IndustriesWorkPlaybookHow it worksAboutBook a systems auditBring us your idea

What is an API, in plain English?

Straight answer

An API is a defined way for two pieces of software to talk to each other. Think of a waiter: you ask for something from a set menu, the kitchen prepares it, and the waiter brings it back. Your app uses APIs to ask other services, like payments or maps, to do work and return an answer.

Information current as at 5 July 2026

API is one of those three-letter words that gets thrown around as if everyone already knows it. The concept is genuinely simple, and once it clicks you will spot APIs everywhere in your app: the thing that lets it take a payment, send an email, or show a map without you building any of that yourself.

Plain English
API
A defined way for one program to ask another to do something and get an answer back.
Request
The message your app sends to an API asking for a specific thing.
Response
The answer the API sends back, such as the data you asked for or a confirmation.
API key
A password-like string that identifies your app to a service so it is allowed to use it.

The waiter analogy

Imagine you are at a restaurant. You do not walk into the kitchen and cook; you tell a waiter what you want from the menu, the kitchen does the work, and the waiter brings your food back. An API is that waiter, sitting between two programs. Your app is the diner, another service is the kitchen, and the API is the agreed set of things you are allowed to ask for and the way you have to ask. The menu matters: an API only offers certain requests, in a certain format, and it will politely refuse anything off-menu. This is what makes APIs reliable. Both sides know the rules in advance, so your app can trust what it will get back, and the other service can trust what it is being asked.

What your app uses them for

Almost nothing an app does is built entirely from scratch, and APIs are the reason. When your app takes a payment, it is not handling cards itself; it is sending a request to a payment service's API and getting back a yes or no. When it sends a confirmation email, it asks an email service's API to do it. Maps, text messages, address lookups, weather, login with a Google account: all of these are APIs your app calls so it does not have to reinvent them. This is a good thing. It means the hard, sensitive work, like actually moving money, is done by specialists who do only that. Your app is often a conductor, coordinating a handful of these outside services through their APIs into one experience for your visitor.

No pressure
Show us what you built.

If you have made something and it needs to become real, send it over. We will tell you honestly what it needs to be live, safe and yours, whether that is a quick fix you can do or a proper build. No obligation.

API keys and why they must stay secret

When your app calls a service's API, that service needs to know it is really you, and often that you are on a paying account. That is what an API key is: a long, password-like string that identifies your app to the service. It is effectively a password, and it must be treated like one. If your API key leaks into public code or a web page, anyone who finds it can make requests as you, run up your bill, or misuse the service in your name. This is one of the most common and costly mistakes in AI-built apps, because builders sometimes leave keys sitting in places a curious person can read. Keys belong in environment variables, kept out of the public code, and if one has ever been exposed it should be regenerated.

What can go wrong and what to check

APIs introduce a few practical realities worth knowing. They can be slow or briefly unavailable, because you are depending on someone else's service, so a well-built app handles the moment an API does not answer rather than simply breaking. They usually cost money past a certain amount of use, so an API you call carelessly can generate a surprising bill. And they change over time, so an integration that worked can stop if the other side updates their menu. For you, the useful checks are: know which outside services your app depends on, know that their keys are stored safely and not exposed, and know roughly what they cost as your usage grows. If you cannot answer where your keys live, that is worth resolving before it becomes a problem.

Common questions

Questions, answered

What does API stand for?
Application Programming Interface. The name is unhelpful; the idea is not. It is simply an agreed way for one program to ask another to do something and get an answer back, like a waiter carrying orders between you and a kitchen.
Does my app use APIs even if I did not add any?
Almost certainly. If it takes payments, sends emails, shows maps, or lets people log in with a Google or Apple account, it is calling those services through their APIs. The AI builder wired them in for you, often without making a fuss about it.
What is an API key and why does it matter?
An API key is a password-like string that lets your app use an outside service, often on your paid account. It must stay secret, because anyone who finds it can use the service as you and run up your bill. Exposed keys are a common, costly hole in AI-built apps.
Can an API cost me money?
Yes. Many services are free up to a point and then charge based on how much you use them. An app that calls an API carelessly, or gets misused because its key leaked, can generate a real bill. Know which paid services your app depends on and roughly what they cost.
No pressure
Show us what you built.

If you have made something and it needs to become real, send it over. We will tell you honestly what it needs to be live, safe and yours, whether that is a quick fix you can do or a proper build. No obligation.

Start here

Two doors. Same senior team.

Whether you can name exactly what you want built, or you just know something is leaking, the next step is the same conversation.