What is what?

Image for post
Image for post
Photo by Thomas Jensen on Unsplash

Difficulty: Beginner | Easy | Normal | Challenging

Are you using an Endpoint, an API or both? Read this article to really pin down the differences in these terms!


API: Application programming interface. A set of accessible tools for building software applications

API Endpoint: The URL of a server or service

Endpoint: An endpoint is a remote computing device that communicates back and forth with a network to which it is connected

URL: Uniform Resource Locator. An address of a web page or resource

What is an API, and what is an Endpoint?

An API is a set of protocol and tools that allow two applications to communicate. The two applications can sit on the same machine (your current Application, that is your Web Browser, communicates with the Operating System on your machine to display this article).
The use of an API means that an interface is public so programs can easily communicate with each other and act in expected ways (forming a contract across the interface).

On the other hand, an Endpoint is a URL that enables the API to access resources on a server, often through a RESTful API interface.

Image for post
Image for post

The interface can (as shown above), provide a series of Endpoints that can be called at any time.

Break it down

An API Endpoint is the URL for a server or a service. These APIs operate through responses and requests — that is you make a request and the API Endpoint makes a response.

A simple example of this is this particular Websites and article. The Websites is Medium, and your Web Browser makes a request for the content.

The Endpoint for this particular article is https://medium.com/@stevenpcurtis.sc/endpoint-vs-api-ee96a91e88ca, and this is obtained by the browser making a GET request, and receiving this article in return.

Note: It is true that more is going on in real life than this, this is a simplified example for easy digestion on this particular topic.

Image for post
Image for post

The Endpoint gives us the exact location of the service/resource that we wish to access (in this case this particular article).

The performance of any particular Endpoint, and the API in general depends on how well (quantitively and qualitatively) the requests are dealt with.

Securing API Endpoints

Use the HTTPS protocol

Apple already enforce that iOS apps only communicate through the secure HTTPS protocol (ok, they allow a way around this…for now, but the direction of travel is there) to make it more difficult to hack clients and redirect traffic to a different endpoint.
In fact, many websites are HTTPS are only and this is for the safety of you — the clients of the website.

And that’s a good thing.

Rate limiting

It is possible to limit the number of requests that any client can give to an Endpoint. This helps to stop an attack which (unsophisticated though it is) makes clients repeatedly make requests to an Endpoint until it can no longer function.
Smart hackers do this to try to put the server into a state in which they can manipulate it and perhaps gain access to data on the server.

Everyone wants to stop this type of attack.

Input validation

Checking the input made through an API Endpoint is essential, perhaps through a webform or similar is essential. This is the basis of an attack called SQL Injection which is perhaps one of the most popular attacks on websites. The massive Sony PSN hack in 2011? SQL Injection. Please make sure that you have some input validation on your website!


This has been quite a journey. Endpoints and APIs are two different things, and now there is no excuse to mix up the two terms.

Done and done!

The Twitter contact:

Any questions? You can get in touch with me HERE

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store