorization

#

The process of deciding what an authenticated user or app is permitted to do. Once an API knows who you are (authentication), authorization determines which resources and actions you can access — for example, read-only versus write access. A failed authorization typically returns a 403 Forbidden status code.

Example

Your API key may authenticate successfully but still return 403 Forbidden if your plan isn't authorized to access a premium endpoint.

Token

#

A string of characters an API issues to represent a granted session or set of permissions, sent with each request to prove access. Unlike a static API key, tokens are often short-lived and can be refreshed or revoked. Bearer tokens, commonly obtained through OAuth, are passed in the Authorization request header.

Example

Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9... — a token sent in the request header.

Request

#

The message your app sends to an API to ask for data or trigger an action. A request combines an HTTP method (GET, POST, etc.), an endpoint URL, optional headers, and sometimes a body of data. The API processes it and sends back a response.

Example

GET https://api.example.com/users with the header Authorization: Bearer YOUR_KEY is a complete request.

Response

#

The message an API sends back after receiving your request. A response includes a status code indicating success or failure, headers with metadata, and usually a body containing the requested data — most often formatted as JSON.

Example

A successful response might be status 200 with the body {"id": 42, "name": "Tokyo"}.

URL

#

Uniform Resource Locator. The web address that identifies where an API resource lives. An API URL combines the base domain, a path to a specific endpoint, and optional query parameters. Every API request is sent to a URL.

Example

https://api.example.com/v1/weather?city=Tokyo — the domain, the /v1/weather path, and a query parameter combined into one URL.

Error Handling

#

Writing code that anticipates and gracefully responds to failed API requests instead of crashing. Good error handling checks the response status code, reads any error message the API returns, and decides whether to retry, fall back, or alert the user. It's essential because networks fail and APIs return errors like 401, 404, and 429.

Example

Check the status code before using the data: if the response is 429, wait and retry; if 401, prompt the user to re-check their API key.