In our latest Knowledge Leadership piece, we take a look at Application Programming Interfaces (APIs). We explore what they are, the different types of APIs used by companies and individuals, and how they are used within Business Central as well as the wider Microsoft ecosystem.

What is an API?

According to the Gartner’s IT glossary, an application programming interface (API) is an interface that provides programmatic access to service functionality and data within an application or a database. It can be used as a building block for the development of new interactions with humans, other applications or smart devices.

Examples of APIs are all around us. Travel sites like Expedia,, etc. use APIs to collect flight, hotel, and car hire details from third-party providers for you to view on their site. Then once you have made a booking, they will use APIs to confirm the booking with the provider they sourced it from. Whenever you pay with PayPal on a third-party ecommerce site, there is an API at work. It is linking that site to PayPal in such a way that the site can do what it needs to (get paid) without being exposed to sensitive data (your debit or credit card details) or gaining access to unintended permissions.

In the SaaS (software-as-a-service) world, APIs are vital. They give developers the ability to write code that posts data to, or retrieves data from, an external providers’ site or application. This is how Business Central is able to offer and provide seamless integration with applications such as Shopify.

Different types of APIs?

In the SaaS world, the main type APIs used are web APIs. These are used for browser communication and are accessible using the HTTP protocol. Designers can choose from a range of different standards and protocols. These will vary according to the type of API they choose and the overall purpose of the API.

The four many types of APIs are:

  1. Internal APIs – Also known as Private APIs, these are only available for use within an organisation. They are used to connect systems and data within a business. Traditionally, the level of security included in this type of API is quite weak. However, internal APIs do still provide security measures intended to verify the employee’s identity before they are granted entry to the systems and data.
  2. External APIs –Also known as Public APIs, these are open and available for use by any external developer and user to access data easily. This type of API has a moderate level of authentication and authorisation.
  3. Partner APIs –Like Public APIs, this is an excellent way for businesses to communicate and collaborate with external users. However, Partner APIs are only available to specific business partners. They generally incorporate stronger authentication, authorisation and security mechanisms than external APIs in order to ensure that the systems and data are only shared with authorised partners.
  4. Composite APIs ­–These generally combine two or more APIs to create a sequence of related or interdependent operations. Composite APIs are often used in microservice architectures (where a number of individual components work together to deliver an overall solution). Users may need information from several services to perform a single task and using composite APIs will return all the data required in one call, thus reducing server load and improving application performance.

API Protocols

APIs come with a defined set of calls and techniques which are used by developers to successfully integrate them in their software. The rules which govern the use and application of these calls are called API Protocols. These protocols define the accepted commands and data types and set the standards for API usage.

The three most popular API protocols or architecture are:

  1. REST (Representation State Transfer Architecture): This is the most popular approach used for building APIs. It relies on a client-server approach whereby the background and data storage interfaces are isolated. REST is “stateless” which means that the API stores no data between requests on the server. Clients can, however, cache responses which means they store responses for slow or non-time sensitive APIs.
  2. SOAP (Simple Object Access Protocol): SOAP is the messaging standard which has been defined by the World Wide Web Consortium and is broadly used, usually with XML, to create web APIs. SOAP is used to support a wide range of communication protocols across the internet. It is a highly structured, tightly and clearly defined standard.
  3. RPC (Remote Procedural Call): These are the oldest and simplest protocol used in APIs. They are a simple means of sending multiple parameters and receiving results. XML-RPC uses eXtensible Market Language (XML) to encode commands while JSON-RSP use JavaScript Object Notation (JSON) to transfer data.

Characteristics of a modern API

Most modern APIs share a number of common characteristics:

  • They adhere to the standards of one of the popular API protocols that are developer friendly, easily accessible and broadly understood.
  • APIs are now treated less like lines of code and more like products that have been designed for consumption by specific audiences.
  • They are protected by strong levels of security and governance. They are also maintained and managed properly for performance and scale.
  • Modern APIs now have their own software development lifecycle, including: design, testing, build, management and versioning.
  • They are an excellent way for developers to add features and functionality to software.

Business Central & APIs

Business Central comes with an extensive list of built-in APIs that require no code and minimal set up to use. These built-in API are RESTful web APIs (created using REST protocols) which have been optimised for performance and are Microsoft’s preferred way for third party solutions and services to integrate with Business Central.

In order to integrate with these APIs, a company (or its implementation partner) must go through a few steps to enable access to Business Central. This is done through the Business Central Administration tool. Once a developer has the API access enabled, they can write code that integrates their web service or SaaS solution with Business Central.

In addition to the built-in APIs, it is possible to create custom APIs using the AL object types, API pages and API queries.

Click here for further information from Microsoft on the key concepts and techniques for using APIs with Business Central.

How can TVision Technology help you?

To find out Microsoft Dynamics 365 Business Central and how it can help your business, get in touch with one of our experienced TVision team.