APIs are the plumbing of modern products. If you don’t understand what’s flowing through the pipes, you can’t build or scale effectively.
APIs are the invisible connectors that power digital products. They allow different software systems to communicate, share data, and trigger actions without users seeing the complexity underneath. If you want to be a product manager in a tech company, understanding the types of APIs and how they work is fundamental to your job.
Your actual job is not to write code or build APIs yourself. It is to know which API type fits your product’s needs, how it affects your customer and partner experience, and how it shapes your roadmap and technical trade-offs.
The API is the business layer exposed to authorized parties
At its core, an API — Application Programming Interface — is a contract. It specifies how one piece of software can request data or actions from another. The API is the business layer access point exposed to authorized parties, whether internal teams, partners, or external developers.
Think of APIs as doors into your product’s backend. Some doors are open to the public, some are locked for internal use, some are shared with select partners, and others combine multiple services into one endpoint.
Understanding these distinctions is crucial for product decisions around security, scalability, and user experience.
The four main types of web APIs
Product managers often hear about APIs, but confusion arises because not all APIs serve the same purpose or audience. The four main types of web APIs are:
| API Type | Description | Who uses it? | Typical use case in India |
|---|---|---|---|
| Public API | Openly accessible to third-party developers. Designed to encourage external integration. | External developers, partners | Razorpay’s payment gateway API for merchants |
| Private API | Restricted to internal teams within the company. Used for internal system communication. | Internal developers, product teams | Flipkart’s internal inventory management API |
| Partner API | Shared with specific business partners under controlled access and agreements. | Select partners | Swiggy sharing order tracking API with vendors |
| Composite API | Combines multiple API calls into a single request, simplifying complex workflows. | Internal or external developers | Meesho’s composite API aggregating product and seller data |
Public APIs are your product’s handshake with the outside world. They must be robust, well-documented, and stable because third parties build on them.
Private APIs are the gears inside your product. They enable modularity and allow teams to build features independently. These APIs are not exposed outside the company and can evolve faster.
Partner APIs sit between public and private. They power integrations with trusted partners and often carry business logic tied to commercial agreements.
Composite APIs streamline user experiences by bundling multiple backend calls into one. This reduces latency and simplifies client-side logic, critical for mobile apps with limited bandwidth.
API protocols: SOAP, XML-RPC/JSON-RPC, and REST
Beyond types, APIs use different protocols to communicate. The three common protocols are:
| Protocol | Characteristics | When to use | Indian company examples |
|---|---|---|---|
| SOAP | XML-based, strict standards, built-in error handling | Enterprise applications, legacy systems | Banking APIs used by HDFC or ICICI |
| XML-RPC / JSON-RPC | Lightweight remote procedure calls using XML or JSON | Simple, stateless communication | Internal services at startups like PhonePe |
| REST | Resource-based, uses HTTP methods, JSON payloads | Web and mobile apps, modern APIs | Swiggy’s delivery tracking, Razorpay API |
SOAP was the dominant API protocol in the early 2000s, especially in banking and enterprise software. It is heavy but reliable, with standards for security and transactions.
XML-RPC and JSON-RPC are simpler remote procedure call protocols. They are used for lightweight communication where you want to invoke a method and get a response.
REST has become the industry standard for modern web APIs. It treats data as resources identified by URLs and uses HTTP verbs like GET, POST, PUT, DELETE. REST APIs are easy to consume and scale, making them the default choice for startups and consumer apps.
When you evaluate API options, the protocol choice impacts developer experience, performance, and integration complexity.
Content types and data formats in APIs
APIs exchange data in specific formats. The most common content types are:
- application/json — The de facto standard for REST APIs, easy to read and parse.
- application/xml — Used in SOAP and legacy systems.
- x-www-form-urlencoded — Common for simple form submissions or OAuth token requests.
Your product’s API design should consider the clients consuming it. Mobile apps prefer JSON for efficiency. Enterprise partners might require XML. Understanding this helps you set realistic expectations for your engineering team and partners.
Why API types matter for your product strategy
Choosing the right API type is not just a technical decision — it shapes your product’s ecosystem and user experience.
-
Public APIs enable third-party innovation. Razorpay’s public APIs allowed thousands of merchants to integrate payments seamlessly, creating a vast ecosystem. But public APIs also require you to think about versioning, backward compatibility, and security rigorously.
-
Private APIs allow your teams to move fast and build modular features. Flipkart’s internal APIs let different teams own catalog, pricing, and logistics independently, speeding up experimentation and iteration.
-
Partner APIs are critical in B2B and platform businesses. Swiggy’s partner APIs for restaurants enable real-time order updates and menu management, improving operational efficiency and partner satisfaction.
-
Composite APIs improve client performance and simplify complex workflows. Meesho’s composite APIs reduce the number of calls mobile apps need to make, crucial for users on slow or expensive networks.
As a PM, you will often face trade-offs: exposing more APIs publicly can drive growth but increases support and maintenance costs. Keeping APIs private maintains control but limits external innovation.
Integration examples from Indian products
India’s product ecosystem offers rich examples of API usage:
-
Razorpay built its brand on public APIs that allow merchants to embed payment gateways into websites and apps with minimal effort. This open approach created network effects and rapid adoption.
-
Swiggy uses partner APIs extensively to synchronize orders, delivery tracking, and menu updates with thousands of restaurant partners. These APIs are tightly controlled, ensuring data consistency and operational reliability.
-
Meesho leverages composite APIs to combine seller information, product catalog, and order status into single API calls. This reduces latency and data usage for their reseller community, many of whom use low-end smartphones on 2G or 3G networks.
-
Flipkart maintains a suite of private APIs for internal systems — inventory, pricing, logistics — enabling different teams to work independently while maintaining data integrity.
These examples show how API choices directly impact scale, reliability, and user experience.
The PM’s role in API strategy
Your actual job as a PM is to translate business goals into API strategy that balances openness, security, and performance.
This means:
- Understanding who needs access: internal teams, partners, external developers, or end users.
- Defining API scope: what data and actions are exposed, and under what conditions.
- Setting policies for authentication, authorization, and rate limiting to protect your platform.
- Prioritizing API features based on customer and partner impact.
- Coordinating with engineering and security teams to ensure APIs meet compliance requirements.
- Monitoring API usage and performance to identify opportunities and risks.
You do not need to know how to build the API, but you must understand how API decisions affect product roadmap, user experience, and business model.
Common pitfalls to avoid
-
Exposing too much through public APIs too soon. Early-stage startups often rush to open APIs hoping to attract developers. Without clear product-market fit, this wastes engineering effort and creates security risks.
-
Neglecting API documentation and developer experience. Even the best APIs fail if developers can’t understand or integrate them easily. Razorpay’s success owes much to its clear, comprehensive docs.
-
Mixing API protocols without a clear strategy. Using SOAP, REST, and RPC randomly causes confusion and maintenance headaches.
-
Ignoring API versioning and backward compatibility. Changing APIs without proper versioning breaks integrators and damages trust.
Supporting media: Talvinder on APIs
Field exercise: Map your product’s API landscape (10 min)
Pick a product you use regularly — it could be Flipkart, Swiggy, or any SaaS tool you know. Write down:
- Which APIs do you think are public, private, partner, or composite?
- What protocols (REST, SOAP, RPC) might they be using?
- How do these APIs affect the user experience or partner integrations?
- What trade-offs might the product team have made in exposing or hiding APIs?
This exercise builds your intuition for how APIs shape product ecosystems.
Test yourself: The API integration decision
You are the PM at a Series B SaaS startup in Bangalore building an invoicing product. Your engineering lead proposes opening a public REST API for invoice creation and status retrieval, but the security team warns about data leaks. You also have a few large customers asking for partner APIs with more granular access controls. The CTO wants to ship the public API within 3 months to attract integrations.
The call: How do you balance the demand for a public API with security concerns and partner needs? What is your recommended approach and timeline?
Your reasoning:
Where to go next
- Understand API design principles and best practices: API Design for Product Managers
- Learn how to build integration roadmaps: Integration Strategy and Partner Ecosystems
- Explore security fundamentals for PMs: Security and Compliance Basics
- Master product analytics for APIs: Measuring API Usage and Impact
- Prepare for technical interviews: Product Manager Technical Interview Prep
PL alumni now work at Flipkart, Razorpay, Swiggy, PhonePe, Amazon, and 30+ other companies.