API

An Application Programming Interface (API) is a set of rules and protocols that allows different software applications to communicate with each other. APIs define how one system can request data or services from another.

Privacy Relevance

APIs are central to modern data sharing and raise several privacy considerations:

• Data access controls — APIs should enforce authentication (e.g. API keys, OAuth tokens) and authorization
• Data minimization — APIs should return only the data that is necessary for the request
• Logging and monitoring — API calls should be logged for security and compliance purposes
• Rate limiting — prevents abuse and excessive data extraction
• Data processing agreements — when an API enables a third party to access personal data, a DPA may be required

Types

• REST APIs — use HTTP methods (GET, POST, PUT, DELETE) and return JSON or XML
• GraphQL — allows clients to request exactly the data they need
• Webhooks — push-based: the server sends data to a URL when an event occurs