A Web API is an application programming interface for either a web server or a web browser. It is a web development concept, usually limited to a web application's client-side (including any web frameworks being used), and thus usually does not include web server or browser implementation details such as SAPIs or APIs unless publicly accessible by a remote web application.

Server side

A server-side web API is a programmatic interface consisting of one or more publicly exposed endpoints to a defined request–response message system, typically expressed in JSON or XML, which is exposed via the web—most commonly by means of an HTTP-based web server. Mashups are web applications which combine the use of multiple server-side web APIs.[1][2][3] Webhooks are server-side web APIs that take as input a Uniform Resource Identifier (URI) that is designed to be used like a remote named pipe or a type of callback such that the server acts as a client to dereference the provided URI and trigger an event on another server which handles this event thus providing a type of peer-to-peer IPC.


Endpoints are important aspects of interacting with server-side web APIs, as they specify where resources lie that can be accessed by third party software. Usually the access is via a URI to which HTTP requests are posted, and from which the response is thus expected.

Endpoints need to be static, otherwise the correct functioning of software that interacts with it cannot be guaranteed. If the location of a resource changes (and with it the endpoint) then previously written software will break, as the required resource can no longer be found at the same place. As API providers still want to update their web APIs, many have introduced a versioning system in the URI that points to an endpoint, for example the Clarifai API: The endpoint for the tagging functionality within the web API has the following URI: "https://api.google.com/v1/tag/". The "/v1/" part of the URI specifies access to the first version of the web API. If Clarifai decides to update to version two, they can do this while still maintaining support for third party software that uses the first version.[4]

Resources versus services

Web 2.0 Web APIs often use machine-based interactions such as REST and SOAP. RESTful web APIs are typically loosely based on HTTP methods to access resources via URL-encoded parameters and the use of JSON or XML to transmit data. By contrast, SOAP protocols are standardized by the W3C and mandate the use of XML as the payload format, typically over HTTP. Furthermore, SOAP-based Web APIs use XML validation to ensure structural message integrity, by leveraging the XML schemas provisioned with WSDL documents. A WSDL document accurately defines the XML messages and transport bindings of a Web service.


Server-side web APIs are interfaces for the outside world to interact with the business logic. For many companies this internal business logic and the intellectual property associated with it are what distinguishes them from other companies, and potentially what gives them a competitive edge. They do not want this information to be exposed. However, in order to provide a web API of high quality, there needs to be a sufficient level of documentation. One API provider that not only provides documentation, but also links to it in its error messages is Twilio.[5]

However, there are now directories of popular documented server-side web APIs.[6]

Growth and impact

The number of available web APIs has grown consistently over the past years, as businesses realize the growth opportunities associated with running an open platform, that any developer can interact with. ProgrammableWeb tracks 9000 Web APIs that were available in 2013, up from 105 in 2005.[7]

Web APIs have become ubiquitous. There are few major software applications/services that do not offer some form of web API. One of the most common forms of interacting with these web APIs is via embedding external resources, such as tweets, Facebook comments, YouTube videos, vines, etc. In fact there are very successful companies, such as Disqus, whose main service is to provide embeddable tools, such as a feature-rich comment system.[8] Any website of the TOP 100 Alexa Internet ranked websites uses APIs and/or provides its own APIs, which is a very distinct indicator for the prodigious scale and impact of web APIs as a whole.[9]

As the number of available web APIs has grown, open source tools have been developed to provide more sophisticated search and discovery. APIs.json provides a machine-readable description of an API and its operations, and the related project APIs.io offers a searchable public listing of APIs based on the APIs.json metadata format.[10][11]



Many companies and organizations rely heavily on their Web API infrastructure to serve their core business clients. In 2014 Netflix received around 5 billion API requests, most of them within their private API.[12]


Many governments collect a lot of data, and some governments are now opening up access to this data. The interfaces through which this data is typically made accessible are web APIs. Web APIs allow for data, such as "budget, public works, crime, legal, and other agency data"[13] to be accessed by any developer in a convenient manner.

Client side

A client-side web API is a programmatic interface to extend functionality within a web browser or other HTTP client. Originally these were most commonly in the form of native plug-in browser extensions however most newer ones target standardized JavaScript bindings.

The Mozilla Foundation created their WebAPI specification which is designed to help replace native mobile applications with HTML5 applications.[14][15]

Google created their Native Client architecture which is designed to help replace insecure native plug-ins with secure native sandboxed extensions and applications. They have also made this portable by employing a modified LLVM AOT compiler.

See also


  1. ^ "What is mash-up? - Definition from WhatIs.com". WhatIs.com. Retrieved 2015-11-04.
  2. ^ "Mashup Dashboard". ProgrammableWeb.com. 2009.
  3. ^ "An Online Platform for Web APIs and Service Mashups". IEEE Internet Computing. 12 (5). Sep–Oct 2008. doi:10.1109/MIC.2008.92.
  4. ^ "Clarifai API: Large Scale Visual Recognition". developer.clarifai.com. Retrieved 2015-11-04.
  5. ^ Mulloy, Brian. Web API Design - Crafting Interfaces that Developers Love (PDF). apigee. p. 11.
  6. ^ "API Directory". ProgrammableWeb. Retrieved 2015-11-03.
  7. ^ "9,000 APIs: Mobile Gets Serious". ProgrammableWeb. Retrieved 2015-11-03.
  8. ^ "Disqus – The Web's Community of Communities". Disqus. Retrieved 2015-11-04.
  9. ^ "Alexa Top 500 Global Sites". www.alexa.com. Retrieved 2015-11-04.
  10. ^ "APIs.json". apisjson.org. Retrieved 2016-03-14.
  11. ^ "APIs.io - the API search engine". apis.io. Retrieved 2016-03-14.So make it clearly understandable & share your knowledge.
  12. ^ "Top 10 Lessons Learned from the Netflix API - OSCON 2014, Slide 73". 2014-07-24.
  13. ^ "Tech Trends 2015, API economy". Deloitte University Press. Retrieved 2015-11-03.
  14. ^ WebMonkey News
  15. ^ Mozilla WebAPI Wiki

Further reading


ASP.NET is an open-source server-side web application framework designed for web development to produce dynamic web pages. It was developed by Microsoft to allow programmers to build dynamic web sites, web applications and web services.

It was first released in January 2002 with version 1.0 of the .NET Framework, and is the successor to Microsoft's Active Server Pages (ASP) technology. ASP.NET is built on the Common Language Runtime (CLR), allowing programmers to write ASP.NET code using any supported .NET language. The ASP.NET SOAP extension framework allows ASP.NET components to process SOAP messages.

ASP.NET's successor is ASP.NET Core. It is a re-implementation of ASP.NET as a modular web framework, together with other frameworks like Entity Framework. The new framework uses the new open-source .NET Compiler Platform (codename "Roslyn") and is cross platform. ASP.NET MVC, ASP.NET Web API, and ASP.NET Web Pages (a platform using only Razor pages) have merged into a unified MVC 6.


ASP.NET Core is a free and open-source web framework, and higher performance than ASP.NET, developed by Microsoft and the community. It is a modular framework that runs on both the full .NET Framework, on Windows, and the cross-platform .NET Core. However the expected version ASP.NET Core 3 was announced to work only on .NET Core dropping support of .NET Framework.The framework is a complete rewrite that unites the previously separate ASP.NET MVC and ASP.NET Web API into a single programming model.

Despite being a new framework, built on a new web stack, it does have a high degree of concept compatibility with ASP.NET MVC. ASP.NET Core applications supports side by side versioning in which different applications, running on the same machine, can target different versions of ASP.NET Core. This is not possible with previous versions of ASP.NET.


The ASP.NET MVC is a web application framework developed by Microsoft, which implements the model–view–controller (MVC) pattern. It is open-source software, apart from the ASP.NET Web Forms component which is proprietary.

In the later versions of ASP.NET, ASP.NET MVC, ASP.NET Web API, and ASP.NET Web Pages (a platform using only Razor pages) will merge into a unified MVC 6.

Amazon SageMaker

Amazon SageMaker is a cloud machine learning platform that was launched in November 2017. SageMaker enables developers to create, train, and deploy machine learning (ML) models in the cloud. SageMaker also enables developers to deploy ML models on embedded systems and edge-devices.

Axway Software

Axway Software is a publicly held information technology company that provides software tools for enterprise software, Enterprise Application Integration, business activity monitoring, business analytics, mobile application development and web API management. It has been listed on Compartment B (for companies with market capitalizations between €150 million and €1 billion) of the Paris Euronext since June 2011.

Bug Labs

Bug Labs is a technology company headquartered in New York City that began by developing and selling open-source hardware peripherals for rapid prototyping of electronic devices. The company, founded in April 2006, developed a Lego-like hardware platform that technology enthusiasts, hobbyists and engineers used to create their own digital devices. The company develops software and firmware in order to connect devices to the internet, and has partnerships with several Fortune 100 companies, including mobile phone operators.

Bug Labs has produced data sharing utility for the Internet of Things called dweet.io. dweet.io is a simple and lightweight messaging service for devices. It requires no setup or sign in, sending data from a home device to the cloud by "dweeting" it with a HAPI-REST web API. dweet.io csan be experimented with using their API console.

To coincide with dweet.io, Bug Labs next released a visualization tool called Freeboard. The purpose of this tool is similar to dweet.io; to make it simple to connect devices and view the data they provide. Users can connect HTTP, JSON, or a dweet-connected device to the tool and view real-time data in seconds.


The District Health Information Software (DHIS) is used in more than 60 countries around the world. DHIS is an open source software platform for reporting, analysis and dissemination of data for all health programs, developed by the Health Information Systems Programme (HISP). The core development activities of the DHIS 2 platform (see note on releases and versions further down) are coordinated by the Department of Informatics at the University of Oslo, and supported by NORAD, PEPFAR, The Global Fund to Fight AIDS, Tuberculosis and Malaria, UNICEF and the University of Oslo.

The solution covers aggregated data (e.g. routine health facility data, staffing, equipment, infrastructure, population estimates), and event data (disease outbreaks, survey/audit data, patient satisfaction surveys, longitudinal patient records etc.). The system supports the capture of data linked to any level in an organisational hierarchy, any data collection frequency, a high degree of customisation at both the input and output side. DHIS 2 comes with easy to use analytics through tailored Dashboards, charts, pivot tables and maps, and can be extended with Apps or used by third-party software through the open Web-API. It has been translated into a number of languages.

The DHIS was originally developed for three health districts in Cape Town in 1998-99, but has since spread via the HISP network to more than 40 countries in Africa, Asia and Latin-America. The initial scope - routine monthly Primary Health Center data – has systematically been expanded to cover nearly all aspects of health data and information, and recently been used by other sectors such as Education, Water and Sanitation, Forestry, and Food Security.

Google Developers

Google Developers (previously Google Code) is Google's site for software development tools, application programming interfaces (APIs), and technical resources. The site contains documentation on using Google developer tools and APIs—including discussion groups and blogs for developers using Google's developer products.

There are APIs offered for almost all of Google's popular consumer products, like Google Maps, YouTube, Google Apps, and others.

The site also features a variety of developer products and tools built specifically for developers. Google App Engine is a hosting service for web apps. Project Hosting gives users version control for open source code. Google Web Toolkit (GWT) allows developers to create Ajax applications in the Java programming language.

The site contains reference information for community based developer products that Google is involved with like Android from the Open Handset Alliance and OpenSocial from the OpenSocial Foundation.

Google Hacks

Google Hacks: Tips & Tools for Smarter Searching is a book of tips about Google, a popular Web search engine, by Tara Calishain and Rael Dornfest. It was listed in the New York Times top ten business paperbacks in May 2003, considered at the time to be "unprecedented" for a technology book, and "even rarer" for the topic of search engines. The book was first published by O'Reilly in February 2002. Third edition of the book was released in 2006.

It covers tips of all kinds, from usage hints for the novice just using Google, to advice for the expert programming the Google Web API. Much of the content provided in the book can also be used for Google Hacking — finding security issues through Google searches. Most programming examples are written in Perl.

The second edition was published in December, 2004 (ISBN 0-596-00857-0).

There was also a third edition published (ISBN 0-596-52706-3).

HTTP 303

The HTTP response status code 303 See Other is a way to redirect web applications to a new URI, particularly after a HTTP POST has been performed, since RFC 2616 (HTTP 1.1).

According to RFC 7231, which obsoletes RFC 2616, "A 303 response to a GET request indicates that the origin server does not have a representation of the target resource that can be transferred by the server over HTTP. However, the Location field value refers to a resource that is descriptive of the target resource, such that making a retrieval request on that other resource might result in a representation that is useful to recipients without implying that it represents the original target resource."

This status code should be used with the location header, as described below. If a server responds to a POST or other non-idempotent request with a 303 See Other response and a value for the location header, the client is expected to obtain the resource mentioned in the location header using the GET method; to trigger a request to the target resource using the same method, the server is expected to provide a 307 Temporary Redirect response.

303 See Other has been proposed as one way of responding to a request for a URI that identifies a real-world object according to Semantic Web theory (the other being the use of hash URIs). For example, if http://www.example.com/id/alice identifies a person, Alice, then it would be inappropriate for a server to respond to a GET request with 200 OK, as the server could not deliver Alice herself. Instead the server would issue a 303 See Other response which redirected to a separate URI providing a description of the person Alice.

303 See Other can be used for other purposes. For example, when building a RESTful web API that needs to return to the caller immediately but continue executing asynchronously (such as a long-lived image conversion), the web API can provide a status check URI that allows the original client who requested the conversion to check on the conversion's status. This status check web API should return 303 See Other to the caller when the task is complete, along with a URI from which to retrieve the result in the Location HTTP header field.

Java servlet

A Java servlet is a Java software component that extends the capabilities of a server. Although servlets can respond to many types of requests, they most commonly implement web containers for hosting web applications on web servers and thus qualify as a server-side servlet web API. Such web servlets are the Java counterpart to other dynamic web content technologies such as PHP and ASP.NET.


Json2Ldap is a JSON-to-LDAP gateway software, written in Java and developed by Nimbus Directory Services. It provides a JSON-RPC 2.0 interface for web clients to access one or more LDAP v3 - compatible directories. The Json2Ldap web API supports the standard LDAP directory requests as well as several extended operations and controls.

Karate (software)

Karate is an open-source web-API test-automation framework that can script calls to HTTP end-points and assert that the JSON or XML responses are as expected. Karate also has support for service-virtualization where it can bring up "mock" (or stub) servers which can substitute for web-services that need to participate in an integration-test. Karate's capabilities include being able to run tests in parallel, HTML reports and compatibility with Continuous Integration tools.

The additional capability to re-use functional tests as performance-tests via integration with the Gatling tool was released in July 2018.

Karate is implemented in Java but test-scripts are written in Gherkin since Karate is an extension of the Cucumber framework. It was built within Intuit and released under the MIT license.


libwww (Library World Wide Web) is a modular client-side web API for Unix and Windows. It is also the name of the reference implementation of the libwww API.

It has been used for applications of varying sizes, including web browsers, editors, Internet bots, and batch tools. Pluggable modules provided with libwww add support for HTTP/1.1 with caching, pipelining, POST, Digest Authentication, and deflate.

The purpose of libwww is to serve as a testbed for protocol experiments so that software developers do not have to "reinvent the wheel."libcurl is considered to be a modern replacement for libwww.


OSIsoft, LLC is a manufacturer of application software for real-time data management, called the PI System. Founded in 1980, OSIsoft is privately held and headquartered in San Leandro, California.

Real Estate Transaction Standard

RETS is an acronym which stands for Real Estate Transaction Standard.

RETS is a framework used in Canada and the United States by the real estate industry to facilitate the exchange of data. RETS was launched in 1999 by the National Association of Realtors and related groups.RETS was originally created to overcome the difficulties presented by the existence of a large number of organizations desiring to share and distribute real estate information with others. Prior to RETS, much of the data exchange was done using the FTP protocol, which did not allow for queries, and required transfer of complete datasets. The inefficiencies of this approach meant that to generate a query such as "new listings since yesterday", the entire dataset had to be downloaded again and compared with a local copy. Rather than basing a solution on alternatives used by other industries to allow for such queries, RETS was created from the ground up as a new framework to attempt to address the need for a common and efficient standard for the exchange of real estate data. Most North American multiple listing service (MLS) data exchange service providers use the RETS protocol. Although the implementation of the protocol has offered some standardization, the field names of the underlying datasets still vary widely between markets.

RETS is a framework that can be adopted by computer systems to receive data from the multiple listing service (MLS) servers, as well as those of other real estate systems provided they also have software installed designed to communicate using the RETS framework. The National Association of Realtors refers to RETS as a "common language".

Multiple other systems exist which support the secure and standardized transfer of datasets and associated access control requirements in a secure and efficient manner, such as MySQL. These other systems enjoy widespread adoption across most industries, whereas RETS is for one specific industry. RETS is generally not used outside North America.

In 2018, the Real Estate Standards Organization announced that it planned to retire RETS and replace it with the RESO Web API.

Web API security

Web API security entails authenticating programs or users who are invoking a web API.

With ease of API integrations comes the difficult part of ensuring proper AUTHN (authentication) and AUTHZ (authorization). In a multitenant environment, proper security controls need to be put in place to only allow access on "need to have access basis" based on proper AUTHN and AUTHZ. Appropriate AUTHN schemes enable producers (API's or services) to properly identify consumers (clients or calling programs) and to evaluate their access level (authz). In other words, can a consumer invoke a particular method (business logic) based on credentials presented?

"Interface design flaws are widespread, from the world of crypto processors through sundry

embedded systems right through to antivirus software and the operating system itself."

Web framework

A web framework (WF) or web application framework (WAF) is a software framework that is designed to support the development of web applications including web services, web resources, and web APIs. Web frameworks provide a standard way to build and deploy web applications on the World Wide Web. Web frameworks aim to automate the overhead associated with common activities performed in web development. For example, many web frameworks provide libraries for database access, templating frameworks, and session management, and they often promote code reuse. Although they often target development of dynamic web sites, they are also applicable to static websites.

Web service

The term Web service (WS) is either:

(generic) a service offered by an electronic device to another electronic device, communicating with each other via the World Wide Web, or

(specific) a Web service implemented in the particular technology or brand, e.g W3C Web Services.In a Web service, the Web technology such as HTTP—originally designed for human-to-machine communication—is utilized for machine-to-machine communication, more specifically for transferring machine-readable file formats such as XML and JSON.

In practice, a Web service commonly provides an object-oriented Web-based interface to a database server, utilized for example by another Web server, or by a mobile app, that provides a user interface to the end user. Many organizations that provide data in formatted HTML pages will also provide that data on their server as XML or JSON, often through a Web service to allow syndication, for example, Wikipedia's Export. Another application offered to the end user may be a mashup, where a Web server consumes several Web services at different machines and compiles the content into one user interface.

Web interfaces
As a service

This page is based on a Wikipedia article written by authors (here).
Text is available under the CC BY-SA 3.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.