Application Programming Interface (API)

API ka matlab hai Application Programming Interface. Yeh ek tarika hai jisme do software
applications ya systems ek doosre se baat karte hain ya data share karte hain bina kisi manual
interaction ke.

Agar simple bhaasha mein samjhein, toh API ek waiter ki tarah kaam karta hai jo restaurant
(app/frontend) aur kitchen (server/backend) ke beech message bhejne ka kaam karta hai. Jaise aap
waiter ko apna order dete ho, woh kitchen tak le jata hai aur wapas aapko khaana laakar deta
hai—bilkul waise hi API ek app se request leta hai, server tak bhejta hai, aur response lekar wapas
deta hai.

Example: Agar aap Google Maps ko kisi food delivery app (Zomato, Swiggy) me dekhte ho, toh
Google Maps API us app ko maps ka data provide karti hai bina aapko Google Maps alag se kholne ki
zaroorat pade.

Open APIs (Public APIs)

●​ Ye sabke liye available hote hain, koi bhi inka use kar sakta hai.
●​ Mostly free ya limited access ke saath aate hain.
●​ Example: Google Maps API, OpenWeather API

Private APIs (Internal APIs)

●​ Ye sirf company ke internal use ke liye hote hain.

●​ Company ke apps ya services ke beech communication ke liye use hote hain.
●​ Example: Amazon ka internal API jo uske different teams use karti hain.

Partner APIs

●​ Ye sirf specific partners ya businesses ke liye hote hain.

●​ Public APIs ki tarah open nahi hote, access ke liye authorization chahiye hoti hai.
●​ Example: Uber API jo sirf approved partners ko access milta hai (Swiggy, Zomato, etc.).

Composite APIs

●​ Ye ek single API call me multiple APIs ka data combine karte hain.

●​ Performance fast hoti hai kyunki ek hi request me multiple services ka data mil jata hai.
●​ Example: E-commerce website ka API jo ek hi request me user details, orders, aur payment
info sab le aata hai.
APIs Architecture Types

1.​ REST API – Sabse common, easy aur lightweight hota hai.
2.​ SOAP API – Secure aur XML-based, mostly banking apps me use hota hai.
3.​ GraphQL API – Flexible aur customized responses deta hai.
4.​ WebSockets API – Real-time communication ke liye use hota hai, jaise chat apps.

HTTP Methods

HTTP methods APIs me kaise kaam karte hain, yeh samajhna bahut zaroori hai. Ye methods CRUD
operations (Create, Read, Update, Delete) perform karne ke liye use hote hain.

1. GET (Read)
●​ Data retrieve karne ke liye use hota hai.
●​ Server se koi bhi modification nahi hota, sirf data milta hai.

Example: GET/users

Response: Server se users ki list mil jayegi.

2. POST (Create)
●​ Naya data create karne ke liye use hota hai.
●​ Body me data bhejna padta hai.
●​ Example:

POST /users
Content-Type: application/json

{
"name": "Rahul",
"email": "rahul@example.com"
}

Response: Server ek naya user create karega.

3. PUT (Update - Full)

●​ Pura data update karne ke liye use hota hai.
●​ Agar koi field missing ho, toh wo purani value delete ho sakti hai.
●​ Example:
PUT /users/1
Content-Type: application/json

{
"name": "Rahul Sharma",
"email": "rahul@example.com"
}

Response: User ka poora data replace ho jayega.

4. PATCH (Update - Partial)

●​ Sirf kuch fields update karne ke liye use hota hai.
●​ Existing data delete nahi hota, sirf update hota hai.
●​ Example:

PATCH /users/1
Content-Type: application/json

{
"name": "Rahul Sharma"
}
Response: Sirf name update hoga, email waise ka waise hi rahega.

5. DELETE (Remove)
●​ Data delete karne ke liye use hota hai.
●​ Example:

DELETE /users/1

HTTP Status Codes

HTTP status codes server ka response batate hain—success hua, error aayi, ya koi aur issue hua. Yeh
codes 3-digit numbers hote hain jo server ki current state ko represent karte hain.

1xx - Informational (Request process ho raha hai)

●​ 100 Continue → Server ne request receive kar li, aage continue karo.

2xx - Success (Sab sahi hai)

●​ 200 OK → Request successfully complete ho gayi. (e.g., GET request ka response mila)
●​ 201 Created → Naya resource create ho gaya. (e.g., POST request successful)
●​ 204 No Content → Request successful thi, lekin koi data return nahi kiya. (e.g., DELETE request)

3xx - Redirection (Request ko kahin aur bheja gaya)

●​ 301 Moved Permanently → Resource permanently shift ho gaya (redirect).

●​ 302 Found → Resource temporarily shift ho gaya.

4xx - Client Errors (Galat request user ne bheji)

●​ 400 Bad Request → Request me kuch gadbad hai (e.g., missing data, wrong format).
●​ 401 Unauthorized → Authentication nahi hui, login ya token chahiye.
●​ 403 Forbidden → Authorized nahi ho, access allowed nahi hai.
●​ 404 Not Found → Jo resource dhoondh rahe ho, wo exist nahi karta.

5xx - Server Errors (Server ki taraf se issue)

●​ 500 Internal Server Error → Server me kuch unexpected error aa gaya.

●​ 502 Bad Gateway → Ek server doosre server se response nahi le pa raha.
●​ 503 Service Unavailable → Server busy hai ya down hai.
Request and Response Structure (Headers, Body, Parameters)

API request aur response ka structure samajhna bahut zaroori hai, kyunki yahi decide karta hai ki
client aur server ka communication kaise hoga.

API Request Structure

Jab client (browser, mobile app, etc.) kisi server se data maangta hai ya bhejta hai, toh ek HTTP
request bhejta hai.

1. Request Main Parts

GET /users?id=123 HTTP/1.1

Request Line – Method + URL bataata hai

Method: GET, POST, PUT, DELETE, etc.

URL: /users?id=123 (endpoint)
HTTP Version: HTTP/1.1

2. Headers – Metadata jo request ke baare me info deta hai.

Content-Type: application/json
Authorization: Bearer <token>

Content-Type → Data ka format (JSON, XML, etc.)

Authorization → Secure APIs ke liye token ya API key.
3. Query Parameters – URL ke andar extra data

GET /users?id=123&name=Rahul

?id=123 → User ID ke basis pe filter

&name=Rahul → Name ke basis pe filter

4. Body (Payload) – POST, PUT, PATCH requests ke liye.

{
"name": "Rahul",
"email": "rahul@example.com"
}
Body me actual data hota hai, jo server ko send karna hota hai.

API Response Structure

Jab server request receive karta hai, toh ek response send karta hai.

Response Main Parts

1. Status Line – Response ka status-- HTTP/1.1 200 OK

HTTP Version → HTTP/1.1

Status Code → 200 (success)
Status Message → OK

2. Headers – Metadata jo response ke baare me info deta hai.

Content-Type: application/json
Cache-Control: no-cache

Content-Type → Response ka format

Cache-Control → Response cache hoga ya nahi

3. Body (Payload) – Actual data jo client ko milta hai.

{
"id": 123,
"name": "Rahul",
"email": "rahul@example.com"
}
Yeh actual response hai, jo frontend ya client use karega.
Example: GET Request & Response
Request Response

GET /users/123 HTTP/1.1 HTTP/1.1 200 OK

Host: example.com Content-Type: application/json
Authorization: Bearer abc123
{
"id": 123,
"name": "Rahul",
"email": "rahul@example.com"
}
Example: POST Request & Response
Request Response

POST /users HTTP/1.1 HTTP/1.1 201 Created

Host: example.com Content-Type: application/json
Content-Type: application/json
{
{ "id": 124,
"name": "Rahul", "name": "Rahul",
"email": "rahul@example.com" "email": "rahul@example.com"
} }

Example: Food Delivery App (Swiggy/Zomato)

Maan lo, tum Swiggy ya Zomato app par "Pizza" search kar rahe ho. Is case me frontend (app/website)
ek API request bhejega backend server ko, aur server restaurants ka data return karega.

Step 1: API Request (Client → Server)

Jab tum search box me "Pizza" likhte ho, toh ek GET request backend server ko jati hai

GET /restaurants?search=pizza&location=Delhi HTTP/1.1

Host: api.zomato.com
Authorization: Bearer xyz123
Content-Type: application/json

Request Breakdown:

●​ GET /restaurants?search=pizza&location=Delhi → Pizza ke restaurants Delhi location me

dhoondhna hai
●​ Authorization: Bearer xyz123 → Secure API ke liye authentication token.
●​ Content-Type: application/json → Server JSON format me response dega.

Step 2: API Response (Server → Client)

Ab server request process karega aur restaurant details return karega:

HTTP/1.1 200 OK
Content-Type: application/json

{
"restaurants": [
{
"id": 101,
"name": "Domino's Pizza",
"rating": 4.5,
"location": "Connaught Place, Delhi"
},
{
"id": 102,
"name": "Pizza Hut",
"rating": 4.2,
"location": "Rajouri Garden, Delhi"
}
]
}

Response Breakdown:

●​ Status Code: 200 OK → Request successfully processed

●​ Body: JSON format me restaurants ka data wapas bheja gaya
●​ Restaurants List:
○​ Domino's Pizza (Rating: 4.5 ) ⭐
○​ Pizza Hut (Rating: 4.2 ⭐)
Step 3: Frontend Data Show Karega

App/Website response data ko format karke dikhayegi, jaise:

📍 Domino’s Pizza – ⭐ 4.5 – Connaught Place, Delhi​

📍 Pizza Hut – ⭐ 4.2 – Rajouri Garden, Delh
Summary Table
Query Parameters
Query parameters URL ke andar extra information bhejne ke liye use hote hain, jo server ko filter, sort
ya customize karne me madad karte hain.
Ye "?" ke baad start hote hain aur multiple parameters "&" se separate hote hain.

Example 1: Search in Food Delivery App (Swiggy/Zomato)

Maan lo, tum "Pizza" search kar rahe ho aur sirf Delhi wale restaurants dikhane hain.​
Toh ek GET request aise jayegi

GET /restaurants?search=pizza&location=Delhi

Breakdown:

●​ ?search=pizza → Pizza ke restaurants dhoondhne hain

●​ &location=Delhi → Delhi ke restaurants chahiye

Example 2: Sorting & Filtering in E-commerce App (Amazon/Flipkart)

Maan lo, tum Amazon pe mobile phones dekh rahe ho ₹10,000 - ₹20,000 range me aur price low to
high sort karna chahte ho.​
Toh API request kuch aise hogi:

GET /products?category=mobile&price_min=10000&price_max=20000&sort=price_asc

Path Parameters

Path parameters URL ka part hote hain, jo specific resource ko identify karne ke liye use kiye jate
hain.​
Ye curly brackets {} ya direct values ke form me hote hain.

🟢 Path Parameters:
●​ URL ka ek part hote hain (fixed structure)
●​ Resource ko uniquely identify karne ke liye use hote hain
●​ "?" aur "&" ka use nahi hota (unlike Query Parameters)

Example 1: User Profile (Instagram/Facebook)

Maan lo, tum Instagram pe kisi ka profile dekh rahe ho, jaise @rahul_123 ka.​
Toh API request kuch aise hogi:
GET /users/rahul_123

Breakdown:

●​ /users/rahul_123 → User "rahul_123" ka profile fetch karega

●​ Yaha "rahul_123" path parameter hai jo ek unique user ko represent karta hai.

Example 2: E-commerce App (Amazon/Flipkart)

Maan lo, tum Amazon pe ek specific product dekh rahe ho, jo Product ID = 56789 hai.​
Toh API request kuch aise hogi:

GET /products/56789

Breakdown:

●​ /products/56789 → Product ID 56789 ka data fetch karega

●​ Yaha "56789" ek Path Parameter hai, jo specific product ko identify kar raha hai.

Example 3: Order Details (Swiggy/Zomato)

Maan lo, tum Zomato pe ek order track kar rahe ho, jiska Order ID = 98765 hai.​
Toh API request kuch aise hogi:

GET /orders/98765

Breakdown:

●​ /orders/98765 → Order ID 98765 ka status fetch karega

●​ Yaha "98765" order ka unique identifier hai (Path Parameter).

Path Parameters vs Query Parameters

API Endpoints & URL Structure

API endpoint ek specific URL hota hai, jo client aur server ke beech communication ka point hota hai.

💡 Simple Words Me:

●​ API Endpoint = Server ka ek address (URL) + Specific path
●​ Ye client ko batata hai ki kaunsa resource access karna hai

1. API URL Structure

Ek typical API URL ka structure kuch aisa hota hai:

<protocol>://<base-url>/<resource>/<resource-id>?<query-parameters>

Breakdown:

Example:

GET https://api.amazon.com/products/12345?sort=price_asc

Amazon API ka use karke ek product (ID: 12345) fetch kar rahe hain

Price ko ascending order me sort kar rahe hain

2. API Endpoints Examples (Real-World)

🔹 1. User Authentication (Login/Signup)

POST /users/login

Host: api.example.com

Content-Type: application/json

"email": "user@example.com",

"password": "securepassword"

Example Request (Get Single Product)

GET /products/56789

Host: api.amazon.com

API Authentication & Security

API Authentication ka matlab hai server ko verify karna ki request sahi user se aa rahi hai ya nahi.

🔒 Why API Authentication?

●​ Unauthorized access rokne ke liye
●​ Sensitive data secure rakhne ke liye
●​ API usage track karne ke liye

🚀 Popular API Authentication Methods:

1.​ API Key Authentication 🔑
2.​ Basic Authentication 🏷️
3.​ Bearer Token (JWT - JSON Web Token) 🔐
4.​ OAuth (OAuth 2.0) 🌍
5.​ Session-Based Authentication 💾
1. API Key Authentication ( 🔑 Simple & Quick)
API Key ek unique identifier hota hai jo client ko diya jata hai authentication ke liye.

🔹 Example: API Key in Headers

GET /users
Host: api.example.com
Authorization: Api-Key abc123xyz

Yaha "abc123xyz" ek API Key hai jo server verify karega.

Example: API Key in Query Parameter

GET /users?api_key=abc123xyz

Downside: API key URL me dikh sakti hai, jo security risk create kar sakti hai.

✅ Use when:
●​ Jab simple aur fast authentication chahiye
●​ Read-only APIs ke liye

2. Basic Authentication ( 🏷️ Username + Password)

Basic Auth username-password ka use karta hai jo Base64 encoding me hota hai.

🔹 Example Request (Basic Auth)

GET /profile
Host: api.example.com
Authorization: Basic dXNlcm5hbWU6cGFzc3dvcmQ=

"dXNlcm5hbWU6cGFzc3dvcmQ=" Base64 encoded "username:password" hai.

Downside:

●​ Password Base64 encoding hota hai, encryption nahi

●​ Man-in-the-middle attack ka risk
●​ HTTPS ka use zaroori hai

Use when:

●​ Jab sirf internal APIs use ho rahi ho

●​ Less secure APIs me
3. Bearer Token (JWT - JSON Web Token) ( 🔐 Secure & Scalable)
JWT ek self-contained token hota hai jo user identity aur permissions store karta hai.

Example: JWT Token in Headers

GET /dashboard
Host: api.example.com
Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...

"Bearer" ke baad JWT token aata hai, jo server validate karega.

JWT Ka Format:

Header.Payload.Signature

Example JWT:

eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyX2lkIjoxMjM0NTY3ODkwIiwicm9sZSI6ImFkbWluIn0.Sf
lKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c

Use when:

●​ Web & Mobile Apps ke liye

●​ Stateless authentication (No session storage required)

4. OAuth 2.0 ( 🌍 Secure for Third-Party Access)

OAuth ek authorization framework hai jo third-party apps ko secure access dene ke liye use hota
hai.

🛠 Example: Login with Google/Facebook​

Jab tum "Login with Google" button dabate ho, tab OAuth 2.0 ka use hota hai.

🔹 OAuth 2.0 Flow:

1.​ User Google par login karta hai
2.​ Google ek access token generate karta hai
3.​ App Google API ke through access token verify karti hai
4.​ User ka data (jaise email, profile) app ko mil jata hai
POST /oauth/token
Host: auth.example.com
Content-Type: application/x-www-form-urlencoded

client_id=abc123&client_secret=xyz789&grant_type=authorization_code

Example OAuth 2.0 Token Request:

Use when:

●​ Jab third-party login (Google, Facebook, GitHub) ka use ho.

●​ Secure & scalable authentication chahiye.

5. Session-Based Authentication ( 💾 Traditional Method)

Session-based authentication me user login karta hai aur server ek session ID generate karke store
karta hai.

🔹 Example:
1.​ User login karta hai → Server session ID generate karta hai
2.​ Session ID client ko cookie me send hoti hai
3.​ Client har request me session ID bhejta hai
4.​ Server verify karta hai ki session valid hai ya nahi

Example: Cookie-based Authentication

GET /profile
Host: api.example.com
Cookie: session_id=abc123xyz

Downside:

●​ Session server-side store hoti hai (Scalability issue)

●​ Cross-site request forgery (CSRF) attacks ka risk

Use when:

●​ Jab traditional web apps ho.

●​ User state maintain karna ho.
Compare Table