Anatomy of a Mobile App: The API Server

August 11, 2016 Blog

(Mobile applications have become so smooth that we can forget about the many unseen pieces making it work. It’s easy to forget that the user interface is only a piece of a much larger architecture. A successful mobile app has a layer of backend components to support it. When planning to create a new mobile application, or update an existing one, the pieces you don’t see will need as much attention as the UI. This series will explore those backend pieces needed to create a great mobile application.)

What is an API?


An Application Programming Interface, or API, provides a way for one application to interact with another. Applications make requests to an API to retrieve data or to send data in. The API returns a response but hides the other system’s inner operations from the application. For example, the use of an API means an application can send data to a database without directly writing the data into it. The application provides the API with the data, and the API hands the data to whatever mechanism is going to update the database.

The API presents a series of URL endpoints that web or mobile applications can connect to. The API usually runs on a server that sits between the application and the other servers that perform operations. The API can make requests on the application’s behalf and return the response from secured systems.

Typical REST API server configuration
Typical REST API server configuration

There are many benefits to an API. It has become an almost de facto piece of any Internet-enabled application.

Simplicity

The API layer simplifies integration by defining how data can move in and out of the backend system it covers.  Interactions are clearly and carefully defined.  Working with an API layer removes the need to work with systems directly.  The details of the back end system are hidden, and developers are provided an easy to use interface to interact with.

For example, a web developer building an application has a user profile page.  The user profile information is stored in an Oracle database.  Without an API, the web developer would have to know the intricacies of the Oracle implementation to get the data needed.  With an API, the web developer only needs to ask the API for information.  The API is programmed to use the correct methods to retrieve the data for them.

System Abstraction

The structure of a system can change over time as requirements and environments evolve.  Applications that talk directly to a backend system will have to be updated every time the backend system changes.  An API removes this dependency by hiding the system’s inner workings from the outside world. Only the API will need to be updated to accommodate the change.  All the applications using the API remain untouched.

Here is an example using our user profile web page from above.  We established the web page is calling an API server to get the user information from an Oracle database.  If the company decides to switch from an Oracle database to a SQL Server database, the web developer shouldn’t have to update their application.  Instead, the API can be changed to use the new data source while still outputting data to the web page in the same way.  Because they see the same data as before, all web applications using user profile information are unaffected.

How is it used?

The REST API has been an important contributor to the capabilities of the modern web.  Here are a few of the many ways modern web and mobile applications use REST APIs:

Security

REST APIs enhance network security by separating the Internet from private network resources.  Applications can exist outside a corporate network, e-mail for example, but they may need a way to get resources from inside the network.  Directly accessing internal resources would be dangerous and insecure.  The API layer sits on the edge of the network where it is accessible to external applications, and still capable of requesting information from internal resources.  The API layer can check all incoming requests to make sure they are from valid authenticated clients.  The API server can ignore unauthorized requests.  This protects the network and backend systems from unauthorized access.

Transient

Application interfaces running REST APIs tend to be lightweight servers that are quick to spin up and shut down.  They rarely store any information permanently since their main role is that of information broker.  It is not uncommon to have a few API servers running simultaneously to help balance the request load.  If one server fails or crashes, it can easily be taken down, and a new one spun up in its place.  Users of the system will probably not notice any interruption.

Reduce Data Delivery Latency

An API is an excellent place to host a cache.  A cache is a simple data storage application.  Cache structures are simpler than a relational database and are designed to deliver data quickly.  Data that is frequently requested, or data that does not change regularly, is stored in a cache for swift delivery.  The API layer can decide when to serve from the cache or to request new data from the database.  The result is a reduction in latency and a decrease in database processing.

Third-Party API Servers

An application that asks to connect to Facebook or Google is using the API of that provider.  Approving that connection allows the application to communicate with the provider’s API on the user’s behalf.  The API layer then communicates with protected resources inside of Facebook or Google.  

Third party APIs are very useful for small to mid-sized applications that lack significant resources on their own.  They offer ways for applications to leverage the larger company’s resources.  A common use case is to handle user authentication or user-specific data storage through third parties, like Google and Facebook..

Conclusion

The Application Programming Interface provides many benefits.  The REST API, in particular, is a crucial piece of Internet communication.  The REST API provides secure method for accessing protected resources without exposing private networks.  The API can be as significant to an application as a well-planned user interface.

Share this Post

David Posin

Web Developer and Blogger

Leave a Reply

Your email address will not be published. Required fields are marked *