by Joseph Carboni
APIs 101
Early in my technology career, I drew inspiration from ProgrammableWeb’s 11-part video series on APIs (https://www.youtube.com/playlist?list=PLcgRuP1JhcBP8Kh0MC53GH_pxqfOhTVLa).
To non-developers, “API” (short for Application Programming Interface) sounds like jargon, but the concept is everywhere. Think of an API as a contract between a service consumer and provider, defining how transactions work.
David Berlind uses an analogy for an API that I found really powerful: an electrical wall socket. The hairdryer (consumer) and power company (provider) know nothing about each other, yet the socket’s structure enables the “transaction.”
This maps perfectly to business: customers make requests via defined entry points (account managers, phone calls, emails) and get responses like information or products. The “contract” is the business’s promises on request handling and expected results.
Leveraging Technology
Every business has an API—manual or automated. With business operations knowledge, information processes can be coded into software and databases, preserving the relationships between information and processes.
- Wrap business processes in tech APIs like HTTP. HTTP enables client-server communication via methods (GET, POST) for data exchange.
- Translate phone/email operations to HTTP methods and status codes. Here are some examples:
| Operation | HTTP Method | Typical Status Codes |
| Get price | GET | 200 OK, 404 Not Found |
| Check order status | GET | 200 OK, 404 Not Found |
| Order product | POST | 201 Created, 400 Bad Request |
| Cancel order | DELETE | 204 No Content, 404 Not Found |
| Update order | PUT/PATCH | 200 OK, 400 Bad Request |
| Return product | POST | 201 Created, 404 Not Found |
- Secure all requests that involve sensitive information or operations
A Note on Security
Exposing data and automating processes via web apps worries businesses—rightly so. Despite efficiency gains, removing human gatekeepers is a big step.
Phone calls start with caller ID; emails use built-in authentication. Web entry points must authenticate too, to prevent unauthorized access or actions.
Username-password basics persist, plus two-factor authentication. Securing data means making fraud tough—whether hacks or social engineering, risks remain.
Application
Over two years, I applied these ideas in a FastAPI app (MIT License): https://github.com/shupe-carboni/backend. The codebase represents an example of business-to-code translation. Notably, in order to get even the most basic of useful functionality in place, a significant amount of groundwork is required in order to establish how entities such as customers must be represented in order to do useful things for them.