API & developer glossary

A

API: Application Programming Interface. A set of rules and tools that lets different software applications communicate with each other. APIs define how to request data or actions and what format responses will take.
API aggregator: A platform that combines multiple APIs within the same software category (accounting, CRM, HRIS, open banking, etc.) into a single, unified interface with normalized data and one integration effort for many connections.
API Key: A unique identifier used to authenticate a client to an API. API keys are often passed in headers or as query parameters and may have scopes or rate limits attached.
AsyncAPI: An open specification for defining asynchronous (event-driven) APIs, similar to OpenAPI but for message-based systems like Kafka, MQTT, or WebSockets.
Authentication: The process of verifying the identity of a client or user before allowing access to an API. Common methods include API keys, OAuth 2.0, and OpenID Connect.

CRUD: Create, Read, Update, Delete. The four basic operations for persistent storage. REST APIs often map these to HTTP methods: POST, GET, PUT/PATCH, DELETE.

Developer Portal: A website or section of a product site dedicated to developers, typically containing API documentation, SDKs, guides, status pages, and signup for API access.

Endpoint: A specific URL (path) on an API server that represents a resource or action. For example, GET /users might be an endpoint that returns a list of users.

GraphQL: A query language and runtime for APIs that lets clients request exactly the data they need. Unlike REST, the client defines the shape of the response.

Idempotency: A property of an operation where performing it multiple times has the same effect as performing it once. Important for safe retries of POST or payment APIs.

MCP: Model Context Protocol. An open protocol that standardizes how applications provide context to LLMs (e.g. tools, documents) so AI assistants can integrate with external systems.
MCP Server: A server that implements the Model Context Protocol, exposing tools, resources, or prompts to AI assistants and LLM applications so they can interact with external systems in a standardized way.

OAuth 2.0: An authorization framework that allows third-party applications to obtain limited access to a user's resources (e.g. on another service) without sharing passwords.
OpenAPI: A widely adopted specification (formerly Swagger) for describing REST APIs in a machine-readable format. Used for documentation, code generation, and testing.
Open Banking API: A standardized way for banks to securely share customer financial data with authorized third-party providers (TPPs). Enables account aggregation, payment initiation, and consent-based data access, typically using OAuth 2.0 and standards like UK Open Banking, PSD2, or FDX.

REST: Representational State Transfer. An architectural style for APIs that uses HTTP methods (GET, POST, PUT, DELETE) and URLs to represent resources. RESTful APIs are stateless and often return JSON.
Rate limit: A cap on how many requests a client can make to an API in a given time window (e.g. 100 requests per minute). Used to ensure fair usage and protect the server.

SDK: Software Development Kit. A set of libraries, code samples, and documentation that makes it easier to integrate with a specific API in a given programming language or platform.
SOAP: Simple Object Access Protocol. An XML-based protocol for exchanging structured information in web services. Less common for new APIs compared to REST or GraphQL.
Specification: A formal description of an API (e.g. OpenAPI, AsyncAPI, GraphQL schema). Specs enable tooling such as documentation generators, client SDKs, and mock servers.

Unified API: A single API that normalizes many underlying APIs (e.g. multiple accounting or CRM providers) behind one consistent interface, reducing integration complexity.

Webhook: A way for a server to push real-time notifications to a client by making an HTTP request to a URL the client has registered. Used for events like new orders or status changes.