20 API Terms Every Developer Should Know Before Their Next Interview

👋 Introduction:

Let’s be honest—interviews can be nerve-wracking. You’ve prepared your DSA, brushed up on system design, and revised Java or JavaScript. But then comes that one simple-sounding question:

“Can you explain how an API works?”

And suddenly, you’re stuck between buzzwords like REST, JWT, and OAuth.

Sound familiar?

Whether you’re a fresher preparing for your first job or an experienced developer switching companies, API knowledge isn’t optional anymore—it’s essential. APIs are the glue holding modern apps together, and interviewers love to test how well you understand that glue.

In this article, we’ll break down 20 must-know API terms in simple language, with relatable examples. No jargon. No fluff. Just clear explanations to help you answer confidently in interviews and understand what you actually work with daily.

🔥 1. API (Application Programming Interface)

An API is a bridge that allows two software systems to communicate. It exposes functions or data, often over HTTP, which clients (like web apps or mobile apps) can consume.
📌 Example: A weather app fetches data from an external weather API to show current temperature and forecast.

🔗 2. Endpoint

An endpoint is a specific URL where an API resource can be accessed. It’s like a door into a specific piece of data or functionality.
📌 Example:

GET /users → Returns a list of users
GET /users/123 → Returns user with ID 123

🧭 3. HTTP Methods (GET, POST, PUT, DELETE, PATCH)

These are operations used to interact with resources:

GET → Fetch data (read-only)
POST → Create new data
PUT → Replace existing data
PATCH → Partially update data
DELETE → Remove data
📌 Example: POST /users creates a new user with the data in the request body.

🌐 4. REST (Representational State Transfer)

REST is a popular architectural style using standard HTTP methods and stateless communication. REST APIs expose resources via URIs and often use JSON.
📌 Example:

REST endpoint: GET /products/201 returns product with ID 201
Stateless: Each request is independent — no session state is stored on the server.

🧼 5. SOAP (Simple Object Access Protocol)

SOAP is a protocol with strict standards and XML-based messages. Used mostly in older enterprise systems where transactional security and reliability are needed.
📌 Example: A banking system using SOAP to handle money transfers securely.

📦 6. JSON (JavaScript Object Notation)

A lightweight format to send and receive structured data in an API. Easy for humans to read and machines to parse.
📌 Example Response:

{ "name": "Alice", "email": "alice@example.com" }

🧾 7. XML (eXtensible Markup Language)

Like JSON, but more verbose and commonly used in SOAP. XML allows defining custom tags and supports complex data types.
📌 Example:

<user><name>Alice</name><email>alice@example.com</email></user>

🔐 8. Authentication

Verifying who the user is. Common techniques:

API keys
OAuth 2.0
JWT (JSON Web Tokens)
📌 Example: A client includes a JWT token in the Authorization header to prove their identity.

🛡️ 9. Authorization

Decides what an authenticated user is allowed to do.
📌 Example:

Authenticated user can access /profile
But only an admin can access /admin/deleteUser

🎫 10. API Key

A simple token (often passed in headers) to identify and authenticate a client.
📌 Example:

GET /data
Authorization: Api-Key abc123xyz

🔁 11. Rate Limiting

Controls how many requests a client can make in a given time.
📌 Example: Free users can make 60 API calls per hour. Premium users get 1000/hour.
Helps prevent abuse and protects server resources.

🔄 12. Pagination

Used when fetching large datasets from an API by dividing the results into smaller “pages”.
📌 Example:
GET /users?page=2&limit=10 → Fetches the 2nd page with 10 users per page.

🌍 13. CORS (Cross-Origin Resource Sharing)

A browser security feature that restricts cross-origin HTTP requests.
📌 Example: A React frontend on localhost:3000 tries to call an API on api.example.com — it needs CORS headers like Access-Control-Allow-Origin.

⚙️ 14. Webhooks

Instead of polling the server repeatedly, webhooks let the server send real-time updates to a client’s specified endpoint.
📌 Example: Stripe uses webhooks to notify your backend when a payment is successful.

🛂 15. OAuth 2.0

An authorization framework for third-party access without sharing credentials.
📌 Example: A user logs into your app using their Google account via OAuth, which returns an access token.

🧾 16. JWT (JSON Web Token)

A compact, signed token for securely transmitting data between parties. Often used for stateless authentication.
📌 Example:
After login, the server sends a JWT like eyJhbGciOiJIUzI1NiIs...
The frontend includes it in future requests.

📚 17. Swagger / OpenAPI Specification

A standard to define REST APIs with human- and machine-readable documentation. Tools like Swagger UI allow interactive testing.
📌 Example: A Swagger UI lets developers test POST /login by entering username and password directly in the browser.

🔁 18. Idempotent Methods

An operation is idempotent if repeating it produces the same result.
📌 Example:

GET /users/1 → Always returns the same data
DELETE /users/1 → Deletes user once; repeated requests still return success but have no further effect

📄 19. Headers

Headers carry metadata in API requests/responses.
📌 Common headers:

Content-Type: application/json
Authorization: Bearer <token>
X-RateLimit-Remaining: 25

🧪 20. Status Codes

HTTP status codes indicate the result of a request:

200 OK – Success
201 Created – Resource successfully created
400 Bad Request – Client error
401 Unauthorized – Auth needed
500 Internal Server Error – Server crashed
📌 Example: After a successful user registration: 201 Created

🙌 Conclusion:

APIs aren’t just a “backend thing” or something only big tech companies use—they’re part of almost every app you build, test, or consume. Knowing how they work, what common terms mean, and how to communicate that knowledge clearly gives you a real edge—not just in interviews, but on the job too.

So next time someone throws around words like “rate limiting,” “webhooks,” or “CORS,” you won’t blink. You’ll explain it like a pro—and maybe even teach them something new.

Keep learning, stay curious, and remember: It’s not about memorizing definitions, it’s about understanding the “why” behind them. That’s what makes you a better developer.