← All pathways

How APIs Actually Work

Past curl and Postman to what is really happening on the wire.

You use APIs every day but the under-the-hood picture stays fuzzy: what an endpoint really is, where the front-end/back-end line sits, and how it all gets secured. This pathway walks from the core concept, to how an endpoint is exposed and protected, to seeing it live in your terminal.

You can already call an API — what's missing is the model underneath. This route follows one thing, a request, from what it fundamentally is, through how it travels and gets secured, to watching it happen in your own terminal. Ten lessons across three sites, in order; each stands alone, but together they close the loop.

10 steps live · 3 sites

What you'll be able to do

→Explain what an API really is — a contract, not code — and where the front-end/back-end line actually falls.
→Trace a request end to end: DNS, ports, TLS termination, the gateway, and the handler that answers.
→Reason about API security the way production does: tokens, the authentication/authorization split, and mTLS as the default.
→Inspect real traffic with curl -v and the browser network tab — and read what you find.

The route

01

Start with the contract

What an API really is, and the two roles every request is built from.

2 lessons

02

Follow a request

How a request reaches your code, what it carries, and how to watch it travel.

4 lessons

03

Expose it safely

Identity, encryption, and the front door that guards an endpoint in production.

4 lessons

04

Go deeper

The design decisions you can't take back once clients depend on you.

1 lesson

01

Start with the contract

What an API Actually Is

Computer Science · Essentials

An API is a contract, not a tool. Start here and the rest follows.

Client and Server: The Request/Response Lifecycle

Computer Science · Efficiency

Trace one request end to end and the front/back-end fog lifts.

02

Follow a request

From URL to Endpoint: How an API Gets Exposed

Networking · Essentials

What "expose an endpoint" really means: DNS, ports, and binding.

Why HTTP APIs Forget You: Statelessness

Computer Science · Efficiency

Why every request re-introduces itself — and where state lives.

Anatomy of an HTTP Request and Response

Computer Science · Efficiency

Methods, status codes, headers, body — the contract in detail.

Seeing API Traffic: curl -v and the Network Tab

Dev Tools · Essentials

Watch the anatomy you just learned on real, live traffic.

03

Expose it safely

Authentication vs Authorization in APIs

Computer Science · Efficiency

Who you are vs what you may do — and where each check happens.

HTTPS for APIs: Where the Connection Gets Secured

Networking · Essentials

TLS termination: where encryption actually stops in production.

Reverse Proxies and API Gateways

Networking · Efficiency

The front door that owns the public address and guards your services.

CORS Explained: The Front-End/Back-End Border

Networking · Efficiency

The browser rule that makes APIs "work in curl but not the app."

04

Go deeper

11

API Design Principles: REST, Idempotency, Versioning

coming soonComputer Science · Mastery

The decisions you cannot take back once clients depend on you.