API Notes for Business Analysts & PMs

(From Scratch to Professional Level)

1️ What is an API? (In Simple Words)

API (Application Programming Interface) is a way for two different software systems to talk
to each other and exchange data.

👉 Simple Example:

• You use a food delivery app.

• The app shows restaurant menus.
• The app does not store all menus.
• It calls an API from the restaurant system to get data.
✅ That communication happens via API.

An API (Application Programming Interface) is a bridge or messenger that allows two

different software applications to communicate with each other and exchange data
automatically—without human involvement.

In simpler terms:
👉 An API helps one app talk to another app and get the required information or send data
securely.

It tells:

• What data you can request

• How to request it
• What format the data will come in
• What rules must be followed

APIs work silently in the background and power almost every modern digital service we use
today.

✅ Simple Real-Life Example (Food Delivery App)

Let’s understand this with a step-by-step flow:

1. You open a food delivery app like Zomato or Swiggy.

2. You search for nearby restaurants.
3. The app does NOT store all restaurant menus inside itself.
4. Instead, it sends a request through an API to the restaurant’s system.
Business Analysis by Aman
5. The restaurant system responds with menu data, prices, availability, and images.
6. The app receives this data via API and displays it on your screen.

✅ This full process of requesting and receiving data between two systems happens through
an API.

So, API = Digital waiter that takes your request and brings the correct data back.

✅ Why API is Needed

Without APIs:

• Apps would not be able to share data

• Every system would work in isolation
• Real-time services would not exist

With APIs:

• Different systems connect easily

• Data flows in real-time
• Businesses can easily integrate third-party services
• Applications become faster, smarter, and scalable

✅ Simple Technical Flow of an API

User → Mobile App → API → Server → Database
↓
Response back

• User: You
• App: Food delivery app
• API: Messenger
• Server & Database: Where actual data is stored

✅ Easy Banking Example of API

• You open a bank app
• You check your account balance
• The app sends a request via API to the bank server
• The server returns your balance
• The app shows it on the screen

✅ Again, this data movement happens through API.

Business Analysis by Aman
✅ Key Points to Remember
• API is not a software or app
• API is a set of rules for communication
• API works in the background
• API makes system integration possible
• API allows secure data sharing
• API is used in:
o Banking
o E-commerce
o Healthcare
o Logistics
o Mobile Apps
o ERP & CRM systems

✅ One-Line Definition (Professional)

An API is a standardized interface that enables efficient, secure, and real-time
communication between two independent software systems.

✅ Summary in One Paragraph

An API (Application Programming Interface) is a communication bridge that allows two
different software systems to interact with each other and share data in a secure and controlled
manner. It works like a digital messenger that takes a request from one application, sends it to
another application, and returns the required response. APIs are the backbone of modern
applications and are used in almost every digital service such as food delivery apps, banking
apps, e-commerce platforms, and enterprise systems.

2️ Why APIs are Important for a Business Analyst

As a BA, you work between Business + Technology. APIs help you:

• Connect frontend & backend

• Integrate multiple systems
• Enable real-time data exchange
• Support mobile apps, web apps, CRM, ERP
• Define clear system boundaries

✅ APIs are heavily used in:

Business Analysis by Aman
• Banking
• E-commerce
• Healthcare
• EdTech
• Logistics
• Payment Gateways
• ERP & CRM systems

A Business Analyst (BA) acts as a bridge between Business and Technology. The business
explains what they want, and the technical team explains how it will be built. APIs play a
critical role in this communication because most modern systems are not standalone—they are
connected to many other systems through APIs.

Understanding APIs helps a Business Analyst:

• Translate business requirements into technical integration needs

• Ensure smooth data flow between multiple applications
• Avoid system failures, data mismatches, and integration issues
• Design scalable and reliable solutions

Let us understand each point in detail.

✅ 1. APIs Connect Frontend & Backend

In any application:

• Frontend = What users see (Website, Mobile App)

• Backend = Where logic & data exist (Server, Database)

The frontend cannot directly access the database for security reasons. Instead, it uses APIs to:

• Request data (user details, orders, payments, etc.)

• Send data (login info, order details, profile updates)

👉 Example:

• You log in to a mobile app.

• The app sends your username and password via API to the backend.
• The backend validates your details and sends the result back through the API.
• You get logged in.

✅ Without APIs, frontend and backend cannot communicate safely.

✅ 2. APIs Integrate Multiple Systems

Business Analysis by Aman
In real-world enterprises, one system is never enough. Different departments use different
software, such as:

• CRM for sales

• ERP for operations
• Accounting software for finance
• Third-party tools for SMS, email, payments

APIs enable all these systems to talk to each other automatically.

👉 Example:

• A customer places an order on a website.

• Order data is sent via API to:
o Inventory system
o Billing system
o Delivery system
o CRM

✅ As a BA, you must identify:

• Which systems are integrated

• What data is exchanged
• At what stage the API is triggered

✅ 3. APIs Enable Real-Time Data Exchange

Business today depends on real-time data, not delayed updates.

With APIs:

• Data moves instantly

• Users see live status
• Decisions are taken faster

👉 Example:

• Payment success is shown immediately after payment

• Live parcel tracking in logistics
• Live stock prices in trading apps

As a BA, this helps you:

• Define real-time business rules

• Capture performance requirements (response time)
Business Analysis by Aman
• Ensure customer experience is not affected

✅ 4. APIs Support Mobile Apps, Web Apps, CRM & ERP

Almost every platform today depends on APIs:

🔹 Mobile Apps

• Login
• Search
• Order placement
• Payment
• Notifications
All run through APIs.

🔹 Web Applications

• Dashboards
• Reports
• User management
• File uploads

🔹 CRM Systems

• Customer creation
• Lead updates
• Follow-ups
• Ticket management

🔹 ERP Systems

• Inventory
• Procurement
• Finance
• HR
• Payroll

✅ As a BA, if you work on:

• A website
• A mobile application
• An internal enterprise system
You will definitely deal with APIs.
Business Analysis by Aman
✅ 5. APIs Help Define Clear System Boundaries
APIs clearly define:

• What one system is responsible for

• What another system will receive or send
• Where the data ownership lies

This avoids:

• Confusion between teams

• Duplicate development
• Data responsibility conflicts

👉 Example:

• CRM owns customer data

• ERP owns billing data
• Delivery system owns shipment tracking

APIs define how these systems exchange only the required information, not full access.

✅ This is extremely important during:

• Requirements gathering
• System design
• UAT & production rollout

✅ Why API Knowledge is Mandatory for a Modern

Business Analyst
A BA must understand APIs because:

• Most projects today are integration-driven

• Many project failures happen due to poor API requirement clarity
• Stakeholders often ask:
o “Is this data coming from our system or third-party?”
o “How frequently is it updated?”
o “What happens if the API fails?”

Only a BA with API knowledge can ask the right questions and reduce project risk.
Business Analysis by Aman
✅ Industries Where APIs Are Heavily Used (With
Explanation)
● Banking

• Account balance check

• Fund transfers
• Loan processing
• KYC verification
• Payment gateways

● E-Commerce

• Product listing
• Order processing
• Payment integration
• Shipping & tracking
• Inventory sync

● Healthcare

• Patient records
• Lab test reports
• Appointment systems
• Insurance claims

● EdTech

• Course enrollment
• Live class access
• Assessments
• Certificate generation
• Payment integrations

● Logistics

• Shipment booking
• Live tracking
• Warehouse sync
• Delivery proof upload

● Payment Gateways
Business Analysis by Aman
• UPI, Cards, Wallets
• Payment verification
• Refund processing
• Transaction reports

● ERP & CRM Systems

• Customer data sync

• Sales data
• Billing
• Inventory
• Reporting dashboards

✅ Every one of these industries runs on APIs.

✅ From a BA Career Perspective

Mastering APIs helps a Business Analyst to:

• Work confidently with developers & architects

• Create accurate FRDs & integration documents
• Handle UAT and production issues
• Move into higher roles like:
o Product Owner
o Solution Analyst
o Technical BA
o Integration Analyst

3️ Basic API Architecture

Client (UI/App) → API → Server/Database

• Client: Web app, mobile app

• API: Medium that carries request/response
• Server: Processes the request
• Database: Stores actual data

The basic API architecture explains how data flows from the user to the system and back
using an API. It shows how different components of an application communicate with each other
in a secure and organized way.

📌 Basic Flow:
Business Analysis by Aman
Client (UI/App) → API → Server → Database
↓
Response Back

This flow is followed by most mobile apps, web apps, and enterprise systems.

✅ 1. Client (UI / Application Layer)

🔹 What is a Client?

The client is the user-facing layer of any application. It is where the user interacts with the
system.

🔹 Examples of Client:

• Web application (Chrome, Edge, etc.)

• Mobile application (Android / iOS app)
• Desktop software
• Internal company portals

🔹 Role of Client in API Architecture:

• Takes user input

• Triggers API requests
• Displays API responses
• Does not directly talk to the database
• Handles UI validations only

🔹 Example from Real Life:

• User enters login details in an app

• App sends this data to the server via API
• App waits for server response
• Displays success or error message

✅ From a BA perspective:
You must define:

• Which actions will trigger APIs

• What input fields are mandatory
• What output must be shown to the user
Business Analysis by Aman
✅ 2. API (Communication Layer / Middleware)
🔹 What is an API in Architecture?

The API is the communication bridge between the client and the server. It receives requests
from the client, sends them to the server, and returns the server’s response to the client.

🔹 Main Responsibilities of an API:

• Accept request from client

• Validate input data
• Check authentication & authorization
• Forward request to server logic
• Return response in a structured format (JSON/XML)

🔹 What API Carries:

• Request data (user input)

• Response data (server output)
• Status codes (success/failure)
• Error messages

✅ From a BA perspective, API must be clearly defined with:

• Endpoint URL
• Request parameters
• Headers & authentication
• Response structure
• Error handling rules

✅ 3. Server (Business Logic Layer)

🔹 What is a Server?

The server is the brain of the application. It contains the actual business logic and decision-
making rules.

🔹 Responsibilities of Server:

• Process API requests

• Apply business rules
• Perform calculations
• Validate business conditions
Business Analysis by Aman
• Call other internal/external services if required
• Decide what data to fetch or modify

🔹 Example:

• Check if user credentials are correct

• Validate account balance before payment
• Apply discounts and taxes in billing
• Decide order status (Placed / Shipped / Delivered)

✅ From a BA perspective:

• Business rules are documented in FRD

• Server ensures that rules are correctly executed
• BA validates the logic during UAT

✅ 4. Database (Data Storage Layer)

🔹 What is a Database?

The database is where actual data is permanently stored.

🔹 What Data is Stored:

• User details
• Orders
• Transactions
• Product information
• Reports & logs

🔹 Database Responsibilities:

• Store data safely

• Retrieve data when requested
• Maintain data integrity
• Backup & recovery

🔹 Important Point:

The client never directly accesses the database. All data access must go only through APIs &
server logic for security and control.

✅ From a BA perspective:
Business Analysis by Aman
• You must define:
o What data is stored
o Who can access it
o How frequently it is updated
o Retention and audit rules

✅ Complete End-to-End Example (Food Delivery App)

1. User opens the food app (Client)
2. User searches for a restaurant
3. App sends a request via API
4. Server receives the request
5. Server applies business rules (availability, location, time)
6. Server fetches menu from the database
7. Database returns the data to server
8. Server sends the response to API
9. API sends the response back to app
10. App displays menu to user

✅ This entire cycle happens within milliseconds using API architecture.

✅ Why This Architecture is Important for a Business

Analyst
Understanding this architecture helps a BA to:

• Identify integration points

• Document functional & non-functional requirements
• Define data flow diagrams (DFD)
• Capture security & performance requirements
• Communicate clearly with developers & testers
• Prevent data leaks and system failures

✅ Key Takeaways
• Client = User interface
• API = Communication bridge
• Server = Business logic
• Database = Data storage
• All communication flows through APIs only
• This architecture ensures:
Business Analysis by Aman
o Security
o Scalability
o Reliability
o Maintainability

4️ Types of APIs (For BA Understanding)

✅ 1. REST API (Most Common)

• Uses HTTP methods

• Data usually in JSON format
• Easy to use and widely adopted

✅ 2. SOAP API

• Uses XML
• More secure but complex
• Used in legacy banking systems

✅ 3. GraphQL API

• Client can request only required data

• Used in modern applications like Facebook

✅ 4. Internal & External APIs

• Internal API – used within organization

• External API – exposed to other companies

APIs are classified based on how they work, what technology they use, and who can access
them. As a Business Analyst, you must understand these types to properly define integration
requirements, security rules, and system dependencies.

✅ 1. REST API (Most Common & Widely Used)

🔹 What is a REST API?

REST (Representational State Transfer) API is the most popular and widely used API type
in modern applications. It is simple, lightweight, and works over the internet using standard web
protocols.
Business Analysis by Aman
🔹 Key Features of REST API:

• Uses HTTP methods:

o GET – Fetch data
o POST – Create data
o PUT / PATCH – Update data
o DELETE – Remove data
• Data is usually exchanged in JSON format
• Works over HTTPS
• Stateless (each request is independent)
• Easy to integrate with web & mobile apps

🔹 Where REST APIs Are Used:

• E-commerce applications
• Banking apps
• Mobile applications
• EdTech platforms
• CRM & ERP integrations
• Payment gateways

🔹 Example (Simple):

When you check order details in an app:

GET /api/orders/123

The system returns order data in JSON format.

✅ Why REST API is Important for a BA:

• Most real-time business integrations use REST

• Easy to document in FRD
• Easy to validate in UAT via Postman
• Supports scalability & performance
• Works perfectly for microservices architecture

✅ From a BA perspective: REST APIs are the default choice in most new projects.

✅ 2. SOAP API (Used in Legacy & High-Security Systems)

🔹 What is a SOAP API?
Business Analysis by Aman
SOAP (Simple Object Access Protocol) is an older, protocol-based API that uses strict rules
and XML format for data exchange.

🔹 Key Features:

• Uses XML format only

• Very strict structure
• Requires WSDL (Web Service Description Language)
• Supports advanced security standards
• More complex and heavier than REST
• Works over:
o HTTP
o SMTP
o TCP

🔹 Where SOAP APIs Are Used:

• Core banking systems

• Insurance systems
• Government systems
• Legacy enterprise applications

🔹 Example Use Case:

• Bank-to-bank fund transfer

• Core banking transaction processing
• Loan processing systems

✅ Why SOAP API is Important for a BA:

• Many banking & financial projects still use SOAP

• BA must understand:
o XML structure
o Request/response schema
o Error fault messages
• SOAP is preferred where:
o High security
o Transaction reliability
o Strict validation is required

✅ SOAP = More secure but more complex than REST.

✅ 3. GraphQL API (Modern & High-Performance)

Business Analysis by Aman
🔹 What is GraphQL?

GraphQL is a modern query-based API technology developed by Facebook. It allows the

client to request exactly the data it needs—nothing more, nothing less.

🔹 Key Features:

• Client controls what data is required

• Avoids over-fetching and under-fetching
• Uses a single endpoint
• Fast and efficient
• Ideal for complex UI & dashboards

🔹 REST vs GraphQL (Simple Comparison):

REST GraphQL
Multiple endpoints Single endpoint
Predefined responses Client-defined responses
Can return extra data Returns only required data

🔹 Where GraphQL is Used:

• Social media platforms

• Real-time dashboards
• Complex apps with many UI components
• Modern SaaS products

✅ Why GraphQL Matters for a BA:

• Reduces data load & performance issues

• Improves user experience
• Requires careful requirement definition
• BA must clearly define:
o What fields are required
o What data should be exposed
o Role-based access control

✅ GraphQL is powerful but needs strong requirement clarity.

✅ 4. Internal APIs & External APIs

APIs are also classified based on who uses them
Business Analysis by Aman
✅ A. Internal APIs (Private APIs)

🔹 What are Internal APIs?

• Used within an organization

• Not exposed to the public
• Used to connect internal systems

🔹 Examples:

• HR system → Payroll system

• CRM → ERP system
• Finance → Accounting system

🔹 Key Characteristics:

• High control
• Fewer security threats
• Designed for internal automation
• Faster development cycle

✅ BA Role in Internal APIs:

• Define inter-department data flow

• Identify system dependencies
• Ensure data consistency
• Align business processes across systems

✅ B. External APIs (Public APIs / Partner APIs)

🔹 What are External APIs?

• Exposed to outside organizations or third parties

• Used for business partnerships and integrations

🔹 Examples:

• Payment gateway APIs (Razorpay, Paytm)

• SMS & Email APIs
• Google Maps API
• Third-party KYC APIs
• Shipping partner APIs
Business Analysis by Aman
🔹 Key Characteristics:

• Strict security controls

• Authentication via:
o API Keys
o Tokens
o OAuth
• SLA & uptime commitments
• Usage limits (rate limiting)

✅ BA Role in External APIs:

• Define:
o What data is shared externally
o Security & authentication rules
o Error handling policies
o SLA expectations
• Handle:
o Vendor coordination
o UAT with third-party systems
o Production issues during integration

✅ External APIs carry higher business & security risk than internal APIs.

✅ Comparison Summary for Business Analysts

API Type Data Format Security Complexity Usage
REST JSON Medium Low Most modern apps
SOAP XML Very High High Banking & legacy
GraphQL JSON High Medium Modern & complex apps
Internal API Any Controlled Medium Internal system sync
External API Any Very High High Third-party integration

✅ Why Understanding These Types is Important for a BA

A Business Analyst must:

• Select the right API type based on business need

• Define integration scope clearly
• Address security, performance & compliance
• Avoid:
Business Analysis by Aman
o Data mismatch
o Integration failures
o Vendor dependency risks
• Ensure smooth UAT & production deployment

✅ One-Line Professional Summary

Understanding REST, SOAP, GraphQL, and Internal vs External APIs enables a Business
Analyst to accurately design, document, and manage system integrations in modern digital
projects.

5️ Key API Components

Component Meaning
Endpoint API URL
Method Type of operation
Headers Metadata (Auth, content type)
Body Data sent to server
Response Data received back
Status Code Result of request

6️ HTTP Methods (Very Important for BA)

Method Usage
GET Fetch data
POST Create new record
PUT Update full record
PATCH Update partial record
DELETE Delete record

7️ API Status Codes

Code Meaning
200 Success
201 Created
400 Bad Request
Business Analysis by Aman
Code Meaning
401 Unauthorized
403 Forbidden
404 Not Found
500 Server Error

As a BA, you must validate expected responses with developers & testers.

8️ API Request & Response Example

🔹 API Request:
GET /api/customers/101

🔹 API Response (JSON):

{
"customerId": 101,
"name": "Rahul Sharma",
"email": "rahul@[Link]",
"status": "Active"
}

As a BA, you must:

• Understand what fields are required

• Validate data format
• Confirm mandatory vs optional fields

9️ API Authentication Methods

Type Usage
API Key Simple authentication
OAuth 2.0 Used in Google, Facebook
Bearer Token Used in modern systems
Basic Auth Username & password

✅ BA must ensure security is mentioned in FRD & BRD.

10 Role of a Business Analyst in API Projects

Business Analysis by Aman
✅ BA Responsibilities in API Projects:

• Gather integration requirements

• Identify source & target systems
• Define data mapping
• Capture API functional requirements
• Document request/response format
• Validate edge cases
• Support UAT & regression testing

11 API in BRD vs FRD

🔹 In BRD:

• Business integration need

• High-level API purpose
• Stakeholders involved

🔹 In FRD:

• Detailed API flow

• Request & response fields
• Validation rules
• Error handling
• Security requirements

12 API Documentation (Swagger / Postman)

As a BA, you must be comfortable with:

• Swagger UI
• Postman

Used for:

• Viewing endpoints
• Testing API responses
• Validating business rules
• Sharing specs with stakeholders

13 API Testing from BA Perspective

You must validate:
Business Analysis by Aman
• Happy path scenarios
• Negative test cases
• Boundary values
• Authorization failures
• Data mismatch
• Timeout & performance issues

13 API Error Handling (For FRD)

Each API should define:

• Error code
• Error message
• Resolution steps

Example:

{
"errorCode": "INVALID_CUST_ID",
"message": "Customer ID does not exist"
}

15 API Data Mapping (Critical BA Skill)

You must map:

• Source field → Target field

• Data type
• Mandatory/Optional
• Transformation rule

Source
Target Field Type Rule
Field
mobile_no phoneNumber String Remove country code

16 API Performance & SLA (Professional Level)

APIs must define:

• Response time (e.g., < 2 seconds)

• Throughput
• Peak load capacity
• Downtime window
Business Analysis by Aman
These are part of Non-Functional Requirements (NFRs).

17 API Versioning
Example:

• /api/v1/customers
• /api/v2/customers

Used when:

• Business rules change

• New fields added
• Old clients still in use

18 API Security from BA View

• Data encryption (HTTPS)
• Token expiry
• Role-based access
• IP whitelisting
• Audit logs

19 Common API Use Cases for BA Projects

• Payment gateway integration
• SMS/Email notification system
• CRM to ERP integration
• Mobile app to backend
• Third-party analytics tools

20 API Interview Questions for Business Analyst

1. What is an API?
2. Difference between REST and SOAP?
3. Explain GET vs POST.
4. What is an endpoint?
5. What is 401 error?
6. What is API authentication?
7. How do you document APIs in FRD?
8. What is data mapping?
9. What is JSON?
10. What is API versioning?
Business Analysis by Aman

✅ Final Summary
• API is the backbone of system integration
• Every modern application depends on APIs
• A Business Analyst must understand APIs logically, not coding-wise
• Knowledge of:
o API flow
o Request & Response
o Data mapping
o Error handling
o Security
o Documentation
is mandatory for IT/Product roles