An API endpoint is the point where the API and the rest of the internet meet and communicate. From the API's perspective, this endpoint is "exposed" to requests from clients. It is also exposed to potentially malicious traffic, so endpoint security is an important concern. The API endpoint takes requests from clients (for example, GET or POST requests) and passes them to a server. Endpoints specify where resources can be accessed.
Endpoints are called by their Universal Resource Identifiers, or URIs, and Uniform Resource Locator, or URLs, which specify the location and how to access the resource.
Let's say we want to verify Value Added Tax (VAT) with our[VAT Validation and Rates API. The call to the API endpoint would look this: `curl 'https://vat.abstractapi.com/v1/validate/?api_key={YOUR_API_KEY}&vat_number=SE556656688001'` What do we see in this endpoint?
To validate VAT number `SE556656688001`:
We should get a JSON file back with the information we requested:
What do we see in this GET response?
An important part of exposing endpoints to clients is ensuring they're secure, because they allow requests from the outside world. APIs generally ask for an email address or signup to send you public and private API keys to use their services, at a minimum. They may go further and use an OAuth authentication server, or even HMAC, but there will likely be some method in place to authenticate users. Other security methods include always using HTTPS, one-way password hashing, strong authentication, rate limiting, validating input, and enforcing IP address filtering.
The API endpoint is the location a developer sends requests to interact with the API, and the point the API owner must expose to allow developers to use it. The REST API contract governs how data may be exchanged between clients and servers, and it is here where that contract is most important.