DZone
Thanks for visiting DZone today,
Edit Profile
  • Manage Email Subscriptions
  • How to Post to DZone
  • Article Submission Guidelines
Sign Out View Profile
  • Post an Article
  • Manage My Drafts
Over 2 million developers have joined DZone.
Log In / Join
Refcards Trend Reports
Events Video Library
Refcards
Trend Reports

Events

View Events Video Library

Zones

Culture and Methodologies Agile Career Development Methodologies Team Management
Data Engineering AI/ML Big Data Data Databases IoT
Software Design and Architecture Cloud Architecture Containers Integration Microservices Performance Security
Coding Frameworks Java JavaScript Languages Tools
Testing, Deployment, and Maintenance Deployment DevOps and CI/CD Maintenance Monitoring and Observability Testing, Tools, and Frameworks
Culture and Methodologies
Agile Career Development Methodologies Team Management
Data Engineering
AI/ML Big Data Data Databases IoT
Software Design and Architecture
Cloud Architecture Containers Integration Microservices Performance Security
Coding
Frameworks Java JavaScript Languages Tools
Testing, Deployment, and Maintenance
Deployment DevOps and CI/CD Maintenance Monitoring and Observability Testing, Tools, and Frameworks

How does AI transform chaos engineering from an experiment into a critical capability? Learn how to effectively operationalize the chaos.

Data quality isn't just a technical issue: It impacts an organization's compliance, operational efficiency, and customer satisfaction.

Are you a front-end or full-stack developer frustrated by front-end distractions? Learn to move forward with tooling and clear boundaries.

Developer Experience: Demand to support engineering teams has risen, and there is a shift from traditional DevOps to workflow improvements.

Related

  • Implementing CRUD Operations With NLP Using Microsoft.Extensions.AI
  • How to Convert Files to Thumbnail Images in Java
  • How to Merge Excel XLSX Files in Java
  • How to Change PDF Paper Sizes With an API in Java

Trending

  • Cognitive Architecture: How LLMs Are Changing the Way We Build Software
  • From ETL to ELT to Real-Time: Modern Data Engineering with Databricks Lakehouse
  • The Missing Infrastructure Layer: Why AI's Next Evolution Requires Distributed Systems Thinking
  • AI-Native Platforms: The Unstoppable Alliance of GenAI and Platform Engineering
  1. DZone
  2. Software Design and Architecture
  3. Integration
  4. Public vs. Private API

Public vs. Private API

Private Web APIs are more commonplace than most developers realize. We’ve been here before, with public and private APIs, and we can learn from the past.

By 
Todd Fasullo user avatar
Todd Fasullo
·
Ted Neward user avatar
Ted Neward
·
Mar. 06, 17 · Opinion
Likes (2)
Comment
Save
Tweet
Share
17.1K Views

Join the DZone community and get the full member experience.

Join For Free

This article is featured in the new DZone Guide to the Cloud: Native Development and Deployment. Get your free copy for more insightful articles, industry statistics, and more!

For those developers who are old enough to remember, it’s with mixed parts nostalgia, disgust, and/or amusement that we recall the troubles Microsoft had with “undocumented APIs” back in the early 1990s. The subject of numerous conspiracy theories (and not a few books, including such icons as Undocumented Windows and Windows Internals , not to mention their nominal kin Undocumented DOS and others like them), the notion of an “undocumented” API call and its reasons for existence has seen much debate, discussion, and—so we thought—retirement. But if it’s one thing age teaches us, it’s that what’s old is eventually new again.

Recently, debates began to rage around “APIs” and their legal status (looking at you, Google and Oracle!). With the proliferation of Web APIs (looking at you, uh... Internet!), the whole subject of “APIs” and their openness is starting to creep back upon us. More commonly, however, it seems that as more and more companies are moving to a REST-centric or -influenced style of architecture (particularly for mobile applications), companies are developing these Web APIs initially as something entirely for internal use, and only belatedly considering making them open to the rest of the world, usually after some kind of external or internal pressure to do so.

Private Web APIs?

For many API developers, it’s not clear what a “private Web API” would be or look like; to ensure that we’re all on the same page, very simply, a private Web API would be an HTTP endpoint that isn’t advertised to those who consume APIs (meaning developers, for the most part).

To be fair, for many developers, it doesn’t start this way. The internal monologue usually begins with the realization that building a web application could/will end up having a mobile app (or two) as close kin, and that therefore some kind of centralized logic is necessary and desirable. “HTTP is ubiquitous,” they nod sagely, “So let’s use that.” Before long, however, doubt creeps in: “Will this be something that others will want to consume? Will they consume it the same way as the web and mobile apps will? Perhaps the ‘outside world’ needs a simpler version of the API, but my internal needs are more complicated. Maybe the best path to take is to keep it obscured, at least to start.”

Sometimes, the API implementors will take some step to make the API less discoverable, such as making it accessible only from machines inside a VPN, or restricting the IP range of acceptable incoming clients. In some cases, it’s as simple as “If we don’t tell them, they won’t know.” If the parameters to the API calls aren’t described somewhere, nobody “unauthorized” to use them can, right?

Thus, on the surface, it would seem this discussion is entirely moot: so long as an API is accessible to callers, it would seem to be, by definition, accessible and therefore public. However, in an interesting twist, the same is true of the Windows environment thirty years ago: armed with only a few command-line tools (DUMPBIN.exe, shipping with every version of Visual C++/Visual Studio since 1992) and a basic knowledge of how the Portable Executable format is written (such as this article from 1994: (bit.ly/2l9tIme), any developer could discover method-entry points that weren’t in the formal documentation set. Despite the ease with which an API could be discovered by anybody with basic knowledge of the system, Microsoft (and others) still left certain APIs to be undocumented and, presumably, untouched by their developer-consumers.

In the 2017 era, those tools are already bundled in every web browser and/or accessible via the command-line on most operating systems. HTTP, after all, is a far simpler standard than the Common Object File Format. Why, then, might a company consider creating Web APIs, only to leave them unpublished?


Read the rest of this article and a lot more in:Cloud Guide

DZone's Guide to the Cloud: Native Development and Deployment

Including:

  • Industry Research Data
  • Articles Written by Industry Experts
  • Cloud Architecture Infographic
  • Directory of the Best Tools & Solutions
Free Download

Web API

Opinions expressed by DZone contributors are their own.

Related

  • Implementing CRUD Operations With NLP Using Microsoft.Extensions.AI
  • How to Convert Files to Thumbnail Images in Java
  • How to Merge Excel XLSX Files in Java
  • How to Change PDF Paper Sizes With an API in Java

Partner Resources

×

Comments

The likes didn't load as expected. Please refresh the page and try again.

ABOUT US

  • About DZone
  • Support and feedback
  • Community research
  • Sitemap

ADVERTISE

  • Advertise with DZone

CONTRIBUTE ON DZONE

  • Article Submission Guidelines
  • Become a Contributor
  • Core Program
  • Visit the Writers' Zone

LEGAL

  • Terms of Service
  • Privacy Policy

CONTACT US

  • 3343 Perimeter Hill Drive
  • Suite 100
  • Nashville, TN 37211
  • [email protected]

Let's be friends: