In a RESTful API, there are three main usage elements: the client call to the API, the API interface, and the server. The uniform interface is like a switchboard between the client and the server that also confirms that the client has authorization to send HTTP requests to the server. The server then responds with the data for the request.
REST is an architectural style that standardizes stateless HTTP communication in client-server relationships. It is not a language like HTML or XML, but a set of rules that API developers must follow to communicate with other RESTful APIs.
The REST (REpresentational State Transfer) client initiates the request to the API. All kinds of different REST clients exist, but whether its Google Maps or Timezone, it's the same process of the REST client issuing an HTTP request to the API interface.
A client can issue certain kinds of requests, of which there are four main types:
The verbiage of the requests is different, but the format is generally the same.
The header of the request specifies what kind of content the client is expecting and able to receive from the server. This is called the Accept field. An example of a common accept field is `application/json`, specifying that it will receive a JSON file in the response.
Each request routes through the API, is authenticated, and retrieves or stores data in the server on the other side. The server returns the requested data in the format requested in the request header. The request header will look something like this:
```httpStatus Code: 200 (OK)Content-type: application/json```
If you just pulled the data off a server, you'd have access to the server. You could add, delete, and generally mess up someone else's hard-earned data. Even more importantly, if you were designing a web shop, you'd have access to bank accounts! APIs offer security. The API provides security by decoupling the consuming application from the infrastructure providing the service, and if you're using a API, you've likely undergone some kind of authentication or credentials verification.
Also, if you just called a server for data, you'd be missing out on the awesome functionality APIs provide. Calling the PayPal API, for example, not only unlocks customer payments, but their suite of tooling as well, with what amounts to an external function call. Pretty cool.
The REST client initiates the API request and receives the response back via the API. The server exposes the API endpoint, and the client issues requests to it. No matter what client you might be using, the REST process is the same. This is part of what makes it such a ubiquitous software tool.