Professional Documents
Culture Documents
Apis Explained: Department of Product
Apis Explained: Department of Product
PRODUCT
APIs
Explained
Make sense of API documentation, REST, GET, endpoints, headers and
payloads once and for all
departmentofproduct.com
10 things you should know
about APIs
Here’s what we believe are the most important things you need to know
about APIs as a product manager. Learn these concepts and you’ve got a
solid foundation to speak about APIs with confidence to stakeholders and
your team.
For example, using the Spotify API I can request a list of songs from an
album.
In order to do that, the following needs to take place:
The API documentation will specify what the request should be and what
you can expect in the response.
2. REST
REST is what you do at home with a glass of wine after a sprint planning
session went badly and your engineering team want you killed before the
next sprint starts.
Crude jokes aside, you’ve no doubt heard the term REST or RESTful used
in several blogs and by your engineering team but you may not have any
idea what it means. There are plenty of people who could spend the next 6
months talking about REST but let’s keep it as simple as possible and learn
the basics.
REST stands for representational state transfer and whilst that sounds
ridiculously scary it is used to describe a set of architectural principles and
characteristics outlined in a document in the early 2000s by a guy called
Roy Fielding. The document lays out a series of principles which should be
followed in order to create a RESTful API. Thanks Roy.
Think of REST as a set of members club rules. The owner of the club is say-
ing, ‘hey guys, look, if you want to be part of this REST club, you’re going
to have to follow a certain set of rules.’ Kinda like a religion, but less scary
and more rational.
Violating any of the principles or constraints outlines means that the ser-
vice is not strictly RESTful. You can no longer class yourself as a member of
the RESTful members club.
We don’t need to delve too much into these (especially since they’re a little
dull) but this video goes into more depth for each of these explanations of a
RESTful service if you’re interested in finding out more.
• POST
• GET
• PUT
• PATCH
• DELETE
The most commonly used HTTP methods are: POST, GET, PUT, PATCH,
DELETE.
If resources are nouns i.e. ‘things’, each of these methods is a verb which
does something. HTTP methods can create, read, update and delete infor-
mation (CRUD is used as an acronym).
POST
GET
PUT
DELETE
There are others but we’re only going to focus on these since these are the
most common. If you know these, you know enough.
4. Endpoints
An endpoint is a place.
• The HTTP method e.g. GET (which is used for reading and retrieving
information)
• The endpoint e.g. /v1/albums/{id}
• The usage – what the endpoint is used for e.g. in this case it’s used to get
an album’s tracks
• Returns – what is returned in the response from the API
If we look back at our Spotify example, we’ve now added further informa-
tion including endpoints. Let’s understand how the endpoint is used…
Request Response
Spotify have ‘exposed’ an endpoint Spotify receives our request and
called ‘Albums’ which we can hit. says
‘Hello there, I recognise that ID
you sent me, it’s the Spice Girls
album. Here’s the response,
which contains the album infor-
mation you requested. You lucky
thing.’
We hit the albums endpoint with a The response from Spotify con-
specific Album ID using the HTTP tains a bunch of information
GET method. about the resource i.e. the album.
This information includes
This tells Spotify, ‘hey, I want to re- (amongst other things):
trieve information for the album with
this ID: 123’. A link to the album art
A link to a preview snippet of the
If we’d used the HTTP DELETE meth- tracks
od, this would have meant we were Information about where the
asking to delete this album, which album was released
would have thrown an error since it’s The length of the track
unlikely we’d have relevant permis- This is known as a representation
sions from Spotify to be so destructive of the resource (the album). The
:). representation will typically be in
JSON format, which is a language
used by APIs.
5. API Documentation
As product managers our primary concern is not with the design of APIs as
such, unless you’re a technical product manager who specialises in APIs. We
are mostly concerned with the functionality and business value an API can
offer to our customers and the functionality of an API is typically outlined
in its documentation.
For some product managers, your first foray into APIs comes when your
team mentions an API and asks you to get the documentation from a third
party. On first glance if you’ve not worked with APIs before documentation
can be a little overwhelming as none of it makes much sense.
If you’re not familiar with API documentation, check out some examples
here:
The primary purpose of documentation is to lay down the rules of the ‘con-
tract’ and to help your engineering team understand what functionality is
available by using different API calls.
In the documentation you’ll notice a familiar set of terms, which are com-
monly used across all APIs. That’s one of the benefits of using the REST
principles; REST APIs make use of common methods which makes it easier
to integrate into multiple APIs.
6. API calls
We refer to the requests to APIs as API calls. Not telephone calls but ex-
changes of information.
API calls involve hitting an endpoint with the expectation that the API will
respond with the information you need.
In the Spotify example, you call the albums endpoint with a specific album
ID and Spotify responds with information about that album.
7. Payloads
You’ll sometimes hear engineers refer to the ‘payload’. This is a fancy way of
talking about the response from an API.
E.g. ‘If you check the payload from the Spotify API you can see the length of
the track is 3 minutes’
8. Response codes
Every time you get a response from an API, it comes with its own response
code, which is simply a number with a meaning attached to it.
9. Headers
When you send a request to an API, your request will include something
called headers. The response from an API will also contain headers.
Headers are additional useful bits of information which are sent and re-
ceived along with your HTTP methods. Some headers are mandatory and
some are very rarely used.
In the same way as you would authenticate yourself when logging into your
email or Facebook account using a username and password, you need to do
something similar for accessing APIs.
If you have a product with an external API, your third parties will be given
a username, password and access token to access your API. Often, a token
can be provided in the sandbox environment to allow their developers to
play with.
OAuth
Useful videos
We’ve covered quite a lot there! But how can you apply all this in your role
as a product manager?
Well, here are some things to consider, now that you know more about APIs
than you did before:
• Opportunities – what are the opportunities for you and your product?
How can APIs help you to achieve your goals? Is it worth running any
‘API appetite experiments’ to discover if a market for your APIs exists?
• API Audit – what APIs are currently being maintained but are not used?
Can you bin any that are taking up development / maintenance effort?
• Confidence – can you now speak more fluidly about APIs with your
engineering teams and your stakeholders about the opportunities and
downsides to APIs? You can be more confident to prioritise API related
features since you now have a basic knowledge of how they work and
what the benefits might be for your product.