In this Glossary, you can find important terminology related to API documentation, implementation, authentication, authorization, and related concepts.
| Term | Definition |
|---|---|
| API (Application Programming Interface) | A set of rules and protocols that allow different software applications to communicate with each other. |
| API Documentation | Technical documentation that describes how to use an API, including endpoints, request/response formats, authentication methods, and usage examples. |
| Endpoint | A specific URL that represents a resource or action exposed by an API. |
| Request | A message sent from a client to an API server, typically including a method, URL, headers, and body. |
| Response | A message sent from an API server to a client, typically including a status code, headers, and body. |
| HTTP (Hypertext Transfer Protocol) | The underlying protocol used by the World Wide Web and APIs for communication between clients and servers. Common methods include GET, POST, PUT, DELETE, and PATCH. |
| REST (Representational State Transfer) | An architectural style for designing networked applications, emphasizing stateless communication and resource-based interactions. |
| SOAP (Simple Object Access Protocol) | A protocol for exchanging structured information in the implementation of web services, using XML. |
| GraphQL | A query language for APIs and a runtime for fulfilling those queries with existing data. It provides a more efficient and flexible alternative to REST. |
| JSON (JavaScript Object Notation) | A lightweight data-interchange format that is easy for humans to read and write and easy for machines to parse and generate. |
| XML (Extensible Markup Language) | A markup language that defines a set of rules for encoding documents in a format that is both human-readable and machine-readable. |
| Authentication | The process of verifying the identity of a user or application. |
| Authorization | The process of granting or denying access to specific resources or actions based on the authenticated identity. |
| API Key | A unique identifier used to authenticate a client application. |
| OAuth 2.0 | An authorization framework that enables a third-party application to obtain limited access to a user's resources without exposing their credentials. |
| JWT (JSON Web Token) | A compact, URL-safe means of representing claims to be transferred between two parties. |
| Bearer Token | An access token used in OAuth 2.0 authorization. |
| OpenAPI Specification (OAS) | A specification for describing RESTful APIs, enabling both humans and computers to discover and understand the capabilities of a service without access to source code, additional documentation, or network traffic inspection. |
| Swagger | A set of open-source tools built around the OpenAPI Specification that can help you design, build, document, and consume RESTful Web services. |
| cURL | A command-line tool for transferring data with URLs. |
| Postman | A collaboration platform for API development, used for building, testing, and documenting APIs. |
| API Gateway | A management tool that sits in front of an API, managing requests, security, and traffic. |
| Rate Limiting | A mechanism for controlling the number of requests a client can make to an API within a given time period. |
| Versioning (API) | The practice of releasing multiple versions of an API to accommodate changes without breaking existing clients. |
| SDK (Software Development Kit) | A collection of software development tools in one installable package. |
| Webhook | An automated message sent from apps when something happens. They deliver data to other applications as it happens, meaning you get data immediately, unlike typical APIs where you would need to poll for data very frequently. |
| Status Code | A three-digit integer that indicates the result of a request. Common examples include 200 (OK), 400 (Bad Request), 401 (Unauthorized), 403 (Forbidden), and 500 (Internal Server Error). |
| Header (HTTP) | A key-value pair that provides additional information about an HTTP request or response. |
| Body (HTTP) | The data payload of an HTTP request or response. |
| Payload | The data transmitted in a request or response. |
| Idempotent | An operation that produces the same result if executed once or multiple times. |
| API Testing | Software testing that involves directly testing APIs, and as part of integration testing to determine if the API meets expectations regarding functionality, reliability, performance and security of the application. |
| Mocking | Creating simulated objects or services to test the functionality of an API without relying on actual external dependencies. |
| Caching | Storing frequently accessed data in a temporary storage location to improve performance. |
| API Security | Measures taken to protect an API from unauthorized access, attacks, and data breaches. |
| SSL/TLS (Secure Sockets Layer/Transport Layer Security) | Cryptographic protocols that provide communication security over a computer network. |
| HTTPS (Hypertext Transfer Protocol Secure) | The secure version of HTTP, which uses SSL/TLS for encryption. |