What is what?

Photo by Thomas Jensen on Unsplash


API: Application programming interface. A set of accessible tools for building software applications

What is an API, and what is an Endpoint?

An API is a set of protocol and tools that allow two applications to communicate. The two applications can sit on the same machine (your current Application, that is your Web Browser, communicates with the Operating System on your machine to display this article).
The use of an API means that an interface is public so programs can easily communicate with each other and act in expected ways (forming a contract across the interface).

Break it down

An API Endpoint is the URL for a server or a service. These APIs operate through responses and requests — that is you make a request and the API Endpoint makes a response.

Securing API Endpoints

Use the HTTPS protocol

Apple already enforce that iOS apps only communicate through the secure HTTPS protocol (ok, they allow a way around this…for now, but the direction of travel is there) to make it more difficult to hack clients and redirect traffic to a different endpoint.
In fact, many websites are HTTPS are only and this is for the safety of you — the clients of the website.

Rate limiting

It is possible to limit the number of requests that any client can give to an Endpoint. This helps to stop an attack which (unsophisticated though it is) makes clients repeatedly make requests to an Endpoint until it can no longer function.
Smart hackers do this to try to put the server into a state in which they can manipulate it and perhaps gain access to data on the server.

Input validation

Checking the input made through an API Endpoint is essential, perhaps through a webform or similar is essential. This is the basis of an attack called SQL Injection which is perhaps one of the most popular attacks on websites. The massive Sony PSN hack in 2011? SQL Injection. Please make sure that you have some input validation on your website!


This has been quite a journey. Endpoints and APIs are two different things, and now there is no excuse to mix up the two terms.

The Twitter contact:

Any questions? You can get in touch with me HERE

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store