APIs are essential in providing solutions to customer problems and helping your product stay competitive. And to understand APIs, you need to understand API endpoints.
![Download Now: How to Use an API [Free Ebook]](https://no-cache.hubspot.com/cta/default/53/1cbd6f4c-4566-446c-852a-0a9dae73e987.png)
An API (application programming interface) is a series of rules allowing an application to share its data with outside developers. In plain terms, an API lets you take “their stuff” and make it work with “your stuff.” Their stuff, in this case, is located at the API endpoint.
In this guide, I’ll explain what an API endpoint is, what role it plays in integrations, and how to start testing endpoints with public APIs (and potentially with your own).
Table of Contents
- What is an API endpoint?
- API Endpoint Examples
- Why are API endpoints important?
- How to Test API Endpoints
- Best Practices for API Endpoints
- The Future of APIs in Business
What is an API endpoint?
An API endpoint is a digital location where an API receives requests about a specific resource on its server. In APIs, an endpoint is typically a uniform resource locator (URL) that provides the location of a resource on the server.
To fully understand this definition and where endpoints fit in the API model, let’s briefly review how APIs work.
For two software applications to integrate over the internet, one application — called the client — sends a request to the other application’s API. The client may request a resource from the app’s database or ask to perform an action on the server.
Upon receiving and validating the client’s request, the API performs the requested action, then sends a response back to the client. This response includes the status of the request (e.g., completed or denied) and any resources requested by the client.
APIs typically allow access to many different resources on a server. For example, a social network’s API might let clients retrieve and modify post content, user profiles, and images. A news site’s API might allow access to its article content, authors, and media like podcasts and videos.
Free Ebook: How to Use an API
Everything you need to know about the history and use of APIs.
- A History of APIs
- Using APIs
- Understanding API Documentation
- And more!
Download Free
All fields are required.
Knowing this, how do clients specify which resource they want to access in their request?
The answer is by using the correct endpoint. In a request, the client specifies an endpoint as a URL. This URL tells the server, “The resource I want is at this location.”
The process is similar to how you access web pages in a browser. Web browsers load web pages by sending a URL to a web server, and the server responds with the requested page. Similarly, the client needs the right endpoint URL to request a particular resource from an API.
Endpoint vs. API
It’s important to note that endpoints and APIs are different. An endpoint is a component of an API, while an API is a set of rules that allows two applications to share resources.
Endpoints are the locations of the resources, and the API uses endpoint URLs to retrieve the requested resources.
What does an endpoint look like?
An endpoint looks like a URL.
“When you ‘call’ this endpoint, you send a request to get or update the data at that address,” explains Hannah Seligson, a HubSpot Senior Developer Advocate who works with APIs daily. “It‘s like entering a web address in your browser, but it’s meant for data interaction, not viewing pages.”
API Endpoint Examples
Developers list all endpoints of their API in the documentation so users know how to access the resources they need. But what do these endpoints look like in practice?
Let’s see some real-world examples from leading platforms.
Twitter API Endpoint Example
The Twitter API exposes data about tweets, direct messages, users, and more.
Let’s say you want to retrieve the content of a specific tweet. To do this, you can use the tweet lookup endpoint, which has the URL https://api.twitter.com/2/tweets/{id} (where {id} is the unique identifier of the tweet).
Now, say you want your website to stream public tweets in real time so your visitors stay informed on a specific topic. You can use Twitter’s filtered stream endpoint, whose URL is https://api.twitter.com/2/tweets/search/stream.
We'll look at the filtered stream endpoint in more detail later in this post.
Pro tip: The tweet lookup endpoint is useful for building features that need to fetch and display specific tweets in real time.
Spotify API Endpoint Example
Spotify’s API gives developers access to song, artist, playlist, and user data.
For example, if you want to get a specific album, you can access any album in the Spotify catalog with the endpoint https://api.spotify.com/v1/albums/{id} (where {id} is the album’s unique identifier).
Or, say you want to send a request that makes a user follow a playlist. In this case, send a PUT request with the endpoint https://api.spotify.com/v1/playlists/{playlist_id}/followers (where {playlist_id} is the unique identifier of the playlist).
Pro tip: This endpoint can be used for integrating Spotify's rich music data into your application, whether for a music recommendation feature or to display album information.
YouTube API Endpoint Example
The YouTube API, among other things, makes it easy to embed YouTube videos on any website. When you go to a YouTube video and copy the embed code, you are requesting the video from YouTube’s API.
Another way to get videos through YouTube’s API is by requesting them from the endpoint https://www.googleapis.com/youtube/v3/videos, which returns a list of videos that match the parameters you specified in your request.
Pro tip: Use this endpoint to integrate YouTube videos into your website or app, enhancing your content with multimedia.
Why are API endpoints important?
One of the first questions you may ask about APIs is: Why do so many businesses share their data openly, for free?
Most often, the answer is scale. As companies grow, the staff within those companies realize they have more ideas than they have the time and resources to develop them. It’s typically easier to work with other external companies that specialize in these ideas than build them in-house.
By creating APIs, a company allows third-party developers to build applications that improve adoption and usage of its platform. That way, a business can build an ecosystem that becomes dependent on the data from its API, which often leads to additional revenue opportunities.
Take HubSpot APIs as another example: By exposing our software’s functionality and data through APIs, developers can integrate their applications with our technology, resulting in an app ecosystem that increases our reach and makes things much easier for customers who wish to use other applications alongside HubSpot.
“APIs are essentially the gateway to your HubSpot data,” says Seligson, who liaises between HubSpot and the external developers who use our APIs. “So what the APIs do is it allows people who have HubSpot to manage their data more efficiently and also to utilize it in different ways.”
As we’ve learned, endpoints are central to APIs, literally. They’re the point at which the client and the server communicate. Without properly structured and functioning endpoints, an API will be confusing at best and broken at worst.
As you make more data available through your API, it’s vital to ensure that each endpoint provides valuable resources for clients.
Free Ebook: How to Use an API
Everything you need to know about the history and use of APIs.
- A History of APIs
- Using APIs
- Understanding API Documentation
- And more!
Download Free
All fields are required.
How to Test API Endpoints
Imagine you want to stay informed about HubSpot on Twitter by getting tweets from the @HubSpot account as soon as they’re posted. Also, let's say you only want tweets that contain links to articles.
To achieve this, you’d need to use the Twitter API’s filtered stream endpoint. So, let’s see how to make a request.
Step 1: Choose the correct HTTP method.
When discussing web APIs, we’re usually talking about a type of API called a REST API, which utilizes HTTP methods that tell the API what action to take.
The four most common HTTP methods in API requests are:
- GET: retrieves a resource
- POST: creates a resource
- PUT: updates an existing resource
- DELETE: removes a resource
Requests are formatted by writing the HTTP method, followed by the endpoint URL. So, a request to the filtered stream endpoint would look like this: GET https://api.x.com/2/tweets/search/stream.
But, for the API to know which tweets to send you, you’ll need to define filtering criteria. Otherwise, you’ll just be asking to see every tweet posted in real time (gulp).
Step 2: Apply filtering criteria.
You can apply filtering criteria to the endpoint in the form of rules. To build these rules, you’ll use a set of operators.
For this example, you can use two Twitter API operators — from: and has:links — to see only tweets from certain accounts that contain links.
To instruct the filtered stream endpoint to show tweets only from the accounts @HubSpot that contain links, use the following rule: from:HubSpot has:links.
Step 3: Authenticate and send your request.
In your request, you’ll use the HTTP method POST. In addition to including the rule mentioned above in your request, you’ll include the content type and authorization.
Below, the content type is defined as “application/json,” so the request is rendered in the data format JavaScript Object Notation (JSON).
Several online tools are available for testing an API endpoint. Here, we’ll use cURL, a command-line tool that supports HTTP. It can make requests, get data, and send data, so it's a great tool for testing APIs.
Here’s what your request to the Twitter API should look like on the command line.
To authenticate your request, you’ll have to replace the placeholder text $BEARER_TOKEN with your app’s unique bearer token, which is available in your developer portal.
Pro tip: Don’t share your tokens with anyone else! Otherwise, they could access your data.
“Typically, when you're using an API to access data, you need to have permission to access that data,” explains Seligson. “So, certain APIs have certain requirements when it comes to authentication process.”
You can find authentication requirements by checking the API documentation. For example, Twitter’s documentation offers four different authentication methods.
Step 4: Analyze the status codes.
“When you hit an endpoint, if it‘s successfully hit, you’ll get a 200,” says Seligson.
That’s the ideal situation. But … what if it’s not successful? Well, you’ll get one of many frustrating API errors.
For example, a 401 means you’re not authorized to access that API’s data, which probably means you failed to enter the proper credentials.
“Having an understanding of what those codes are, what they mean, is really going to help somebody when they're working with any API,” she adds.
To learn more, check out our blog post describing common API errors.
Pro tip: Try API testing tools so you can work more quickly and efficiently.
Best Practices for API Endpoints
From building APIs to now helping external devs work with them, Seligson has extensive experience in this field. So, I had to ask her for best practices for API endpoints.
Here’s what she advises:
Never share API keys, client secrets, or tokens.
“Keeping your ‘secrets’ (like API keys, client secrets, or tokens) safe is essential because these secrets are like special keys that grant access to data and services,” says Seligson.
“API keys and tokens give direct access to an application or database. If exposed, anyone with the key could use it to access the data or resources it controls, which could lead to data theft or misuse.”
To keep them safe, she recommends:
- Storing them in secure places like environment variables, encrypted vaults, or secrets management tools
- Never including them directly in your code, especially in public code repositories
Always read the API documentation.
“Each API has documentation that explains which endpoints are available, what permissions, parameters, or requirements you need, and what they return,” Seligson explains. "Reviewing this helps you know exactly how each endpoint works and what to expect in your response.”
Test slowly and monitor your logs.
“If testing multiple endpoints, do it gradually,” Seligson advises. That’s because the API might have request limits (check the documentation). “Going slow helps avoid getting blocked or hitting rate limits.”
The Future of APIs in Business
We live in a world that now expects open and available content for all — the natural progression of this is for publishers to release their own APIs so that customers can develop applications with them.
API sharing applies to all businesses, not just those that are web-based, but anyone with a web-based tool or component of their organization.
Of course, this concept will cause hurdles for some organizations, a major one being getting everyone on the same page of how APIs work.
It’s easy to get bogged down in the technical jargon of APIs. However, when applied to real-life cases, it’s easier to understand how APIs work the way they do.
Hopefully, you now better grasp one of their key components: endpoints.
Editor's note: This post was originally published in September 2021 and has been updated for comprehensiveness.
Free Ebook: How to Use an API
Everything you need to know about the history and use of APIs.
- A History of APIs
- Using APIs
- Understanding API Documentation
- And more!
Download Free
All fields are required.
![What is Payload? A Quick Guide [+ Examples]](https://www.hubspot.com/hubfs/payload.webp)
