API basics guide

APIs explained for non-technical tech professionals

APIs power every modern product. You do not need to build them to understand them — but you do need to understand them to work effectively as a PM, BA, or analyst in tech.

What an API is (in plain English)

API stands for Application Programming Interface. It is a contract between two software systems that defines how they communicate.

The restaurant analogy

You (the client) tell the waiter (the API) what you want. The kitchen (the server) prepares it. You never enter the kitchen — you just use the menu.

Why APIs matter for non-engineers

Understanding APIs helps you scope integration work, set realistic timelines, and ask engineering the right questions.

When you ask 'can we integrate with Salesforce?', you are asking an API question.

When you see 'payment processing via Stripe', that is an API integration.

When your analytics tool pulls data from your product, that is an API call.

How REST APIs work (the most common type)

Every API request has four parts.

URL (endpoint)

Where to send the request. https://api.example.com/users/123

Method (verb)

What to do. GET (fetch data), POST (create), PUT/PATCH (update), DELETE (remove).

Headers

Metadata about the request — usually includes authentication (API key or token).

Body

The data you are sending (for POST and PUT requests).

HTTP status codes — what they mean

When an API responds, it includes a three-digit code that tells you what happened. These are the ones you will encounter most.

200

Success.

201

Created

Resource created successfully (usually after a POST).

400

Bad Request

Your request has an error (wrong format, missing field).

401

Unauthorized

You need to authenticate first.

403

Forbidden

Authenticated, but you do not have permission.

404

Not Found

The resource does not exist.

429

Too Many Requests

You hit the rate limit — slow down.

500

Internal Server Error

The server broke — not your fault.

API authentication (the basics)

Most APIs require you to prove who you are before they respond. There are three common patterns.

API Key

A secret string you include in every request. Simple but static — if leaked, must be rotated.

OAuth 2.0

Used for 'Login with Google / GitHub' flows. More complex, more secure, allows scoped permissions.

Bearer Token

A time-limited token included in the Authorization header. Most modern APIs use this.

Things PMs and BAs commonly ask about APIs

Knowing what to ask — and what to look for — makes you a better collaborator with the engineers who build the integrations.

'Can we integrate with X?'

Find X's API documentation and check: Is there an API? What does it support? What are the rate limits and costs?

'Why is the integration broken?'

Start with: What is the error status code? When did it start failing? Did anything change on either side?

'How long will the integration take?'

REST API integrations typically take 1–4 weeks depending on complexity, auth requirements, and data mapping.

Next steps

Learn technical communication skills

Understanding APIs is one piece of working in tech. Communicating clearly with engineers, PMs, and stakeholders is the other. Learn both.

Tech communication guide