What is an API? And what about the other pieces of the API ecosystem? This glossary will give you some simple definitions to understand more about APIs.
Access token (sometimes called a bearer token) is a time limited string of characters which is obtained from the authorisation API after sending a cryptographically signed JSON web token (or JWT). This access token is sent with subsequent API requests to send/receive protected data. Read more about access tokens in our API authentication guide.
Application Programming Interface is a set of definitions and protocols that allow products and services to communicate. APIs make it easier for products to integrate data and information across channels, platforms, and devices.
An agreement setting out the API Connection Terms forming a legally binding contract between the party detailed in the Consumer API Onboarding Application (Connecting Party) and Digital Health and Care Wales.
API consumers are parties wishing to connect an application or service to an API. This includes providing data to an API.
An endpoint is the end of a communication channel. When APIs interact with other systems, each touchpoint of interaction is considered an endpoint such as a server, a service, or a database.. API endpoints specify where resources live and what can access them.
An API gateway is an API management tool that serves as an intermediary between the client and a set of different backend services. API gateways act as gatekeepers and proxies that moderate all your API calls, aggregate the data and return the correct result. Gateways are used to handle common tasks such as API identification, rate limiting, and usage metrics.
API integration connects two or more applications to exchange data between them.
An API key is a unique identifier that enables other software to authenticate a user, developer, or API calling software to an API to ensure it is who it says it is. API keys authenticate the API instead of a user and offer a certain degree of security to API calls.
The API lifecycle is an approach to API management and development that aims at providing a holistic view of how to manage APIs across its different life stages, from creation to retirement. The API lifecycle is often divided into three stages - creation stage, control stage, and consumption stage.
An API layer is a proxy that joins together all your service offerings using a graphic UI to provide greater user interactivity. API layers are language-agnostic ways of interacting with products and help describe the services and data types used to exchange information
An API portal is a bridge between the API provider and the API consumer. An API portal provides information about the APIs at every stage of the API lifecycle. API portals serve to make APIs public and offer content to educate developers about them, their use, and how to make the most of them.
The API provider is the API product team responsible for developing and supporting the APIs.
API publishing is the process of making APIs available on the NHS Wales Digital Platform and API Portal.
An API request happens when a developer adds an endpoint to a URL and uses that endpoint to call the server or the database.
The ubiquitous nature of APIs makes them one of the favourite targets for hackers. API security is an umbrella term that defines a set of practices that aim to prevent malicious attacks, misuse, and exploits. This includes basic authentication and authorisation, tokens, multi-factor authentication, and other advanced security measures.
Apigee is an API gateway management tool offered by Google to exchange data across cloud services and applications. It enables developers to build and manage APIs. As a proxy layer, Apigee enables you to expose your backend APIs in abstraction or facade and helps protect your APIs, limit their rate, and provide analytics and other services.
Provides an OAuth based endpoint which issues a time limited, app specific, bearer token allowing access to an associated API. The token is issued in response to a signed JSON Web Token (JWT) which is validated using the corresponding public key specifically associated with the app.
CRUD is an acronym for create, read, update and delete.
DevOps —a blending of development and operations— combines cultural philosophies, agile practices, and tools. DevOps practices aim at increasing an organisation's ability to deliver software products and services faster than ever before. DevOps uses a toolchain made of interconnected technologies to build a software development infrastructure based on automation to achieve greater delivery speeds.
DevSecOps —a blending of development, security, and operations— refers to the automation and integration of security at every step of the DevOps lifecycle, from the initial design process all the way to software delivery. DevSecOps emphasises the need for proper security practices along the pipeline to enhance accountability and minimise breaches.
Developer portals are interfaces that bridge the gap between API providers and API consumers. It's called a developer portal because most of the API consumers are developers. Developer portals aim at educating developers on how to use APIs and provide all the information needed to leverage APIs.
A framework contains libraries of code, instructions, and APIs from which developers and API consumers can obtain information from a product.
There are two ways to structure HTML (HyperText Markup Language): GET and POST. GET refers to a method for requesting information from a particular website using HyperText Transfer Protocol (HTTP). You can also use it to derive a specific variable from a group of variables.
JSON (JavaScript Object Notation) is a lightweight data-interchange format based on a subset of JavaScript programming language standards. JSON has the advantage that it is both easy for humans to read and write and for machines to parse and generate. It is a format that is completely agnostic to languages and uses conventions that are familiar to programmers of C-family languages.
Microservices —also known as microservices architecture— is a software architecture style that structures apps as a collection of loosely coupled, independent, and highly maintainable services that are organized to enhance an app, website, or platform's business capabilities.
Also called pen testing or ethical hacking, penetration testing simulates attacks on your computer system to identify exploitable vulnerabilities. Pen testing identifies, tests, and highlights vulnerabilities in an organisation's security posture.
REST stands for representational state transfer, is an application programming interface that conforms to the constraints of REST architectural style and enables a quicker interaction between different RESTful web services. A stateless Web service must be able to read and modify its resources using a predefined set of operations and a textual representation.
SDLC —also called software development lifecycle— is the process for planning, creating, testing, and deploying an information system. SDCL aims at producing quality software at the lowest cost in the shortest time possible. SDLC gives developers a structured flow divided into phases to help companies produce high-quality software.
Simple Object Access Protocol (SOAP) is a protocol specification for exchanging structured information to implement web services. SOAP leverages XML Information Set for message format and other application-layer protocols, such as HTTP. The messaging services provided by SOAP are exclusively XML-based. Microsoft originally developed the SOAP protocol to replace old technologies such as Distributed Component Object Model (DCOM) and Common Object Request Broker Architecture (CORBA) that cannot work over the internet.
A webhook (also called a web callback or HTTP push API) is a way for an app to provide other applications with real-time information. Webhooks deliver data directly to other applications, so data is available immediately instead of standard APIs requiring frequent polling for real-time data. Webhooks are beneficial to both consumers and providers in this way, but the only drawback is the difficulty of setting them up at first.