Module 2 · APIs

2.1 What an API actually is, and why everything is one

Lesson 2.1 · 10 min read

If you take only one concept from this entire series and understand it deeply, make it this one. APIs are the connective tissue of all modern software. They are how every part of a product talks to every other part, how your app talks to its server, how one company's software uses another's, how AI models get plugged into products, how nearly everything connects to nearly everything else. Understand APIs truly, not just as a definition you can recite, and a vast amount of how software works stops being mysterious. You've already been using them in every post. Now we make them the main character.

The word gets thrown around constantly and explained badly almost every time. By the end of this post you'll have a genuine, working understanding, the kind that lets you read API documentation, integrate services, reason about how products connect, and direct AI to wire things together correctly. This is foundational. Let's build it carefully.


Start with a restaurant

The clearest way into APIs is a scene you know by heart.

You sit down at a restaurant. There's a kitchen somewhere in the back doing complex work with ingredients and equipment and skill you never see. Between you and that kitchen stands a waiter, and a menu. You don't walk into the kitchen. You don't need to know how the kitchen is organized, what equipment it uses, or how the chef makes the dish. You look at the menu, which lists exactly what you're allowed to order and how to ask for it, you tell the waiter, and a while later the dish arrives. The waiter is the messenger between you and a complex system you're deliberately kept out of.

That is an API, precisely and completely. An API is the menu and the waiter for a piece of software. It's the defined list of things you're allowed to ask a system for, and the messenger that carries your request in and the answer back out, without ever exposing the messy inner workings of the kitchen. The letters stand for Application Programming Interface, and that middle word, interface, is the whole idea: it's the agreed surface where two systems meet and talk, while everything behind that surface stays hidden.

Sit with why this arrangement is so powerful, because the power is the point. You get to use the kitchen's full capability, a meal you couldn't make yourself, without needing to understand any of its complexity. And the kitchen gets to serve you without letting you wander around inside it touching things. The menu is a contract between you: these are the things you can ask for, this is how you ask, this is what you'll get back. Both sides rely on that contract and neither needs to know anything else about the other. That separation, use the capability without seeing the internals, is one of the most important ideas in all of software, and the API is how it's achieved everywhere.


The contract is the key idea

Let's make the contract concrete, because "menu" is the metaphor but "contract" is the mechanism, and the contract is what you'll actually work with.

An API's contract spells out, for each thing you can ask: what the request should look like, and what the response will look like in return. The menu says "if you order the pasta, you'll get pasta." An API's contract says "if you send a request in this exact format, to this exact address, you'll get back a response in this exact format." It's a promise about the shape of the conversation. And because it's a reliable promise, you can build on it. You can write code that depends on that response coming back in that shape, because the contract guarantees it.

Here's why this matters more than it might seem. The kitchen can completely change how it works, new chef, new equipment, entirely rebuilt inside, and as long as it keeps honoring the menu, you never know and never care. Your pasta still arrives when you order it. In software terms: a company can completely rewrite the guts of their system, and as long as their API contract stays the same, every product built on top of it keeps working without changing a thing. The contract is a stable surface over a changeable interior. This is exactly why APIs are how the software world connects: they let systems depend on each other through a stable promise, without being tangled into each other's constantly-changing internals. You depend on the menu, not the kitchen.


You've been watching APIs the whole time

Now let's connect this back to everything you've already learned, because you've been using APIs since the first post without us fully naming them as the star.

Remember the React component running fetch("/api/products")? That was your frontend placing an order off the backend's menu. The /api/products address is a menu item, one of the things the backend has agreed to serve. Remember the backend routes from the last module, app.get("/api/products", getProducts)? That was the backend writing its menu, declaring "here are the things you're allowed to ask me for, and here's what handles each one." The routes file of a backend is literally its API: the complete menu of everything that system offers to the outside world. The frontend reads that menu and places orders; the backend cooks and serves. Every request-response journey we've traced has been a frontend and backend talking through an API.

So when people say "the frontend talks to the backend through an API," you now know exactly what that means, in real code. The backend exposes a menu of addresses (its API). The frontend sends requests to those addresses (places orders). Data comes back in an agreed shape (the dish, as JSON). The API is the entire negotiated surface between the two halves of the app you already learned to read. It was there all along; now it has its proper name and its proper importance.

Interactive: api as menu

A hands-on visual for this idea is in the works. The text around it carries everything you need for now.


The parts of an API request, named properly

Since you'll be reading and working with APIs constantly, let's name the parts of a request precisely. You've met all of these; here they are assembled with their real names, so API documentation stops looking foreign.

The endpoint is the address you send the request to, like /api/products or /api/users/42. Each endpoint is one item on the menu, one specific thing you can ask for. An API is essentially a collection of endpoints, and reading an API's documentation is mostly reading its list of endpoints and what each one does.

The method is the type of request, the GET, POST, and others from the last module. It says what kind of action you want: GET to retrieve, POST to create, PUT or PATCH to update, DELETE to remove. The method plus the endpoint together define the request: "GET /api/products" means "retrieve the products," "POST /api/orders" means "create an order." Reading those two together tells you what any request is trying to do.

The request body is the data you send along, when you're creating or updating something. Ordering a plain dish needs no extra detail; ordering a custom one does. A GET usually has no body (you're just asking for something). A POST usually does (here's the thing to create). This is the request.body you saw in the backend controller, now named as part of the API contract.

The headers are extra information attached to the request, riding alongside it. The most important one by far is authentication, the proof of who you are and that you're allowed to make this request. We'll give authentication its own full post, because it's that important, but know now that headers are where that proof travels, quietly attached to nearly every real request.

And the response is what comes back: the data (usually JSON) plus the status code (200, 404, and the rest) telling you how it went. The response is the dish arriving, along with a note about whether your order succeeded.

Endpoint, method, body, headers, response. Those five parts describe essentially every API request you'll ever make or read. When you open the documentation for some API you want to use and it lists an endpoint, a method, what to put in the body, what headers to send, and what response to expect, you now know how to read all of it. That documentation just became legible.


The idea that unlocks the modern internet: third-party APIs

Here's where APIs go from "how the two halves of my app talk" to "how the entire software world is built," and this is the part that will change how you see every product you use.

So far, your frontend has called your own backend's API. But the exact same mechanism lets your software call someone else's software. Other companies expose their capabilities as APIs, public menus that any product can order from, and this is the quiet foundation of nearly everything modern software does. You don't build a payment system from scratch, a staggeringly hard and risky thing to do. You call a payments company's API: you send them a request to charge a card, they do all the terrifyingly complex work, and they send back a response saying it worked. You don't build mapping and directions. You call a maps API. You don't build the ability to send text messages or emails. You call an API that does it. You don't build an AI model. You call an AI provider's API, sending it a prompt and getting back a response, the same request-and-response shape as everything else.

Think about what this means. Every product you admire is, to a large degree, a thoughtful assembly of its own code plus calls to other companies' APIs for the hard specialized parts. The checkout uses a payments API. The address field uses a maps API. The notifications use a messaging API. The smart features use an AI API. The product's own genius is in what it builds itself and how it weaves these external capabilities together into something coherent. This is not cheating or shortcutting. It is how professional software is built, because rebuilding payments or maps or AI from scratch would be absurd when a reliable, battle-tested API exists to call. Good engineers build what's uniquely theirs and call APIs for the rest.

For you, building with AI, this is genuinely liberating once you internalize it. Enormous capabilities are available to you as API calls, ready to be woven into whatever you're making. You don't need to know how to build a payment processor to accept payments; you need to know how to call a payments API, which is the same skill as every other API call you now understand. The whole world of specialized software capability is available through this one pattern you've now learned. When you can see products as assemblies of APIs, you can see how to build far more than you could if you thought everything had to be made from scratch.


Why this is the concept everything else hangs on

Let me be direct about why this post sits where it does and carries the weight it does. Almost everything ahead in this series is, in some sense, about APIs. Databases are reached through a query interface that behaves like an internal API. The AI infrastructure in the later modules, the agent tools, the Model Context Protocol, the way models connect to the world, is APIs, elaborated. When you deploy your app and it talks to services, that's APIs. When one microservice calls another, from that earlier architecture post, that's APIs. The concept is genuinely everywhere, which is exactly why it's worth the care we've taken here.

And it reframes what building even is. Building a product is largely the act of deciding what to make yourself, what to call an API for, and how to connect it all into something that works. That's an architectural skill, and it starts with truly understanding the thing you're connecting with. A designer who thinks everything must be built from scratch sees an impossible mountain. A design engineer who understands APIs sees a set of powerful capabilities to assemble, plus the specific things worth building uniquely. The second person builds real, ambitious products, because they understand that most of the hard parts are available to call, and their job is the intelligent assembly and the parts that are truly theirs. That shift in how you see the whole endeavor is what this post is really giving you.


Do this before the next post

Go find a real API's documentation and just read it, because seeing a real one makes all of this concrete. Search for the public documentation of almost any well-known service, a weather service, a maps service, a payments service, whatever interests you, and look at their API reference or API docs.

You'll see a list of endpoints. Pick one and read it the way you now can. What's the method, GET or POST? What's the endpoint address? What does it expect in the body, if anything? What headers does it need, and is one of them for authentication? And what does the response look like, what data comes back and in what shape? You'll find it's all exactly the parts we named, laid out in a reference you can genuinely follow. You don't need to call it or write any code. Just read one real API's menu and recognize every part of it. The moment API documentation goes from "intimidating technical reference" to "a menu I know how to read," you've internalized the concept that connects all of software, and everything from here gets easier because of it.