What's an API—and Why It's the On-Ramp for AI
An API is a defined contract between programs. It is how applications call hosted models and how tool-using systems reach other software.
An API—application programming interface—is a documented way for one program to ask another for data or an action. Think of a menu: it names valid requests, required inputs, and the shape of the result. The kitchen can change internally while the menu remains stable.
Many large commercial models are hosted by their providers. An application sends a request containing instructions and input, authenticates with an API key or another credential, and receives generated output. Usage is often metered in input and output tokens. The exact price, limit, and data policy depend on the provider and account.
Hosted APIs are not the only option. Open-weight models can run on hardware you control, and local runtimes often expose their own APIs so the rest of your application uses the same request-response pattern. “API” describes the interface, not where the model runs or who owns it.
APIs also let the model-facing application reach outward. With tool use, the application describes available functions—look up weather, search a database, create a calendar event. The model can request a function call with structured arguments. The application validates the request, checks permissions, performs the action if allowed, and returns the result to the model.
The model proposes a tool call. The surrounding software owns the credential, permission check, execution, and consequences.
This division matters for safety. A model cannot spend money or delete a file merely because it emitted those words; something with real access must carry them out. Good systems keep credentials outside the prompt, validate arguments, restrict tool scope, log actions, and require approval for consequential steps.
The Model Context Protocol is an open protocol for exposing tools and data to compatible AI applications. It can reduce custom integration work by standardizing discovery and message shapes. Adoption is growing, but MCP does not solve authentication, authorization, sandboxing, or trust by itself. A compatible server can still expose a dangerous tool, and a compatible host must still decide who may call it. 1
Once you see the layers, “the AI sent an email” becomes a concrete sequence: a model requested a tool call; the harness checked policy; an email service accepted authenticated parameters; the result returned to the model. Each boundary can be inspected and tested.
Evidence
Sources
- 1Model Context Protocol specification
Model Context Protocol · Documentation · checked 2026-07-13