Public and Private

Public APIs are intended for consumption outside the organization that provides them. Twitter, Facebook, Instagram, and many other social media sites provide public APIs that enable third-party programs to interact with their services. This is the type of web API this book deals with.

Private APIs are intended only for internal use. These APIs are subject to change at any time. The Google search page uses a private API to get a list of search suggestions to display while a user is entering search terms. Sometimes it is possible to call private APIs, but in general, doing so is a bad idea for a variety of technical, ethical, and even potentially legal reasons.

Companies and services that provide public APIs are usually not shy about doing so, as offering a good API can be a competitive advantage. Look for API or Developers links at the bottom of websites which will usually lead to useful information about that site's APIs.

Providers of public APIs can and will dictate the conditions of using their API. Just because an API is public doesn't mean that access will be granted to anyone, or that there aren't any rules around how the API can be used. Many APIs require consumers to have accounts with the provider's service and verify this by requiring requests to include authentication data or parameters.

Terms and Conditions

The data accessed via APIs carries with it ethical and legal responsibilities. Many API providers require developers to agree to terms and conditions of use before they are granted access. While these documents are usually written in legalese and can be a bit dense, it is important to understand what is and isn't allowed with respect to API data. In particular, keep in mind the following:

  • What restrictions does the API place on your use of its data? For example, data from the Amazon Product Advertising API is only available to Amazon Associates.
  • Is the API exposing any data that could be linked back to a person? Many social applications allow access to a user's personal information, and by accessing it, you are taking on the responsibility of keeping this information safe and secure.
  • Does the API have rate limits, and if so, what are they? Many APIs limit how many requests can be sent from a single user or application within a given time frame. Such restrictions can have an impact on the design of programs that interact with their APIs.


  • APIs come in two flavors, public and private. You will generally work with public APIs. Using private APIs is most common when they are your own.
  • API usage is often conditional on the acceptance of a set of terms set by the API provider.