API Glossary for Non-Engineers

Understanding APIs often begins with becoming familiar with a few key terms.

This glossary provides concise, accessible definitions that will support you as you read through the series.

Refer to it whenever you need quick clarification or a grounding point.

API #

A messenger between two computer systems.

One system asks for something → the API carries the request → the other system replies.

Endpoint #

The exact address where you ask for something.

Similar to a house address, but for data.

Example:

/customers/123 → “give me customer 123.”

Request #

What you send to the API.

It contains what you want: “Fetch this”, “Create that”, “Update this”.

Response #

What the API sends back.

Usually includes:

• status code

• data

• sometimes error messages

Think of it as the API’s reply.

HTTP Method #

Tells the API what you want to do.

• GET → “Give me data.”

• POST → “Create something new.”

• PUT/PATCH → “Update something.”

• DELETE → “Remove something.”

You don’t need to memorize these, just understand the intention behind each one.

Status Code #

A short number that tells you what happened.

Common ones:

• 200 → Everything worked.

• 201 → Something was successfully created.

• 400 → Bad request (you asked wrongly).

• 401 → Not allowed (authentication issue).

• 404 → Doesn’t exist.

• 500 → The system is down or broken.

JSON #

A structured way of sending data.

Looks like simple text with “key: value” pairs.

Example:

{
  "name": "Ada",
  "email": "ada@example.com"
}

You don’t need to understand the syntax, only that it’s just organized text.

Header #

Extra information attached to your request. Most importantly where authentication lives.

Example:

Authorization: Bearer <your_token>

Body / Payload #

The data you send with your request (usually for POST/PUT).

Like filling out a form.

API Key #

A long-term identifier assigned to an application.

Like an ID badge that identifies who is making the request.

API keys help systems distinguish one application from another and track usage.

They must be kept private because anyone with your key can act as your system.

Token #

A short-term pass that expires after a set period.

If an API key is like an office ID badge, a token is like a temporary visitor pass.

Tokens are safer because they:

• reduce the risk of long-term exposure

• can be revoked immediately

• limit impact if compromised

When a token expires, the user must authenticate again to get a new one.

Authentication (Auth) #

The process of verifying who is making the API call and whether they have permission.

Same idea as logging into an app, but for systems.

Rate Limit #

How many API calls you’re allowed to make in a period of time.

Prevents overload.

When you hit it, you usually get: 429 Too Many Requests.

Latency #

How long an API takes to respond.

Sometimes caused by slow networks or busy servers.

Webhook #

The opposite of an API request.

Instead of you asking for information, a system pushes information to you when something happens.

Example: “When a payment succeeds, send me a message.”

Polling #

Repeatedly asking an API to check for updates or changes.

Like refreshing your email inbox every few seconds to see if new messages arrived. Most of the time, nothing has changed, which makes this approach inefficient. Polling increases unnecessary requests, wastes resources, introduces delays, and can trigger rate limits. Webhooks are often used as a more efficient alternative.

SDK (Software Development Kit) #

A packaged tool that makes using an API easier.

You won’t need this as a non-engineer, but it’s good to know what it means.

API Documentation (Docs) #

A guide that explains:

• what endpoints exist

• how to use them

• what data you get

• what errors mean

This is where engineers and sometimes PMs or support, look things up.

Integration #

Connecting your system to another system using APIs.

Example: your product integrates with a payment provider.

Payload Size #

How much data is being sent.

Bigger payloads = slower requests.

Timeout #

When an API takes too long to reply, the request fails.

This usually appears as a “Request timed out” error.

Sandbox / Staging #

A safe testing environment where you can try API calls without affecting real users or money which is perfect for beginners and tests.

Short Summary (for quick scanning)

• API → messenger

• Endpoint → address

• Request → question

• Response → answer

• Status Code → what happened

• JSON → structured text

• API Key → long-term ID

• Token → temporary pass

• Webhook → system notifies you

• Polling → repeatedly checking for updates

• Rate Limit → request limits

• Docs → manual