No website is an island (with apologies to John Donne). Even the most basic informational site may have good reason to share data with other applications. When a visitor adds their address to your mailing list or pays for a purchase in your online store, the “inter” part of the internet allows it to happen.
You don’t need to know how to program these connections but it’s worth understanding the basics of how your site communicates with outside services.
Computer programs communicate with each other using an Application Programming Interface (API). Each of these APIs is unique and it’s up to each program to determine what information it will provide in response to an outside request. For instance, a mailing list provider like MailChimp might be looking for the ID of your mailing list, a security key proving that you’re authorized to add an email address and of course the address itself. Your website will have a program running on the server at your hosting provider that understands how to send this information to MailChimp in the required format.
After sending the information, your website gets a response. Either “email address added, everything’s good” or “something’s not right, here’s what it may be, nothing was done”. Of course, in the language of an API, these are coded responses but whatever program you’re using to communicate with MailChimp will understand them and output something appropriate on your website.
Proving your identity
Security is important in these exchanges, especially in the world of e-commerce. So how does an API know that an incoming request is legitimate? A common means of authentication is the Application Programming Interface Key. The API key can act as both a unique identifier and a secret token for authentication, and will generally have a set of access rights on the API associated with it. You or your developer will have to get the keys (they are usually in pairs) from the service your website will be accessing and enter them into the corresponding program on your website.
In an attempt to simplify this rather arcane process, some APIs use the OAuth process for authentication. This mechanism is used by companies such as Amazon, Google, Facebook, Microsoft and Twitter to permit users to share access to their accounts with third party applications or websites. Examples of this type of data sharing are displaying Twitter tweets on your site or using your Gmail account to send mail from your site. In this process, your website will make a connection to the remote service and prompt you to confirm that you are the owner of account and that you are allowing the data to be shared. This is a one time process and the connection can be removed from either side if it is no longer needed.
Keep the information flowing
The use of APIs extends the capabilities of your website to provide your visitors with a wide range of services. WordPress sites in particular can take advantage of plugins written by service providers to do the heavy lifting of API communications. There is usually no need for custom programming, just an understanding of the API process.
Please let me know if you find these more technical topics useful. Please leave a comment below.