The document explains that modern APIs (application programming interfaces) enable communication between applications and have evolved significantly over the decades. It outlines the characteristics of modern APIs, including adherence to standards, a product-oriented approach, and lifecycle management, while also emphasizing the importance of API security in light of recent data breaches. Examples of modern APIs in various domains, such as weather apps and social media platforms, illustrate their practical applications and the seamless integration they offer across different services.

1. The Non-Technical User’s Guide to Modern
APIs
What Is a Modern API?
A Modern APIs (Application Programming Interface) is a software interface that
allows two applications to communicate with each other. APIs have been around
for quite a while. The term was born in the 1950s, became a concept in the 1960s
and 70s, became common – then transformative – in the 80s and 90s, paved the
way for business growth in the 2000s, became a backend standard in the 2010s,
and is now ubiquitous in the 2020s.
An API already seems “modern.” What makes an API turn into a modern API? As
an overview, a modern API is one that adheres to specific modern standards and
has unique characteristics that are part of continued and rapid transformation in the
technology space.
Before moving forward, let’s take a step back. What does an API do? What does it
look like? How has it transformed my life?
It sounds like…
An API is like a library. A library has books that you can check out and read. An
API has data that you can access and use. You probably use a host of APIs every
day. Note that an API is not a UI (User Interface). When you log in to your bank’s
website and get your information, you’re not necessarily using an API – you’re

2. directly accessing the bank and your account; you’re using the User Interface
(though the bank is probably using APIs behind the scenes). But if you use money
platforms like Mint or PayPal, then they use Modern APIs to connect to your
various financial accounts to centrally manage your money.
Here are several real-world examples of Modern APIs in action:
1. Weather Apps
Many weather apps use APIs to fetch real-time weather data from weather service
providers. These APIs provide access to weather forecasts, current conditions, and
historical data, allowing the apps to display accurate and up-to-date weather
information.
2. Third-party Login/single Sign-on
APIs like OAuth and OpenID Connect enable users to log in to various websites
and applications using their existing social media or email accounts. Instead of
creating new accounts, users can simply authenticate themselves through these
APIs, saving time and effort.
3. E-commerce
E-commerce platforms often provide APIs that allow businesses to integrate their
online stores with other systems. For example, an API can be used to sync

3. inventory data between an e-commerce website and a warehouse management
system, ensuring accurate stock levels and seamless order fulfillment.
4. Mapping and Navigation
Modern APIs like Google Maps provide developers with access to mapping and
geolocation services. These APIs allow applications to display maps, calculate
routes, provide directions, and even integrate with GPS devices.
Social Media and Networking Examples
1. Facebook
Facebook provides an API that allows developers to integrate their applications
with Facebook’s features, such as user authentication, posting content, retrieving
user data, and accessing social graph information.
2. Instagram
Instagram provides an API that allows developers to access and interact with
Instagram’s features, including retrieving user information, posting photos and
videos, searching for media, and accessing user feeds.
3. LinkedIn

4. The LinkedIn API enables developers to integrate their applications with
LinkedIn’s professional networking platform. It provides features such as user
authentication, accessing user profiles and connections, posting content, and
retrieving job and company information.
Imagine this
You’re at a restaurant and are given the menu. When you decide what you want to
eat and place an order, the kitchen receives your request, prepares the dish, and
sends it out to you.
The menu represents the API, which defines a list of available options or
commands. Placing an order represents making a request to the API. The kitchen
represents the program or system that processes the request and provides the
desired outcome or data.
In the digital world, Modern APIs allow different programs or systems to interact
and exchange information. They define a set of commands or functions (these
standard sets are called protocols) that one program can use to request data or
perform specific actions from another program or system.
APIs enable applications and services to work together seamlessly, just like how
different components of a meal come together to create a pleasant dining
experience. They facilitate communication and integration between different
software systems, allowing them to share data, functionality, and services.
Modern APIs enable the development of interconnected systems, enhance
productivity, and drive innovation. They allow different applications to work
together to provide valuable services.
Back to Modern APIs
Some other key characteristics of a modern API are:
 Adherence to Standards: Modern APIs typically adhere to specific standards,
such as HTTP (Hypertext Transfer Protocol) and REST (REpresentational State
Transfer). These standards make APIs developer-friendly, self-described, easily
accessible, and widely understood.
 Product-Oriented Approach: Modern APIs are treated more like products than
just lines of code. They are designed for consumption by specific audiences,
such as mobile developers, and are documented and versioned in a way that
enables users to have clear expectations and manage changes effectively.
 Lifecycle Management: A modern API has its own software development
lifecycle (SDL), which includes design, testing, building, management, and
versioning. This ensures that the API is developed, maintained, and updated in a

5. systematic and controlled manner (SDL and documentation – the future will
thank you).
 Integration and Interoperability: Modern APIs allow developers to add
features and functionality to their software by making use of other developers’
APIs.
Securing Modern APIs
While seeming to come out of nowhere, the topic of securing APIs is relevant,
even in a non-technical guide. The three main aspects of securing any technology
involves Confidentiality (only those who have the right may view it), Integrity (the
data doesn’t get changed without permission), and Availability (you need to view
your bank info 24/7/365). These factors (security is not just about making sure
information isn’t stolen) make it necessary to secure the APIs that connect all our
accounts.
In a recent survey, “31% had experienced a sensitive data exposure or privacy
incident…”
In July 2023, a popular treadmill’s API was found to be at risk. “The treadmill
operating system includes numerous standard APIs that can be exploited to execute
Android code, allowing attackers to carry out nefarious actions…”
In January 2023, multiple car-related vulns were discovered by security
researchers. One car manufacturer “had configured a number of backend APIs that
could be communicated with by hitting specific paths. When hitting this API
endpoint, it returned this list of API endpoints, hosts and authorization headers (in
plain text). “

6. APIs make life easier and business more profitable, at the same time making life
and business a bit riskier. Securing APIs is a business-wide initiative, not relegated
only to technical personnel.
Ross Moore is the Cyber Security Support Analyst with Passageways. He has
experience with ISO 27001 and SOC 2 Type 2 implementation and maintenance.
Over the course of his 20+ years of IT and Security, Ross has served in a variety of
operations and infosec roles for companies in the manufacturing, healthcare, real
estate, business insurance, and technology sectors. He holds (ISC)2’s SSCP along
with CompTIA’s Pentest+ and Security+ certifications, a B.S. in Cyber Security
and Information Assurance from WGU, and a B.A. in Bible/Counseling from
Johnson University. He is also a regular writer at Bora.