Key takeaways
- API documentation is your best ally designed explicitly for API development, so use it in the beginning, middle, and when you finish.
- API Platform tools are available for use to reduce development time, use them.
Application Programming Interfaces (APIs) are used by anyone who uses a smartphone to connect to Google Maps, PayPal, or a weather application. The API is a software interface that allows two computer programs to communicate. Let’s look deeper at what an API is and how it works.
What are the five most common API errors?
Identifying and correcting errors is a stable event that will always exist for developers. Basic knowledge of the most common API errors is helpful and can be a starting point for correcting API issues. Remember that an API issue can potentially produce multiple error messages, so it’s important to know what API issue makes what error messages.
What does an API failure mean?
An API error failure means a server cannot find the requested resource from the API provider. When an API failure occurs, a numeric error message is sent back that attempts to identify what error was committed to the user. In the API request call, an error may exist in the endpoint, an incorrect parameter, or the API key.
What are API errors?
API error codes are generally three-digit numbers, with the first digit generalizing the error category. The other two digits attempt to specify the exact nature of the error in that category. Some error categories can have as many as twenty types of errors. For example, a 404 error indicates the requested resource was not found on the server.
Here are some of the most common API errors and how to identify and fix the errors:
Error: Using HTTP Instead of HTTPS
The HTTP error message can generate three different error messages.
- 505 Internal Server Error
- 403 Forbidden
- 404 Not Found
The Fix
These error messages can show up for multiple API errors, so when this error is presented on the monitor, the first troubleshooting step is to check the API documentation to see which HTTP to use. In most cases, HTTPS will be the correct one since it secures communication between a web browser and a website.
Application programming interface platforms are available to help with troubleshooting and error correction. Postman is an API platform that collects working API requests in an API definition repository and compares submissions against saved examples. If Postman identifies an error, you’ll get an alert about the inconsistency.
Error: Using the Wrong HTTP Method
The typical HTTP methods are GET, POST, PUT, and DELETE, but some endpoints may use PATCH versus PUT. The error you may see appear is a 405 NOT Allowed, but this type of error can also produce the errors we already covered, which are 500, 403, 404.
The Fix
Always refer to the API documentation to validate the HTTP methods used for API calls. Stoplight is a collaborative API design platform that helps you build functioning APIs by stepping you through the process from reviewing the API requirements to testing and publishing the output. Any of the four error messages used so far should have you check to ensure the correct HTTP method is used.
Error: Using Invalid Authorization
Any publicly accessible website that an API request can access will require an authorized user. An incorrect API key, username and password, an OAuth token, or a JSON web token can generate this error. An invalid authorization will generate a forbidden message stating you do not have permission to access.
The Fix
Review the API documentation and your credentials to ensure it’s correct.
Error: Caching Errors
Caching errors occur when APIs frequently generate the same result, so the results are cached to improve performance for authorized API users. Caching errors are caused by information in an API result that is outdated and still cached, or when an error state is cached.
The Fix
Start the troubleshooting process by having your API provider use a testing environment that does not use caching and try your API call on another machine using someone’s credentials. Check your API documentation to see about any existing cache invalidation methods.
Error: Invalid Fields
When passing data to an API, you must provide all the data the API is expecting. Several error codes are generated from this API error and they are:
- MISSING _FIELD_VALUE
- UNKNOWN_FIELD_VALUE
- BAD_FORMAT
- INVALID_FIELD_LENGTH
- DUPLICATE_FIELD_VALUE
The Fix
When checking the API documentation, look through the endpoint documentation to ensure the endpoint and parameters are correct.
Read more: How to Use an API
Review of what is an API
Application Programming Interfaces (APIs) are created to allow two applications to communicate using a set of commands after a connection is established. When a successful connection is established, the API retrieves the information from a server and delivers the data back to the client (you). For example, A bank client wanting to do an online money transfer will log into their bank account, specify the from and to account information, and submit the request. After verifying the correct entries, the online bank transfer API will complete the request. Most of us use APIs every day without realizing it.
Review how APIs work
Application programming interfaces consist of rules and protocols that facilitate communication once the rules and protocols are adhered to between the two applications. There are many types of APIs, but our explanation of how APIs operate will focus on the most common API, REST APIs. Representational State Transfer (REST) APIs are merely an extension of how websites work when you type in a URL, and a website appears. The difference is that when using a REST API, you receive the requested data back over the Hypertext Transfer Protocol (HTTP).
REST APIs use four requests already established and used by the HTTP protocol. The four requests are the following:
- GET: Used to retrieve information from the server
- POST: Sends data to the server
- PUT: Used to update an existing resource
- DELETE: Deletes a resource from the server
Six essential qualities define the REST API, and each quality has a distinctive role to fulfill.
Client-Server Architecture
The REST API uses a Client-Server architecture that allows a client to send a request to a server, and the server sends back a response based on the received request.
Statelessness
Each Client request to the server is fulfilled without depending on any previous requests or server-side storage.
Cacheability
API responses can be cached to reduce the server load when clients repeatedly ask for the same information.
Layered System
Allows the server to interact with multiple backend systems while the client can only interact with the server it sends requests to. The separation enables backend systems to be updated without impacting the client communication with the server.
Code-On-Demand
Code-On-Demand occurs when the server sends back code to the client for execution, allowing for dynamic and custom interaction. Now, this is considered a security glitch and is used infrequently.
Uniform Interface
The API uses the HTTP commands GET, POST, PUT, and DELETE to access resources and respond using XML or JSON.
What is needed to build and execute an API?
Figure one example simply shows what occurs when an API call is successful.
- A client initiates communication by submitting an HTTP method request to the REST server
- The server receives the requests and accesses resources on the server to respond to the valid API request.
- The server locates the content and sends a response in a JSON or XML format.
The figure diagrams below are examples of GET and POST API calls. To build an API call, you need to use the API documentation to help you correctly set up an API call for the website or application you want to communicate with. Good API documentation will describe its purpose, tell you how to get started, answer questions about functionality, display helpful examples, and provide instructions on getting an API key. The API documentation for newsapi.org used in Figure 2 shows users how to build out the request parameters, display the endpoint, and get an API key to access the site. The API documentation also provides a client library for different programming languages and a section to help with errors. The Figure 2 example uses the Curl programming language.
Figure three example is the format and syntax used to send new information to a resource.
- Endpoint – is a Uniform Resource Identifier (URI) that identifies where to find a Unique Resource Location (URL) web address.
- Headers – stores relevant information for both client and server, such as authentication data (API key), the name or IP address of the server, and the information about the response format.
- Body – in this case, the information will be added to the server resource.
What are the common types of API architectures?
There are three types of API architectures used today. The three are REST, Simple Object Access Protocol (SOAP), and Remote Procedural Protocol (RPC). We covered the REST architecture in detail, so we’ll focus on SOAP and RPC
How does a SOAP API work?
SOAP is a messaging protocol that distributed applications use to communicate with HTTP and Extensible Markup Language (XML). SOAP uses a formal message specification to exchange information between applications and systems. A request starts a SOAP API for a service created by a client using an XML document. The SOAP client sends the XML document to a SOAP server. After the server receives the message, it sends the message to a server-side application. The server responds with relevant information to the SOAP request handler, which is forwarded to the requesting client.
SOAP is more structured than REST APIs. SOAP uses the XML format and uses four values in its API protocol:
- Header – contains information about the message
- Body – holds the details about the message that needs to be sent
- Envelope – Defines the structure of a message
- Encoding – Set the rules for expressing the data type
- Requests – Defines how each SOAP API request is structured
- Responses – Defines how each SOAP API response is structured
While REST needs to use HTTP, SOAP is transport and platform-independent. SOAP is secure and ideal for handling sensitive data, such as financial information. With SOAP’s robust security, it’s primarily used when passing sensitive information over the Internet, such as banking information or billing services. Due to SOAP’s rigidity and rules, it is not used as much as REST APIs.
How does a RPC API work?
Remote Procedure Calls are useful as they allow developers to call remote functions in external servers as if the external server was local. RPCs are similar to REST APIs in that both use HTTP and can access a remote server and perform an action, except REST APIs are limited to the four HTTP methods they can execute. RPCs focus on functions or actions, while REST APIs concentrate on resources and objects. RPCs can do the same using an HTTP method or procedure, and they have a wider breadth of actions they can execute, including passing application parameters.
Reducing or eliminating API errors?
Programming or coding can be a time-consuming process. Coding can become overwhelming if you don’t have patience and a method for correcting errors. The API documentation is your bible while you are developing API calls, and you need to refer to it often to double-check what you have created. Using an API platform with a repository of functioning API calls that you can plagiarize without remorse will significantly reduce API errors. Looking for the latest in API management solutions? Check out our API Management Software Buyer’s Guide.
Frequently asked questions (FAQ)
API failure occurs when an application can’t communicate with a server due to issues like incorrect endpoints, invalid parameters, or server outages, leading to broken functionality or data retrieval.
Handle API testing errors by validating responses, checking error codes, using automated tests, logging failures, and ensuring proper error messages are returned for debugging.
When an API is down, it means the server hosting the API is not responding, likely due to maintenance, network issues, or server crashes, disrupting the service.
To reset an API, you may need to restart the server, clear caches, or regenerate API keys, depending on the service and issue encountered.
An example of an API is the Google Maps API, which allows developers to integrate location and mapping services into their own applications.
Don Hall is a contributing writer to Technology Advice and Enterprise Storage Forum, where he covers data storage technology, storage hardware and software, and data networking. He worked for more than two decades as an IT Supervisor for the federal government and as IT Operations Supervisor for an IT Military Command managing programmers, cybersecurity staff, and infrastructure and networking personnel. Previously he worked as an application programmer. Don earned a B.S. in Business Information Systems from San Diego State University and has certificates in Technical Communication and web development with an emphasis in Java/Open Source. He has also had an active CompTIA Security + (ce) since 2011, and a Network +(ce) since 2015.
