An API (application programming interface) is the software intermediary that lets two applications talk to one another. For instance, if you have ever seen a website displaying a Google Maps object, the website will be using the Google Maps API for embedding that map object. If an API such as this didn’t exist, any developer wanting a map on their website would have to build their own interactive maps using their own mapping data. The same is true with mobile apps that, for example, use the camera of your smartphone for taking images or videos. If the right APIs were not made available to developers, this process would be significantly more complex and non-user friendly.
Because APIs are used for transferring data and connecting services, they are also crucial from a security perspective. An API that is hacked or otherwise exploited can result in massive critical data breaches of personal, financial, and other information. Securing an API is therefore absolutely critical. Unfortunately, proper cyber security is not always something that’s taken as seriously as it should be when it comes to APIs.
As with many of the features targeted by cyber attackers, everything that makes APIs useful also makes them good targets for hackers. They are publicly available, standardized and ubiquitous, efficient, easy to use, flexible, and very well documented.