APIs are everywhere — every time you check the weather, stream a video,
or place an order online, an API is working behind the scenes. In this
post, I'll break down what APIs are, how they work, their types, and at
the end, we'll build a simple one with Go.
What Is an API?
API stands for Application Programming Interface. It's a set of
rules and structures built to make it easy for applications and systems
to talk with each other.
Think of it like this — imagine you're at a restaurant:
- You (the client) place an order with the waiter
- The waiter (the API) conveys your request to the chef
- The chef (the server) prepares the food and gives it back to the waiter
- The waiter delivers it back to your table (the response)
That's exactly how APIs work in software — the API takes a request,
sends it to the server, retrieves the data, and returns the response.
What Are APIs Used For?
APIs are the backbone of modern software. Almost every app or website
you use depends on them:
- Google — YouTube, Search, Gemini — all communicate with servers through APIs
- Netflix — streams video content by fetching data from its servers via APIs
- Amazon — processes orders, payments, and inventory through APIs
- Your browser — uses APIs to fetch web pages from servers
- This platform — uses APIs to load posts, comments, and profiles
As you can see, APIs are almost everywhere.
How Do APIs Work?
APIs operate through a request-response cycle between a client and a server:
- Request — the client sends a request to an API endpoint (a URL)
- Processing — the API forwards the request to the server
- Response — the server processes it and sends back the data
- Delivery — the API returns the server's response to the client
This communication happens over HTTP/HTTPS, with security handled
via headers, tokens, or cookies.
Types of API Architectures
APIs come in many types. The 7 most common ones are:
| API Type | Description |
|---|---|
| REST | Uses HTTP methods (GET, POST, PUT, DELETE). Stateless and widely used for web APIs. |
| SOAP | XML-based protocol with strict standards. Common in enterprise and legacy systems. |
| gRPC | High-performance RPC framework by Google using Protocol Buffers. Great for microservices. |
| WebSocket | Full-duplex persistent connection. Ideal for real-time apps like chat. |
| WebHooks | Event-driven — server pushes data to a URL when something happens. No polling needed. |
| GraphQL | Query language for APIs. Client requests exactly the data it needs, nothing more. |
| WebRTC | Peer-to-peer communication for real-time audio, video, and data in the browser. |
I'll write a dedicated post explaining each one in depth — follow me
if you're interested.
API Authentication
One thing you'll always deal with when working with APIs is
authentication — proving who you are before accessing data.
The most common methods are:
- API Keys — a simple token passed in the request header. Easy but less secure.
- JWT (JSON Web Token) — a signed token containing user info. Common in REST APIs.
- OAuth 2.0 — used when you want to log in with Google/GitHub. More complex but very secure.
API Integration
API Integration connects two or more systems so they can exchange
data automatically. Examples:
- Connecting an e-commerce store to a payment gateway (Stripe API)
- Syncing a CRM like Salesforce with a marketing platform
- Sending automatic emails when a user signs up (SendGrid API)
API Testing
Before shipping an API, you need to test it. The main types of testing are:
- Unit Testing — test individual endpoints in isolation
- Integration Testing — test how multiple services work together
- Security Testing — check for vulnerabilities like unauthorized access
- Performance Testing — measure how the API handles load
Popular Tools
| Tool | Purpose |
|---|---|
| Postman | Manual and automated API testing |
| SoapUI | SOAP & REST API testing |
| JMeter | Load and performance testing |
| Apigee | Enterprise API management |
Let's Build a Simple REST API in Go
Enough theory — let's build one. We'll create a simple REST API that
returns a list of users using only Go's standard library.
Setup
mkdir go-api && cd go-api
go mod init go-api
main.go
package main
import (
"encoding/json"
"fmt"
"log"
"net/http"
)
type User struct {
ID int `json:"id"`
Name string `json:"name"`
Email string `json:"email"`
}
var users = []User{
{ID: 1, Name: "Mohamed", Email: "mohamed@example.com"},
{ID: 2, Name: "Ali", Email: "ali@example.com"},
}
func getUsers(w http.ResponseWriter, r *http.Request) {
w.Header().Set("Content-Type", "application/json")
json.NewEncoder(w).Encode(users)
}
func getUser(w http.ResponseWriter, r *http.Request) {
w.Header().Set("Content-Type", "application/json")
idStr := r.URL.Query().Get("id")
for _, u := range users {
if fmt.Sprintf("%d", u.ID) == idStr {
json.NewEncoder(w).Encode(u)
return
}
}
http.Error(w, "User not found", http.StatusNotFound)
}
func main() {
http.HandleFunc("/users", getUsers)
http.HandleFunc("/user", getUser)
log.Println("Server running on :8080")
log.Fatal(http.ListenAndServe(":8080", nil))
}
Run it
go run main.go
Test it
# Get all users
curl http://localhost:8080/users
# Get a specific user
curl "http://localhost:8080/user?id=1"
Response
[
{ "id": 1, "name": "Mohamed", "email": "mohamed@example.com" },
{ "id": 2, "name": "Ali", "email": "ali@example.com" }
]
That's a working REST API in Go — no frameworks, just the standard library.
TL;DR
- An API lets two systems communicate with each other
- They work through a request → process → response cycle
- The 7 main types are REST, SOAP, gRPC, WebSocket, WebHooks, GraphQL, WebRTC
- Authentication is handled via API Keys, JWT, or OAuth
- You can build a basic REST API in Go with just the standard library
Resources
I built this example using Go's standard library to show how it works
under the hood — but I'm curious: do you prefer using a framework
like Gin or Fiber for your APIs? Let me know why in the comments!
Follow me for Part 2 where I'll dive deep into REST vs GraphQL and
build a more complete API with authentication in Go.
Top comments (0)