We use databases and APIs most days, if not every day, when online, but we often consider an API the same thing as a database, or use the terms interchangeably.
When I was first learning about APIs the teachers I had didn't make any distinction between the two, outside of the general definition, and this caused a misconception that can cause a lot of confusion when trying to communicate about which part of an application is causing an issue.
A database is an organized collection of data/structured information. (2) There are many types of databased, but they are all generally stored electronically (though some hard copies can be kept depending on the need) and are usually controlled by a database management system (DBMS). Furthermore, when databases are combined with their associated applications become the database system, that we commonly refer to as "the database".
As said, there are many types of databases but what are they?:
- Relational database
- Object-oriented database
- Distributed database
- Data warehouse
- NoSQL database
- Graph database
- OLTP database
When looking at a database that an application uses it sits a ways away from the application itself. As you can see below, the database is not the application nor the API.
Consider a LAMP (Linux, Apache, MySQL, PHP) software stack where MySQL is just the database software sitting on a server. Though yes, an admin or user could log into the database software on the computer and interact with it but applications have a harder time doing this. This is where APIs come in.
An API (Application Programming Interface) is as it name says; a Programming Interface for Applications.
It is a set of routines, protocols, and tools for building applications; and specifies how software components should interact. (1)
Web APIs are a software-to-software interface commonly used to build lightweight, resource-oriented services over HTTP that can leverage features of the HTTP protocol, use versioning, cache control for browsers, and more.
Now that we know what an API is it makes since that the web API sits between the database and the application, as seen below, to handle the routes and HTTP protocols.
- Developers can communicate with databases by writing queries to access data, change tables, etc.
- APIs enable communication between an application a developer built and a database management system.
It is important to understand that internally an API still uses the same DB Query to get data from the database and the queried response is the same, that a developer would use if interacting with a database directly. But, the difference is in the way an API VS a developer make the DB Query requests, with each endpoint, and also in the format of the response.
There are two main reasons that a developer would want to use an API to communicate with their database rather than querying the database directly: security and ease of development.
With the cloud computing and serverless trend rising, if a developer wants an application to tap into a particular database, using an API would be the ideal way to accomplish this. It doesn't matter to a API if the requesting app is a web app, a mobile app or a desktop app as long as the request is a valid request.
An API is just an additional layer of abstraction on the DB Query, which allows the developers to not care about the kind of DB used, separately develop the frontend and the backend without worrying about breaking everything through versioning, and allows developers to not need communicate with the database directly (SQL statements are not really that fun).
Furthermore, providing direct access to database is not a good idea. If a malicious user has direct access to the database tables they can do pretty much anything with the data. An API allows for controls to be put into place easily to ensure that only valid users have access to the database and that only valid requests can modify the correct data. (Note: these are not default and need to be set up but it is easier through an API)