Real World APIs


by Joseph Carboni

APIs 101

Early in my technology career, I drew inspiration from ProgrammableWeb’s 11-part video series on APIs (https://www.youtube.com/playlist?list=PLcgRuP1JhcBP8Kh0MC53GH_pxqfOhTVLa).

To non-developers, “API” (short for Application Programming Interface) sounds like jargon, but the concept is everywhere. Think of an API as a contract between a service consumer and provider, defining how transactions work.

David Berlind uses an analogy for an API that I found really powerful: an electrical wall socket. The hairdryer (consumer) and power company (provider) know nothing about each other, yet the socket’s structure enables the “transaction.”

This maps perfectly to business: customers make requests via defined entry points (account managers, phone calls, emails) and get responses like information or products. The “contract” is the business’s promises on request handling and expected results.

Leveraging Technology

Every business has an API—manual or automated. With business operations knowledge, information processes can be coded into software and databases, preserving the relationships between information and processes.

  • Wrap business processes in tech APIs like HTTP. HTTP enables client-server communication via methods (GET, POST) for data exchange.
  • Translate phone/email operations to HTTP methods and status codes. Here are some examples:
OperationHTTP MethodTypical Status Codes
Get priceGET200 OK, 404 Not Found
Check order statusGET200 OK, 404 Not Found
Order productPOST201 Created, 400 Bad Request
Cancel orderDELETE204 No Content, 404 Not Found
Update orderPUT/PATCH200 OK, 400 Bad Request
Return productPOST201 Created, 404 Not Found
  • Secure all requests that involve sensitive information or operations

A Note on Security

Exposing data and automating processes via web apps worries businesses—rightly so. Despite efficiency gains, removing human gatekeepers is a big step.

Phone calls start with caller ID; emails use built-in authentication. Web entry points must authenticate too, to prevent unauthorized access or actions.

Username-password basics persist, plus two-factor authentication. Securing data means making fraud tough—whether hacks or social engineering, risks remain.

Application

Over two years, I applied these ideas in a FastAPI app (MIT License): https://github.com/shupe-carboni/backend. The codebase represents an example of business-to-code translation. Notably, in order to get even the most basic of useful functionality in place, a significant amount of groundwork is required in order to establish how entities such as customers must be represented in order to do useful things for them.


Leave a Reply

Your email address will not be published. Required fields are marked *