If you spend any time working with software, cloud platforms, web applications, or automation tools, you will eventually hear terms like API, Web Service, and REST API.

For many beginners, these terms sound complicated because they are often explained using technical definitions that are difficult to understand at first.

In reality, the concept is much simpler. Let’s start with a practical example.

A Real-World Example

Imagine you open the Instagram app on your phone and refresh your feed.

Within a few seconds, new photos, videos, comments, and likes appear on your screen.

Have you ever wondered how Instagram retrieves all that information?

Your mobile application does not directly access Instagram’s database. Instead, it sends a request to a backend service. That service processes the request, retrieves the required data, and sends it back to your phone.

The component that enables this communication is called an API.

This same process happens every day when:

• You check your bank balance using a mobile banking app.
• You order food through Swiggy or Zomato.
• You book a flight online.
• You track a package from an e-commerce website.
• You check the weather on your phone.

Behind all these actions, APIs are working continuously to exchange information between different systems.

What is a Web Service?

Before understanding APIs in detail, it is important to understand Web Services.

A Web Service is a software system that enables different applications to communicate with each other over a network.

These applications may be:

• Running on different operating systems
• Developed using different programming languages
• Hosted in different locations

The web service provides a standard communication mechanism that allows these applications to exchange data reliably.

Example

Consider a travel booking website.

When you search for flights, the website needs information from multiple airlines.

The travel portal and the airline systems are completely different applications, but they can communicate through web services to exchange flight information, pricing, and availability.

Without web services, such communication would be extremely difficult.

What is an API?

API stands for Application Programming Interface.

An API is a set of rules and definitions that allows one software application to communicate with another software application.

Think of an API as a communication bridge between systems.

Instead of accessing databases or internal application logic directly, applications communicate through APIs.

Example

Suppose you open a weather application on your mobile phone.

The application itself does not store weather data for every city in the world.

Instead:

1. The app sends a request to a weather API.
2. The API retrieves weather information from backend systems.
3. The API returns the data to the application.
4. The application displays the information on your screen.

This interaction happens in seconds and is completely transparent to the user.

Web Service vs API

These terms are often used interchangeably, but they are not exactly the same.

Web Service

A web service focuses on enabling communication between systems over a network.

API

An API defines how one application can interact with another application.

In simple terms:

• A Web Service provides the communication channel.
• An API defines how communication should occur.

Many modern web services expose APIs that applications use to exchange information.

What is a Protocol?

When two systems communicate, they must follow a common set of rules.

These rules are called Protocols.

Definition

A Protocol is a standardized set of rules that defines how data is transmitted between systems.

Protocols ensure that applications developed by different companies can understand each other.

Some common protocols include:

• HTTP
• HTTPS
• FTP
• SMTP

For REST APIs, HTTP is the most commonly used protocol.

SOAP vs REST

As software systems evolved, different approaches emerged for building APIs.

Two of the most popular approaches were:

SOAP (Simple Object Access Protocol)

SOAP is a protocol that provides a strict and structured way of exchanging information between systems.

Characteristics:

• Highly standardized
• Strong security features
• Extensive validation
• Commonly used in enterprise and legacy systems

SOAP is still found in industries such as:

• Banking
• Insurance
• Government services

However, SOAP messages tend to be larger and more complex.

REST (Representational State Transfer)

REST is an architectural style used for designing APIs.

Characteristics:

• Lightweight
• Faster communication
• Easy to understand
• Widely adopted by modern applications

Most modern applications today use REST APIs because they are simpler to develop, consume, and maintain.

Examples include:

• Instagram
• Facebook
• Amazon
• Netflix
• Spotify
• Swiggy
• Zomato

Because of its simplicity and efficiency, REST has become the dominant approach for modern web applications.

What is a REST API?

A REST API is an API that follows REST principles and uses HTTP/HTTPS to exchange information between systems.

It allows different applications to communicate and share data over the internet.

Whenever you:

• Refresh Instagram
• Check your bank balance
• Track an online order
• Search for a flight
• View weather information

A REST API is usually involved in retrieving and delivering that information.

How REST APIs Actually Work

Now let’s go one step further and understand what actually happens behind the scenes when an application communicates with a REST API.

This article is written for complete beginners. Even if you have never worked with APIs before, you should be able to understand the entire flow by the end.

Understanding the Big Picture

Imagine a company called VJ49 Technologies.

The company has an Employee Management Application that stores employee information such as:

• Employee ID
• Name
• Department
• Email Address

This information is stored inside a database.

When a user opens the Employee Portal and clicks View Employees, the application must retrieve employee information from the database.

The application cannot directly access the database.

Instead, it communicates through a REST API.

The REST API acts as a bridge between applications and data.

Understanding Client and Server

Before learning REST APIs, you must understand two important terms.

Client

A Client is the system requesting information.

Examples:

• Web Browser
• Mobile Application
• Postman
• Another Application

When you open a website using Chrome, Chrome acts as the client.

Server

A Server is the system providing information.

The server:

• Processes requests
• Executes business logic
• Accesses databases
• Returns responses

Simple flow:

Client  -------->  Server
Request           Response

Where Does the Server Live?

Every server connected to a network has an address.

This address can be either an IP Address or a Fully Qualified Domain Name (FQDN).

IP Address

An IP Address uniquely identifies a device on a network.

Example:

192.168.10.50

Computers use IP addresses to communicate with each other.

FQDN (Fully Qualified Domain Name)

Humans find names easier to remember than numbers.

Instead of remembering:

192.168.10.50

we use:

vj49.company.com

This is called a Fully Qualified Domain Name (FQDN).

What is DNS?

Now you may wonder:

If computers use IP addresses, how does vj49.company.com work?

The answer is DNS.

DNS stands for Domain Name System.

DNS translates a human-friendly name into an IP address.

Example:

vj49.company.com
        ↓
192.168.10.50

This translation happens automatically behind the scenes.

What is a URL?

URL stands for Uniform Resource Locator.

A URL is the complete address used to access information on a server.

Example:

https://vj49.company.com/employees

Let’s break it down.

https://vj49.company.com/employees
   |              |            |
Protocol       Server      Resource

What is a Protocol?

A Protocol is a predefined set of rules that allows systems to communicate.

Think of it as a common language.

Without protocols, computers would not know:

• How to send data
• When to send data
• How to interpret data

Examples:

• HTTP
• HTTPS
• FTP
• SMTP
• DNS

Each protocol has a specific purpose.

What is HTTP?

HTTP stands for Hypertext Transfer Protocol.

It defines how clients and servers exchange information.

Whenever you:

• Open a website
• Use a mobile application
• Call a REST API

Example:

http://vj49.company.com
//Communication is not encrypted.

HTTP is usually involved.

What is HTTPS?

HTTPS stands for Hypertext Transfer Protocol Secure.

It is simply HTTP with encryption.

Example:

https://vj49.company.com
//Communication is encrypted and secure.

Most modern REST APIs use HTTPS.

What is a Resource?

A Resource is the actual data managed by an API.

Examples:

• Employee
• Customer
• Product
• Order
• Student
• Book

If an application manages employee information, then Employee is the resource.

Think of a resource as the business object being managed.

What is an Endpoint?

An Endpoint is the URL used to access a resource.

Example:

Resource:

Employee

Endpoint:

https://vj49.company.com/employees

Simple rule:

Resource = Data
Endpoint = Address of the Data

Understanding the Request-Response Cycle

Every REST API interaction follows the same pattern.

Client
   |
   | HTTP Request
   |
Server
   |
   | HTTP Response
   |
Client

The client sends a request. The server processes it.

The server sends a response. The client displays the result.

What is an HTTP Request?

An HTTP Request is a message sent from a client to a server.

Example:

GET https://vj49.company.com/employees

Meaning: Please provide employee information.

A request typically contains:

• URL
• Method
• Headers
• Body (Optional)

What are Headers?

Headers contain additional information about the request.

Examples:

• Content-Type
• Authorization
• Accept
• User-Agent

Example:

Content-Type: application/json

This tells the server that JSON data is being sent.

Think of headers as instructions attached to the request.

What is a Request Body (Payload)?

Sometimes the URL alone is enough.

Example:

GET https://vj49.company.com/employees

We are simply requesting information.

No additional data is required.

However, when creating or updating information, we must send data to the server.

This data is called the Request Body or Payload.

Think of it like this:

URL = Where to send the request
Method = What action to perform
Body/Payload = Data needed to perform the action

Example 1: Creating an Employee

Request:

POST https://vj49.company.com/employees

Body:

{
  "name": "John",
  "department": "IT",
  "email": "john@company.com"
}

Meaning:

Create a new employee using this information.

Without the body, the server would not know what employee needs to be created.

Example 2: Updating an Employee

Request:

PUT https://vj49.company.com/employees/101

Body:

{
  "name": "Roman",
  "department": "OTC",
  "email": "john@company.com"
}

Meaning: Replace employee 101 with this information.

What Happens Inside the Server?

Many beginners think APIs store data.

Usually they do not. The API acts as a middle layer.

Client
   ↓
REST API
   ↓
Database

The API receives the request. The API queries the database.

The database returns data. The API sends a response back to the client.

What is an HTTP Response?

After processing the request, the server sends a response.

A response contains:

• Status Code
• Headers
• Response Body

What is a Response Body?

The Response Body contains the actual data returned by the server.

Example:

{
  "id": 101,
  "name": "Roman",
  "department": "OTC"
}

The client receives this data and displays it to the user.

Why is JSON Important?

JSON stands for JavaScript Object Notation.

Most modern REST APIs use JSON to exchange data.

Example:

{
  "id": 101,
  "name": "UCE",
  "department": "YEET"
}

JSON is popular because it is:

• Lightweight
• Easy to read
• Easy to write
• Supported by almost every programming language

Understanding CRUD Operations

Most applications perform four basic operations.

• Create
• Read
• Update
• Delete

This is called CRUD. REST APIs use HTTP Methods to perform these operations.

HTTP Methods

There are 9 http methods, but majorly we focus on the below methods

GET

Retrieve data.

GET https://vj49.company.com/employees

POST

Create data.

POST https://vj49.company.com/employees

PUT

Replace an existing resource completely.

PUT https://vj49.company.com/employees/101

PATCH

Update specific fields.

PATCH https://vj49.company.com/employees/101

DELETE

Delete data.

DELETE https://vj49.company.com/employees/101

Which Methods Usually Use a Body?

Path Parameters

Sometimes we need a specific resource.

Example:

https://vj49.company.com/employees/101

Here, 101 is called a Path Parameter.

Meaning: Return employee 101.

Query Parameters

Sometimes we need filtered results.

Example:

https://vj49.company.com/employees?department=IT

Meaning: Show only employees from the IT department.

Another example:

https://vj49.company.com/employees?page=1

Meaning: Show page 1 of the employee list.

Authentication Vs Authorization

Authentication

Authentication answers:

Who are you?

Common authentication methods:

• Username and Password
• API Keys
• Bearer Tokens
• OAuth

Before accessing protected APIs, users must prove their identity.

Authentication verifies identity.

Authorization

Authorization answers:

What are you allowed to do?

Example:

Employee User
   ↓
Can view profile
Administrator
   ↓
Can create employees
Can delete employees
Can update employees

Authorization verifies permissions.

The Evolution of API Authentication

As applications became more advanced, authentication methods evolved.

Basic Authentication
        ↓
API Key Authentication
        ↓
Bearer Token Authentication
        ↓
JWT Authentication
        ↓
OAuth 2.0

Each method was introduced to solve limitations found in earlier approaches.

Let’s understand them one by one.

Basic Authentication

Basic Authentication is one of the oldest and simplest authentication mechanisms.

The client sends:

• Username
• Password

with every request.

Example:

Authorization: Basic dmlqYXk6cGFzc3dvcmQ=

The value after “Basic” is simply the username and password encoded using Base64.

Example:

vijay:password123
       ↓
Base64 Encoding
       ↓
dmlqYXk6cGFzc3dvcmQxMjM=

How Basic Authentication Works

Step 1:

User enters username and password.

Step 2:

Client encodes the credentials.

Step 3:

Client sends them to the server.

Step 4:

Server validates the credentials.

Step 5:

Access is granted if the credentials are correct.

Advantages

• Simple
• Easy to implement
• Supported everywhere

Disadvantages

• Credentials are sent with every request
• Less secure than modern methods
• Not suitable for large-scale applications

API Key Authentication

As APIs became more common, API Keys were introduced.

Instead of sending usernames and passwords, the server issues a unique key.

Example:

x-api-key: abc123xyz456

The client includes the API Key with every request.

How API Keys Work

Step 1:

Developer registers an application.

Step 2:

Server generates an API Key.

Step 3:

Client includes the key in requests.

Step 4:

Server validates the key.

Advantages

• Easy to use
• Easy to generate
• Common in public APIs

Disadvantages

• Keys can be shared accidentally
• Difficult to manage permissions
• Not ideal for user authentication

Bearer Token Authentication

Bearer Tokens are one of the most common authentication methods used today.

Instead of sending credentials with every request, the client first logs in.

The server generates a token.

The client uses that token for future requests.

Example:

Authorization: Bearer eyJxxxxxxxxxx

How Bearer Tokens Work

Step 1:

User logs in.

Step 2:

Server validates credentials.

Step 3:

Server generates a token.

Step 4:

Token is returned to the client.

Step 5:

Client includes the token in future requests.

Example:

Authorization: Bearer eyJ123abc456xyz

Step 6:

Server validates the token and processes the request.

Advantages

• More secure than Basic Authentication
• Credentials are not sent repeatedly
• Widely used in REST APIs

Disadvantages

• Tokens can expire
• Token management is required

JWT Authentication

JWT stands for JSON Web Token.

One of the biggest beginner misconceptions is:

Bearer Token and JWT are the same thing.

They are not.

A JWT is usually carried inside a Bearer Token.

Think of it this way:

Bearer Token
        ↓
Container
JWT
        ↓
Special Type of Token

JWT Structure

A JWT contains three sections.

Header
Payload
Signature

Example:

xxxxx.yyyyy.zzzzz

Header

Contains information about the token.

Example:

{
  "alg": "HS256",
  "typ": "JWT"
}

Payload

Contains claims and user information.

Example:

{
  "username": "vj",
  "role": "admin"
}

Signature

Used to verify that the token has not been modified.

Advantages

• Stateless
• Compact
• Widely adopted

Disadvantages

• Cannot be easily revoked
• Requires proper handling

OAuth 2.0 Authentication

OAuth is an authorization framework that allows applications to access resources without exposing user credentials.

The most common examples are:

• Login with Google
• Login with Microsoft
• Login with GitHub
• Login with Facebook

OAuth Flow (Simplified)

Step 1:

User clicks:

Login with Google

Step 2:

Google verifies the user.

Step 3:

Google issues an access token.

Step 4:

The application uses the token.

Step 5:

The user gains access without sharing their password directly.

Advantages

• Highly secure
• Industry standard
• Supports Single Sign-On (SSO)

Disadvantages

• More complex than other methods
• Requires additional components

Authentication Comparison

Which Authentication Method Should You Learn First?

If you’re a beginner, follow this order:

Basic Authentication
        ↓
API Keys
        ↓
Bearer Tokens
        ↓
JWT
        ↓
OAuth 2.0

Once you understand Bearer Tokens, JWT becomes much easier to understand.

Understanding HTTP Status Codes

Status codes tell the client what happened.

What is Postman?

Postman is an API testing tool.

Instead of building an application, you can directly send requests to APIs.

Example:

GET https://vj49.company.com/employees

Click Send.

Immediately you can see:

• Response Data
• JSON Output
• Headers
• Status Code
• Response Time

Postman is one of the easiest tools for learning REST APIs.

Complete End-to-End Example

Step 1:

A user clicks “View Employees”.

Step 2:

The browser sends:

GET https://vj49.company.com/employees

Step 3:

The request reaches the REST API.

Step 4:

The API queries the database.

Step 5:

The database returns employee information.

Step 6:

The API converts the data into JSON.

Step 7:

The API returns:

200 OK

along with the employee data.

Step 8:

The browser receives the response.

Step 9:

The browser displays the employee list.

All of this usually happens within a fraction of a second.

Summary

At this point, you understand the core REST API concepts. However, beginners often have additional questions after reading these fundamentals.

If you have any questions, thoughts, or just want to geek out over VMware, feel free to ping me on LinkedIn or drop me an email at jagadeeshvuppala1996@gmail.com. I’m always happy to help!