Contributors
Application programming interfaces, or APIs for short, are such ubiquitous tools that it’s hard to imagine how the internet would function without them. But how do APIs work?
It’s a question we (and likely many developers) get all the time. You’ve likely heard the term in passing, or maybe you’ve used the term itself. For most marketers, despite our vague understanding of what they do, they don't really understand how they work or what API limitations are.
Until now. Yup. Here comes your deep dive into everything you ever wondered about APIs.
What are APIs?
As we mentioned at the top, the acronym API is short for “application programming interface.” They are sometimes thought of as a developer tool in order to connect normally unrelated systems. APIs are particularly applicable in B2B SaaS companies and technology-driven businesses.
In lay terms, think of an old telephone switchboard (or maybe you need to do a Google image search). They were basically walls with a bunch of holes with patch cables running between two specific holes. This is how telephone operators used to manually connect to telephone lines.
Now, think of a big and important business way back then — like General Motors. They would likely need a special switchboard or port for people outside the company to call in to management offices. That specific switchboard could be considered an early stage API.
In other words, it lets the outside world connect to your business (namely your software products) in a defined manner.
What are web APIs?
Web APIs, also known as Web Services, are a specific type of API that operates over the internet and can be used by web-based applications. They play a crucial role in today's internet infrastructure
The purpose and benefits of APIs
Let’s skip forward about 70 years. Today, APIs can serve a whole host of functions. For the most part, APIs allow new applications and software to integrate with larger existing ones.
Take the Apple App Store, for example. Many different apps are specially designed for use on the iPhone and other Apple devices. For those app developers to create that software, they need to be able to work with the existing software systems that are loaded onto each device at the factory. 
One costly and time-consuming way to approach app build would be to buy an iPhone (or other device), break it down, and try to understand every facet of its source code so that you can program your own app to work with the device effectively. Not only is this extremely difficult, it’s also probably illegal.
Instead, companies like Apple create and release APIs for third-party developers to create new software for the device.
APIs mean more functionality
Without a vibrant App Store, the iPhone may have never achieved the world domination it enjoys today. That’s because the original engineers who designed the iPhone could have never thought of all the different possible experiences the device could deliver.
By selecting core areas for expandable functionality, Apple was able to deliver a high-quality product to market which could grow and evolve thanks to the creativity of the developer ecosystem.
For social media companies, an API can allow people to create and build new functionality that the main company may not want to invest in. For instance, without API tools from the major social networks, it may be nearly impossible to build a cross functional tool like HootSuite.
APIs mean a more connected digital space
For us at Funnel, APIs are the conduit through which we can bring the data from every marketing data platform together. Since nearly every major platform offers tools for API developers, we can create all sorts of connections to access data from each platform.
This allows marketers to aggregate much of their data, better understand their entire marketing ecosystem, and perform complex analyses.
It’s not all roses when it comes to handling hundreds of APIs, but more on that later.
APIs mean faster iteration
Thanks to API tools, developers can lean on the existing frameworks of larger and older software solutions to come up with new tools at pace.
In other words, think of cooking a pizza from scratch. That crust starts as dough which must be mixed from raw ingredients, rolled, proved, and pulled. Then you still need to prep your sauce and toppings.
An API almost acts as a shortcut — like a pre-made and pre-shaped crust — allowing you to focus on the yummy toppings that are assembled on top of a reliable base.
Different types of APIs
Much like any software system, there are many different kinds of APIs. While not all APIs are created equal, there are a few that stand out to us:
RESTful or simply REST API's
REST APIs, a subset of Web APIs, are designed around standard HTTP methods and a stateless architecture. They are widely used due to their simplicity and scalability. (REST in this context stands for Representational state transfer.)
For technically inclined people, Amazon has a great deep dive on RESTful APIs here.
SOAP
Simple object access protocol (SOAP) is another API that relies on core internet protocols (HTTP and SMTP) to enable messaging over the internet. While REST protocols were codified or defined around 2000, SOAP originated a bit earlier in 1998. As such, its original intent was to serve the core functions of internet usage in the pre-millennium era.
GraphQL
Originally developed by Facebook and released in 2015, GraphQL is an open-source data query and manipulation language for APIs. Since it has been designed and released more recently than RESTful and SOAP, it is perhaps no surprise that it is designed to serve the needs of a more surface-level or modern developer. Its main goal is to provide you with every piece of data in a single request, without needing to run multiple queries. This can be especially useful when confronted with like GA4’s new quotas.
Types of APIs based on accessibility
APIs can also be categorized based on their accessibility. For example in this way:
- Private APIs, also known as Internal APIs, are used within a company and allow different software systems within that organization to communicate.
- Public APIs are open to external users and developers, allowing them to access certain features of the software.
- Partner APIs are shared with business partners and often require specific authorization for use.
How do APIs work?
APIs operate through what we call 'API endpoints'. An API endpoint is essentially the touchpoint of two systems through which they communicate.
This interaction between two systems through an API is called an 'API call'. This is the process where a software system sends a request to an API and waits for a response.
Request-response model
Within this model, one software system sends a message to another requesting a specific data set. The second system receives this request and sends back a response. This responding message also contains the requested data as well as a confirmation of the action.
HTTP methods
Built for use with web applications, the HTTP methods provide a few possible actions for a requesting system to make. The GET method is used to request a given set of data from a server. This happens every time you open a website. Your browser sends a request to GET the necessary files to display the site.
A system can also send a POST request. This occurs when you submit an online form. The POST request sends the form information to the website server. And while similar, a PUT request is a bit different. A PUT is typically used for actions like adding or updating a user’s profile information.
Lastly, the system can also send a DELETE request. As the name suggests, this request will remove data from the second system.
Authentication and authorization
If you step back for a second, you might get the impression that an application programming interface - or API - is one of the most powerful tools in the digital sphere. API's can acquire, submit, and delete data in a remote system. Much like your own home, though, you’ll want to put locks on these sensitive doorways. That’s why we have authentication and authorization.
While the two terms are often used interchangeably, they are actually different processes.
Authentication processes verify the identity of a user. Any time you enter a username and password on a website, you are authenticating your identity. Once you enter those credentials, the website, app, or program then checks those credentials against its records to confirm you have permission to access that area. This second process is authorization.
Rate limits and quotas
Let’s continue the analogy of an API as a doorway for another minute. Even if you’ve built the door with a lock and key (authentication and authorization), your door can only allow so many people to squeeze through at a time. APIs are no different in that they also can only accommodate so many data requests at a time.
In order to manage bandwidth limitations and strain on hosting servers, many APIs feature rate limits and quotas. This creates a cap on how many requests can be sent in a minute, hour, or day.
As a practical example, GA4 has implemented quotas on how much data can be requested for use in Looker Studio. That means many marketers who are continuously monitoring performance reports in a Looker Studio dashboard all day long are actually sending GET requests every time they refresh the dashboard.
Now, multiply the number of times a single report is refreshed by the number of advertising platforms those marketers are gathering data from, and multiply that by the number of people using Looker Studio. You can see how Google’s data systems may become overwhelmed without a quota in place.
API integrations
API integrations are the process of linking different software systems together using APIs. This allows these systems to communicate and share data, resulting in increased functionality and improved efficiency.
What you see is NOT what you get
When creating API connections, many developers might assume (you know what happens when you assume…) that they will be given access to every ounce of data that a piece of software holds. That is especially true for marketers trying to build their own connections to various advertising platforms.
Unfortunately, this isn’t the case.
While you may be able to see all sorts of data points using a platform's proprietary analytics tool, much of that data may be truncated or non-existent when you create an API connection.
There are many reasons for this effect. Sometimes, platforms consider certain data points as too critical to their business structure that they don't wish to open up that portion of the source code. Other times, they may have overlooked some data when building the outbound API. And other times, they just want to force you into their own platform.
To circumvent these limitations, you need a team that can create custom connection points to get you all of the data you need in the moment.
Other misconceptions about APIs
Much like any piece of misunderstood technologies, there are a few aspects of APIs that people, in general, may not understand.
APIs are only for developers
While some APIs are indeed technical, other simpler APIs can be utilized by anyone who is comfortable working with technology. For instance, Facebook provides a specific open API that allows everyday users to connect third-party photo album tools to the platform. Granted, this connection isn’t too detailed, and is pretty stable, but it just shows that anyone can make use of APIs in many ways.
APIs are insecure
There is an old saying about hackers: they only need time and persistence to crack any system. While this holds true for almost anything on the internet, it shouldn’t deter you from using APIs. In fact, the financial and healthcare industries (two of the most highly regulated and secure industries on the planet) make use of APIs billions of times a day without issue.
You just need to make a plan for the complexity that you're introducing into the API, and how many potential vulnerabilities and sensitive data points could be in play.
All APIs are the same
At a very basic level, all APIs serve the same function of connecting software systems. However, that’s like saying every road is the same. That’s not really true, though, is it?
The majestic Pacific Coast Highway or historic Route 66 are much different than the M4 that encircles London. And those are much different than your own neighborhood street.
Every API has a distinct purpose, canton, and specialty.
Understanding the nuances of APIs
While APIs are a great and powerful tool that help us gain ever more functionality from different software products, it’s important to understand their limitations. One, which we’ve mentioned above, is the issue of rate limits. In order to manage the wear and tear of these systems, developers need to limit the volume of requests that can be made. Once those limits are reached, developers may slow down or “throttle” the speed and which requests are served.
Additionally, APIs are built for a specific function (request a specific data set) in a very specific time. Websites, apps, and other software are constantly being updated and upgraded to provide further functionality and security to users. Just think of the operating system on your phone — it always seems to be asking for an update.
As these systems are updated, different lines in the source code may change, which could cause your API doorway to collapse. That can mean your performance dashboard suddenly doesn't work, leaving it up to you to figure out if this is due to a quota issue, a broken API, or something else.
How Funnel can help you avoid API pitfalls
One of the last things marketers want to spend their time doing is fixing broken APIs (or waiting on their technical teams to patch the fix on their behalf). And with so many advertising platforms at your disposal, you shouldn’t feel the risk of failing APIs hanging over you.
That’s why a solution like Funnel is so effective. We have entire teams dedicated to monitoring and updating APIs the second anything changes. We even have multiple teams dedicated solely to Facebook APIs.
This means you can rely on strong, stable connections every minute of every day.
After all, APIs are great tools with enormous possibilities and power. All of that functionality shouldn’t give you additional undue stress.
