What is an API? Complete Guide 2026

Contents

1 What is an API? 2 How APIs Work 3 REST APIs 4 HTTP Methods 5 Status Codes 6 GraphQL 7 WebSockets 8 Authentication 9 Rate Limiting 10 Live API Tester 🧠 API Quiz ⚡ Practice Tasks

1What is an API?

🔌

API — Application Programming Interface

The bridge between every app and service you use

Beginner

An API is a set of rules that lets two applications talk to each other. You don't need to know how the other app works internally — you just call the API and get back data.

🍽️ The Restaurant Analogy

You = Your App | Waiter = API | Kitchen = Server | Menu = API Docs

Real world examples: Swiggy → restaurant menu API. UPI → payment gateway API. Google Login → OAuth API. Weather app → weather service API. Everything is APIs.

🌍 APIs You Use Every Day

Swiggy / Zomato — Restaurant data, GPS tracking, payment — all separate APIs
Instagram — Post upload, like, comment, follow — all API calls
Google Maps — Embed maps in any app with just 3 lines of code
ChatGPT / Gemini — Add AI to your apps via simple API calls

2How APIs Work — Step by Step

⚙️

The Complete Request → Response Cycle

What happens in milliseconds when you click anything

Beginner

1Client makes a request: Your app sends an HTTP request to an API endpoint URL

2Request travels: Contains HTTP method, headers (auth tokens), and optionally request body

3Server processes: Checks auth, validates data, runs business logic, queries database

4Server responds: Returns JSON data with HTTP status code (200 OK, 404 Not Found, 500 Error)

5Client displays: Your app reads the JSON and renders it for the user

COMPLETE API CALL EXAMPLE

// 1. Make a GET request to fetch user data $ curl -X GET "https://api.example.com/users/42" \ -H "Authorization: Bearer eyJhbGci..." \ -H "Content-Type: application/json" // 2. Server responds with JSON { "status": 200, "data": { "id": 42, "name": "Rahul Kumar", "email": "rahul@example.com", "city": "Mumbai" } } // Response time: 142ms ✓

JSON — The Universal Language of APIs: Almost all modern APIs communicate using JSON — text organized as key:value pairs.

3REST APIs — The Most Popular Standard

🌐

REST — Representational State Transfer

~80% of all public APIs are REST APIs

Intermediate

REST is a set of architectural principles for designing APIs. REST APIs use standard HTTP methods and clean URLs to operate on resources.

📁 REST Resources = Files in a Folder

Think of your API like a filing system. /users is a folder. /users/42 is one file. GET=read, POST=create, PUT=update, DELETE=remove.

REST ENDPOINTS — USERS RESOURCE

GET /api/users → Get all users GET /api/users/42 → Get user with ID 42 POST /api/users → Create a new user PUT /api/users/42 → Replace user 42 entirely PATCH /api/users/42 → Update part of user 42 DELETE /api/users/42 → Delete user 42 // Nested resources: GET /api/users/42/orders → All orders by user 42 GET /api/users/42/orders/7 → Order 7 by user 42

REST's 6 Principles: Stateless · Client-Server · Uniform Interface · Cacheable · Layered System · Code on Demand.

4HTTP Methods — The Verbs of APIs

📋

GET, POST, PUT, PATCH, DELETE

The 5 methods that power every API interaction

Beginner

GET

Retrieve data from server

📖 Read-only

POST

Send new data to server

✏️ Create new

PUT

Replace entire resource

🔄 Full update

PATCH

Update part of a resource

✂️ Partial update

DELETE

Remove a resource

🗑️ Remove

METHODS IN JAVASCRIPT

// GET — Fetch data const res = await fetch('/api/users'); const data = await res.json(); // POST — Create new user await fetch('/api/users', { method: 'POST', headers: { 'Content-Type': 'application/json' }, body: JSON.stringify({ name: 'Rahul', email: 'r@g.com' }) }); // PATCH — Update only name await fetch('/api/users/42', { method: 'PATCH', body: JSON.stringify({ name: 'Rahul Kumar' }) }); // DELETE await fetch('/api/users/42', { method: 'DELETE' });

⚠️ PUT vs PATCH: PUT replaces the ENTIRE resource. PATCH only updates fields you send. Always prefer PATCH for partial updates!

5HTTP Status Codes

🚦

200? 404? 500? What Do They Mean?

Every API response has a status code

Beginner

Status codes are 3-digit numbers grouped by first digit: 2xx=success, 3xx=redirect, 4xx=client error, 5xx=server error.

200

OKRequest succeeded

201

CreatedNew resource created

204

No ContentSuccess, nothing returned

301

Moved PermanentlyURL changed forever

304

Not ModifiedUse cached version

400

Bad RequestInvalid data sent

401

UnauthorizedLogin required

403

ForbiddenNo permission

404

Not FoundResource doesn't exist

422

UnprocessableValidation failed

429

Too Many RequestsRate limited!

500

Server ErrorSomething crashed

502

Bad GatewayUpstream failed

503

Service UnavailableServer is down

💡 Quick Rule: 2xx = Success. 4xx = Your mistake. 5xx = Server's mistake.

6GraphQL — The Flexible Alternative

📊

GraphQL — Ask for Exactly What You Need

Used by Facebook, GitHub, Shopify, Twitter

Advanced

GraphQL is a query language for APIs created by Facebook. One single endpoint — ask for exactly the data you need.

🌐 REST API

Simple to understand & implement

Widely supported everywhere

Great HTTP caching built-in

Over-fetching extra unwanted fields

Multiple requests for related data

Versioning can get messy

📊 GraphQL

Get exactly the fields you need

Single request for nested data

Strongly typed schema

Steeper learning curve

Complex caching

Overkill for simple apps

REST vs GRAPHQL — SAME DATA

// REST: Need 3 separate requests! GET /api/users/42 GET /api/users/42/posts GET /api/users/42/followers // GraphQL: ONE request, exactly what you need query { user(id: 42) { name email posts { title } followers { count } } } → Returns exactly name, email, post titles, follower count → No extra fields, no extra requests ✓

7WebSockets — Real-Time APIs

⚡

WebSockets — Persistent Two-Way Connection

Used in chat apps, live scores, trading, games

Intermediate

Normal HTTP = letters (send, wait, close). WebSockets = phone call (connection stays open, both sides talk anytime).

🔴 Live WebSocket Simulation

Connected

WEBSOCKET CODE

// Open a WebSocket connection const ws = new WebSocket('wss://api.example.com/chat'); // Connection opened ws.onopen = () => { ws.send(JSON.stringify({ type: 'join', room: 'general' })); }; // Receive messages in REAL TIME! ws.onmessage = (event) => { const msg = JSON.parse(event.data); console.log('New message:', msg); }; // Send a message ws.send(JSON.stringify({ text: 'Hey!', user: 'Rahul' }));

8API Authentication

🔑

API Keys, JWT Tokens, OAuth — Explained

How APIs verify you have permission

Intermediate

Most APIs require you to prove who you are before returning data. 3 main methods:

🗝️ Method 1: API Key (Simplest)

📝

Register on the developer portal

🔑

Receive your secret API key

sk-live-a7f3k9m2p8x1q4w6e0r5t...

📤

Include key in every request

GET /weather?city=Mumbai&apikey=sk-live-a7f3k9...

🪙 Method 2: JWT Token (Most Common)

👤

User logs in with email + password

POST /api/login with credentials

🏷️

Server returns a JWT Token

eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VySWQiOjQyfQ.xK9mF...

📬

Include token in all future requests

Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...

🔐 What's inside a JWT? JWT = Header . Payload . Signature. Decode at jwt.io to see the data.

⚠️ Auth Best Practices

Never expose API keys in frontend code — anyone can steal from DevTools
Use environment variables (.env) — always add .env to .gitignore!
Set token expiry — JWTs should expire in 15 min to 24 hours
Always use HTTPS — HTTP transmits tokens in plain text

9Rate Limiting

🚦

Why APIs Limit Your Calls

429 Too Many Requests — you've been rate limited

Intermediate

Rate limiting controls how many requests per time period you can make. Exceed it → 429 error → wait for reset.

🧪 Simulate API Rate Limiting

Free Tier (60 req/min)0 / 60

Pro Tier (1000 req/min)0 / 1000

Click the button to simulate API calls

⚡ Handle Rate Limits Like a Pro

Exponential backoff — wait 1s, 2s, 4s before retrying
Cache responses locally — don't re-fetch unchanged data
Read X-RateLimit headers — APIs tell you remaining quota in headers
Batch requests — 1 call for 100 items vs 100 calls

10Live API Tester

🔴 Live Public API Playground

Real Requests

👤 Get User 📝 List Posts ✅ Get Todo 💬 Comments ₿ Bitcoin Price

⏳ Ready

// Click Send or pick a preset to make a real API call

📋 API Developer Cheat Sheet

━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ CIWeb API Cheat Sheet 2026 ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ // HTTP Methods GET → Read data (no body) POST → Create new resource PUT → Replace full resource PATCH → Update partial resource DELETE → Remove resource // Key Status Codes 200 OK • 201 Created • 204 No Content 400 Bad Request • 401 Unauthorized 403 Forbidden • 404 Not Found 429 Too Many Requests • 500 Server Error // fetch() Template const res = await fetch(url, { method: 'POST', headers: { 'Content-Type': 'application/json', 'Authorization': `Bearer ${token}` }, body: JSON.stringify(data) }); if (!res.ok) throw new Error(res.status); const json = await res.json(); // Rate limit retry with backoff async function fetchWithRetry(url, retries=3) { for(let i=0; i<retries; i++) { const r = await fetch(url); if(r.status !== 429) return r; await new Promise(r => setTimeout(r, 2**i * 1000)); } }

🧠API Knowledge Quiz

🎯 Test Your API Knowledge

5 questions — see how much you've learned!

1. What HTTP method should you use to create a new user in a REST API?

2. You get a 401 Unauthorized response. What should you do?

3. What makes WebSockets different from regular REST APIs?

4. What is the main advantage of GraphQL over REST?

5. You receive a 429 Too Many Requests error. What's the correct response?

0/5

Questions Correct

⚡Practice Tasks

🎯 Do These to Master APIs

Each task builds real, practical API skills.

0 / 6 tasks complete

Call your first public API

Open browser console (F12) → type the fetch() call → see real API data!

+15 XP

Install & explore Postman

Download Postman → make GET and POST requests → explore the response panel.

+20 XP

Build a weather app using a free API

openweathermap.org → free API key → fetch city weather → display on webpage.

+30 XP

Decode a JWT token

Go to jwt.io → paste any JWT → see the decoded payload. It's just JSON!

+15 XP

Create a simple Express.js REST API

npm init → install express → write a GET route → test in Postman. Ship your first API!

+35 XP

Add JWT authentication to your API

npm install jsonwebtoken → generate JWT on login → verify on protected routes.

+40 XP

🚀 API Master! All Tasks Complete!

You now have the skills to build and consume real-world APIs!

Did this API guide help you? 🔌

0 likes

💬 Comments (0)

Live

✏️ Share your API experience

🔌 I built my first API 😍 APIs make sense now! 🤔 Question about JWT 🚀 Using APIs in my project

0/500

🔌Be the first to comment! 💬

📚Related Blogs

What is an API?The Complete Guide 2026

API — Application Programming Interface

The Complete Request → Response Cycle

REST — Representational State Transfer

GET, POST, PUT, PATCH, DELETE

200? 404? 500? What Do They Mean?

GraphQL — Ask for Exactly What You Need

WebSockets — Persistent Two-Way Connection

🔴 Live WebSocket Simulation

API Keys, JWT Tokens, OAuth — Explained

Register on the developer portal

Receive your secret API key

Include key in every request

User logs in with email + password

Server returns a JWT Token

Include token in all future requests

Why APIs Limit Your Calls

🧪 Simulate API Rate Limiting

🔴 Live Public API Playground

📋 API Developer Cheat Sheet

🎯 Do These to Master APIs

Call your first public API

Install & explore Postman

Build a weather app using a free API

Decode a JWT token

Create a simple Express.js REST API

Add JWT authentication to your API

🚀 API Master! All Tasks Complete!

💬 Comments (0)

What is an API?
The Complete Guide 2026