Is CRUD functionality necessary for all APIs?


Is CRUD functionality necessary for all APIs?


The short answer is no, the better answer is sometimes.
When we think about APIs we either imagine a large server storing and providing tons of information for big companies, a service provided by an app that we use, or our local machine.
Well, there are many ways to have an API, but an API is not a server, although it can be stored in one.
An API is usually a way to communicate with a server, to extract and manipulate data. Services like Yelp, Spotify, Twitter, and many more, have their own APIs that do not only help the application on itself but allow developers like us to interact with that data and create our own apps with their help.

That said, C.R.U.D (Create, Read, Update, and Delete) functionality is not always needed. In case of a public API, that is a quite required structure, but it will have certain restrictions.

Yelp API, you can certainly Read, you can sometimes Create, depending on the endpoint, you could at times Update, and you will be restricted on what you can Delete.

The same way if you are building your own application. Maybe you do not want your user (for security reasons) to be able to delete an entry. Let’s say we are creating the next movie database, we have our /movies endpoint and so registered users can check all the movies and create a new movie entry for what is coming out this summer, they might have a typo somewhere sometimes so they are also able to update their entries, and they can set some movies as their favorites; if the user that created the movie entry was able to delete it, then the user that saved it as a favorite will not be able to find it anymore, therefore for that endpoint of /movies we will only need to have CRU without the D, for some other sections the user may only have R functionality if they see who entered the movie in the database, or if there are comments, they can only Read who the other user is.

So it is not necessary to have CRUD functionality at all times, it is an API pattern to follow, so it is wise to implement whenever it is safe to do so. I don’t think an artist would be very happy with Spotify if users could delete or update songs from their albums, but nobody cares if it is in the users own playlist.