AboutBlogBusiness First AIFounder FreedomBook a conversation

What is an API? Why it matters for your business

May 9, 2026
Two colleagues at a desk looking at a documentation page on a laptop, one pointing at the screen, the other taking notes
TL;DR

An API is the contract one piece of software offers another: send a request in this format, get a structured answer back. In 2026 every SaaS vendor says they have one, but the claim is the start of the procurement conversation, not the end. The four questions worth asking are what it lets you do, what the rate limits are, what the authentication model is, and where the documentation lives. Vendors who answer cleanly built the API as a product. Vendors who deflect built it as marketing.

Key takeaways

- An API is a published contract for software-to-software calls, almost always HTTP requests in and JSON responses out, with the vendor's documentation as the binding spec. - "We have an API" is procurement noise on its own. The useful question is whether the API covers the integration you need, not whether one exists. - Pricing comes in three common shapes: per-call, per-token (the AI vendors), or included in your existing licence. The shape changes how you build, so confirm before you sign. - Most SME integration work in 2026 sits on top of well-designed APIs through Power Automate, Zapier, or Make, not bespoke code. The quality of the underlying API still decides whether the integration holds up. - The four questions to ask any vendor: what does it let me do, what is the rate limit ceiling, what is the authentication model, and is there a sandbox to test before signing.

A 30-staff insurance brokerage was choosing between two CRM platforms last quarter. Both salespeople volunteered “we have an API” inside the first thirty seconds of the demo. The brokerage’s IT advisor probed. Vendor A’s API was read-only, capped at 1,000 calls a minute, supported basic webhook events, and used OAuth. Vendor B’s API could read and write contacts, run workflows programmatically, handle bulk operations, and offered a 100,000-call-a-minute ceiling with API-key authentication and a documented webhook signing scheme.

Both vendors said they had an API. One had built it as a tickbox in a feature comparison sheet. The other had built it as a product. The brokerage chose vendor B not for the CRM itself, but for what the API made possible, which was the actual decision the procurement question had been trying to surface all along.

Many owners hear “we have an API” and assume something has been promised. The interesting work is what comes after that claim.

What is an API?

An API, short for Application Programming Interface, is a published contract one piece of software offers another. The vendor exposes endpoints (specific URLs), your software sends an HTTP request, and the vendor returns a structured response, almost always JSON. The documentation is the binding spec. Reading it is how you find out what the integration can actually do, not what the salesperson said it could.

The contract framing is the useful one for an SME owner. Stripe’s payments API, HubSpot’s CRM API, OpenAI’s Chat API and Microsoft Graph across the M365 stack all share the same shape. Send this request, get that response, with rate limits and authentication and error codes documented in advance. Public APIs commonly follow the REST convention, using HTTP verbs like GET and POST against resource URLs. Some larger vendors offer GraphQL, which lets you ask for exactly the fields you want in one call. For procurement purposes the difference rarely changes the decision. The right opening question is still “do you have a REST API and where is the documentation.”

Why does it matter for your business?

It matters because the API decides whether you can integrate the tool with the rest of your stack, or whether you are buying another silo. A growing services SME runs five to fifteen platforms. Without good APIs the data sits in islands and someone re-keys it weekly. With good APIs the systems talk in real time and the re-keying disappears.

The asymmetry is brutal. A vendor with a well-designed API and a plain-language documentation page lets you wire up a payment-to-accounting flow in an afternoon using Power Automate or Zapier. A vendor with a thin or undocumented API costs you weeks of bespoke development, or forces you to keep doing the manual reconciliation that the new tool was supposed to remove. Same monthly licence, very different total cost of ownership. The API quality is usually the bigger driver of that gap than the headline product features.

Where will you actually meet it?

You meet APIs in three places. The first is the vendor pitch, where the phrase “we have a comprehensive REST API” gets dropped into the demo. The second is the documentation page, which serious vendors publish openly and is the most honest signal of how the API is treated. The third is the no-code tools (Power Automate, Zapier, Make) that wrap APIs in pre-built connectors.

Three concrete patterns are doing a lot of the SME work in 2026. A Power Automate flow that watches a SharePoint folder, calls the Stripe API to look up the invoice, and emails the customer when the payment lands. A daily script that calls the Companies House API to refresh client records in the CRM. An AI-assisted support inbox that sends each ticket through the OpenAI or Anthropic Chat API with a knowledge-base snippet and drafts a reply for the agent to refine. None of these need a software product built. All three need the underlying APIs to be well designed, documented, and priced sensibly. (See also our explainers on API keys, OAuth, webhooks, and MCP, the four sibling concepts that show up around APIs in vendor pitches.)

When to ask vs when to ignore

Ask the four procurement questions any time the integration actually matters. What does your API let me do, read-only or read-write? What is the rate-limit ceiling and how do I raise it? What is the authentication model, OAuth or API keys? Where is the documentation, and is there a sandbox to test before signing? Vendors who answer cleanly have built the API as a product. Vendors who deflect, or who route you to a sales engineer for basic facts, are signalling that the API is closer to marketing than to engineering.

Ignore the API question entirely when there is genuinely no integration need. A standalone tool used by one person, a one-off internal utility, a system that will never need to share data with anything else, none of those benefit from an API conversation. The mistake is the opposite: assuming “we have an API” closes the integration question when in fact it has barely opened it. Treat the claim as a starting position. Read the documentation page, try the sandbox if there is one, and price the integration risk before signing.

Five terms cluster around APIs and vendor pitches use them interchangeably: API key, OAuth, webhook, SDK, and MCP. They are not synonyms, and knowing which is which lets you ask the right follow-up question rather than nodding through the demo. Each one names a different layer of the contract you are signing up to when you integrate with a vendor.

An API key is the long alphanumeric string that authenticates your software to the vendor’s API. Treat it like a password and never paste it into source code. OAuth is the more sophisticated authentication flow used when the API is acting on behalf of a specific user rather than your whole account. A webhook is the inverse of a normal API call: instead of you asking the vendor for updates, the vendor pushes events to a URL you provide, which is how Stripe tells you a payment cleared.

An SDK is a pre-written wrapper library that makes calling an API easier in a specific programming language. MCP, the Model Context Protocol, is the 2026 standard for letting AI agents discover and call tools, sitting one layer above traditional APIs. The underlying point is the same one that started this post. A published interface only becomes useful when you have read the contract behind it.

If you want a second pair of eyes on a vendor’s API documentation before you sign, book a conversation.

Sources

Stripe (2026). Stripe API reference. The canonical well-designed REST API for SME payments, cited as the procurement benchmark for documentation quality and idempotency support. https://docs.stripe.com/api OpenAI (2026). API reference and pricing. Cited for the per-token pricing model in generative AI APIs and the input/output token rate split. https://platform.openai.com/docs/api-reference Anthropic (2026). Claude API documentation. Cited as a peer per-token AI vendor API alongside OpenAI. https://docs.anthropic.com Microsoft (2026). Microsoft Graph REST API overview. Cited as the umbrella API across the Microsoft 365 stack and the procurement reference for vendors selling into Microsoft-shop SMEs. https://learn.microsoft.com/en-us/graph/overview HubSpot (2026). HubSpot CRM API overview. Cited for the freemium-tier and read-write CRM API pattern that mid-market SMEs encounter most often. https://developers.hubspot.com/docs/api/overview MDN Web Docs (2026). HTTP request methods. Plain-English reference for GET, POST, PUT, DELETE used in REST APIs, cited for the verb explanation. https://developer.mozilla.org/en-US/docs/Web/HTTP/Methods MDN Web Docs (2026). Working with JSON. Cited for the JSON-as-API-payload point and the human-readable structure example. https://developer.mozilla.org/en-US/docs/Learn/JavaScript/Objects/JSON GraphQL Foundation (2026). Introduction to GraphQL. Cited as the alternative to REST and the procurement-question framing. https://graphql.org/learn/ NCSC (2025). Securing your APIs and platform interfaces. UK National Cyber Security Centre guidance, cited for the API-key handling and authentication-model recommendations. https://www.ncsc.gov.uk/collection/mobile-device-guidance/using-built-in-platform-features/apis Microsoft (2026). Power Automate connectors reference. Cited as the no-code path through which most SMEs actually consume third-party APIs. https://learn.microsoft.com/en-us/connectors/connectors

Frequently asked questions

What is the difference between a REST API and a GraphQL API in plain English?

A REST API gives you separate URLs for each kind of data, and you call them one at a time using HTTP verbs like GET and POST. A GraphQL API gives you one URL and a small query language, so you ask for exactly the fields you need in a single call. REST is the 2026 default and the right starting question for SME procurement. GraphQL shows up in larger vendor stacks and changes the developer experience more than the buying decision.

Do I need a developer to use a vendor's API?

Often no. Power Automate, Zapier, and Make wrap most mainstream APIs in pre-built connectors, so an internal admin can build a working integration without writing code. You need a developer when the connector does not exist, when the logic is complex enough that drag-and-drop tools cannot express it, or when you are processing high volumes where the per-task cost of middleware adds up faster than custom code.

What does a vendor mean when they say their API has rate limits?

Every API caps how many requests you can make per minute or per hour, to stop one customer overwhelming the system. A small ceiling, say 60 calls a minute, is fine for an internal sync that runs overnight. It is not fine for a customer-facing workflow that fires on every page view. Ask the vendor what the ceiling is, what happens when you hit it, and how you raise it. The answer tells you whether the API was designed for production use or for demos.

Written by Dr Dave Heath, AI consultant and business strategist.

This post is general information and education only, not legal, regulatory, financial, or other professional advice. Regulations evolve, fee benchmarks shift, and every situation is different, so please take qualified professional advice before acting on anything you read here. See the Terms of Use for the full position.

Ready to talk it through?

Book a free 30 minute conversation. No pitch, no pressure, just a useful chat about where AI fits in your business.

Book a conversation

Related reading

A practice manager at a desk holding a printed proposal in one hand with an open laptop alongside

Zero-shot vs few-shot learning: when AI works on tiny data

A plain-English decision guide for UK SME owners. Start with zero-shot, escalate to few-shot if needed, and only consider fine-tuning if specific volume thresholds are crossed.

Two colleagues at an office table looking at a laptop dashboard with a printed quote beside them

What is AutoML? Why it matters for your business

AutoML automates the technical engineering of machine learning so a UK SME can build a churn or lead-scoring model in weeks for platform fees, not a £50,000 data science hire. A plain-English guide to what it does, where it pays back, and where it is genuinely the wrong tool.

A person at a desk reviewing two printed quotations side by side with a calculator and a notebook

What is edge AI? Why running AI locally matters for your business

A plain-English guide to edge AI. The architecture decision that changes who holds your client data, how fast your system responds, and whether the cloud bill keeps growing every quarter.

If any of this sounds familiar, let's talk.

The next step is a conversation. No pitch, no pressure. Just an honest discussion about where you are and whether I can help.

Book a conversation
AboutBlogBusiness First AIFounder FreedomContactBook a conversation
Privacy PolicyTermsCookie Policy

© 2026 Larocca Consulting Ltd