Every time you open a mobile app, load a website, or click a button that fetches data, an API request is happening behind the scenes.
But what actually happens between clicking a button and seeing data appear on your screen?
In this guide, we'll walk through the complete API request lifecycle—from the client sending a request to the server returning a response.
What is an API?
API stands for Application Programming Interface.
An API acts as a messenger between:
- Client Applications
- Backend Servers
- Databases
- Third-Party Services
Example
When you open a banking app and view your account balance:
Mobile App
│
▼
API Server
│
▼
Database
The API retrieves data and sends it back to the application.
Step 1: Client Initiates the Request
The process begins when a user performs an action.
Examples:
- Opening a webpage
- Clicking a button
- Refreshing a dashboard
- Logging into an application
Example Request
GET https://api.example.com/users/42
The client prepares:
- HTTP Method
- URL
- Headers
- Authentication Token
- Request Body (if needed)
Example:
GET /users/42
Authorization: Bearer TOKEN
Accept: application/json
At this point, nothing has left the user's device yet.
Step 2: DNS Lookup
Computers communicate using IP addresses, not domain names.
The browser must first resolve:
api.example.com
into:
93.184.216.34
DNS Process
Browser
│
▼
DNS Resolver
│
▼
IP Address
DNS results are usually cached to improve performance.
Step 3: TCP Connection and TLS Handshake
Once the IP address is known, the client establishes a connection.
TCP Handshake
Client → SYN
Server → SYN-ACK
Client → ACK
This creates a reliable connection.
TLS Handshake
For HTTPS websites:
Client
│
▼
TLS Negotiation
│
▼
Encrypted Connection
TLS provides:
- Encryption
- Authentication
- Data Integrity
This protects sensitive information from attackers.
Step 4: Send the HTTP Request
After a secure connection is established, the request is transmitted.
Example:
GET /users/42 HTTP/2
Host: api.example.com
Authorization: Bearer TOKEN
Request Components
| Component | Description |
|---|---|
| Method | GET, POST, PUT, DELETE |
| URL | Endpoint |
| Headers | Metadata |
| Body | Data payload |
| Token | Authentication |
Step 5: API Server Receives the Request
The server receives the request and begins processing.
Server Tasks
- Validate request
- Authenticate user
- Check permissions
- Route request
- Execute business logic
Example:
Route::get('/users/{id}', [UserController::class, 'show']);
Laravel routes the request to:
UserController@show
Step 6: Query the Database
Most APIs need data from a database.
Example Query
SELECT *
FROM users
WHERE id = 42;
Workflow:
API Server
│
▼
Database
│
▼
Result
Returned Data:
{
"id": 42,
"name": "John Doe",
"email": "john@example.com"
}
Step 7: Build the HTTP Response
After processing the data, the server creates a response.
Example:
{
"id": 42,
"name": "John Doe"
}
Server returns:
HTTP/1.1 200 OK
Content-Type: application/json
Response Contains
- Status Code
- Headers
- Response Body
- Cache Information
Common HTTP Status Codes
Success Responses
| Code | Meaning |
|---|---|
| 200 | OK |
| 201 | Created |
| 204 | No Content |
Client Errors
| Code | Meaning |
|---|---|
| 400 | Bad Request |
| 401 | Unauthorized |
| 403 | Forbidden |
| 404 | Not Found |
Server Errors
| Code | Meaning |
|---|---|
| 500 | Internal Server Error |
| 502 | Bad Gateway |
| 503 | Service Unavailable |
Step 8: Client Receives and Renders Data
The response travels back through the encrypted TLS connection.
Example:
fetch('/api/users/42')
.then(response => response.json())
.then(data => {
console.log(data);
});
The browser:
- Parses JSON
- Updates the UI
- Displays data to the user
Result:
User Profile Loaded Successfully
Complete API Request Workflow
1. Client Request
│
▼
2. DNS Lookup
│
▼
3. TCP/TLS Handshake
│
▼
4. HTTP Request
│
▼
5. API Server
│
▼
6. Database Query
│
▼
7. HTTP Response
│
▼
8. Client Renders Data
API Authentication with Bearer Token
Most modern APIs use JWT tokens.
Example:
Authorization: Bearer eyJhbGciOiJIUzI1Ni...
Workflow:
Client
│
▼
JWT Token
│
▼
API Validation
│
▼
Authorized Access
Benefits:
- Secure
- Stateless
- Scalable
REST API vs GraphQL
REST
GET /users/42
Response:
{
"id": 42,
"name": "John"
}
Advantages
- Easy to understand
- Widely adopted
- Cache-friendly
GraphQL
Query:
{
user(id: 42) {
name
}
}
Advantages
- Fetch exactly what you need
- Reduce over-fetching
- Flexible querying
API Performance Optimization
1. Caching
Store frequently requested data.
Client
│
▼
Cache
│
▼
Server
Examples:
- Redis
- CDN
- Browser Cache
2. Pagination
Instead of:
GET /users
Use:
GET /users?page=1&limit=20
3. Rate Limiting
Prevent abuse:
100 Requests / Minute
Laravel Example:
RateLimiter::for('api', function () {
return Limit::perMinute(100);
});
Real Example in Laravel
Route:
Route::get('/users/{id}', [UserController::class, 'show']);
Controller:
public function show($id)
{
$user = User::findOrFail($id);
return response()->json($user);
}
Response:
{
"id": 42,
"name": "John Doe"
}
Conclusion
Every API request follows a structured journey:
Client → DNS → TCP/TLS → HTTP Request → API Server → Database → HTTP Response → Client Rendering
Understanding this workflow helps developers build faster, more secure, and scalable applications. Whether you're working with Laravel, Node.js, Python, Java, or Go, the core API process remains fundamentally the same.
